News - UZCERT xizmati

Computer Emergency
Response Team

News

Critical Vulnerability Discovered in Ivanti Neurons for ITSM Platform: Attackers Can Gain Administrator Privileges

Managing IT infrastructure and automating service processes have become an inseparable part of the modern corporate environment. Since such systems occupy a central role in the day-to-day operations of organizations, any security flaw within them can lead to serious consequences.…

News

500,000+ WordPress Sites at Risk: Critical Kirki Plugin Vulnerability Enables Full Administrator Account Takeover

WordPress powers over 40% of the internet — and that dominance makes it a prime target for cybercriminals. The latest threat, now tracked as CVE-2026-8206, is one of the most severe vulnerabilities discovered in the WordPress ecosystem in recent memory,…

News

Oracle WebLogic Server CVE-2024-21182: CISA Confirms Active Exploitation — What You Need to Do Now

Enterprise software platforms are among the most valuable targets in cybercrime. They sit at the heart of banks, government agencies, insurance companies, and Fortune 500 infrastructures — which means a single unpatched vulnerability can cascade into a full-scale organizational breach.…

News

Top 10 GPT Models of 2026 for Cybersecurity Professionals

A New Era for Hackers, Pentesters, and Security Analysts The rapid development of artificial intelligence technologies is fundamentally transforming the field of cybersecurity. By 2026, specialized models based on GPT (Generative Pre-trained Transformer) have not only accelerated information analysis, but…

News

CISA KEV Catalog Expands: Sharp Increase in Actively Exploited Vulnerabilities in 2025

In recent years, cybersecurity has become one of the most pressing global challenges. Vulnerabilities that are actively exploited in real-world attacks pose the greatest risk to organizations. In this context, the Known Exploited Vulnerabilities (KEV) Catalog maintained by the U.S.…

News

Bypassing TCC Protection in macOS: User Data at Risk

Apple’s macOS operating system is known for one of the strongest mechanisms for protecting user privacy — the Transparency, Consent, and Control (TCC) system. This mechanism restricts applications from accessing the microphone, camera, documents, screen recordings, and other sensitive data…

News

Dangerous Vulnerabilities in Adobe Acrobat and Reader: Risk of Full System Compromise

December 2025 — Adobe has released emergency security updates for its Acrobat and Reader products. According to Security Bulletin APSB25-119, several vulnerabilities have been identified—some of which may allow attackers to execute arbitrary code remotely or without user interaction, while…

News

A Critical Vulnerability Discovered in Windows Defender Firewall

On December 9, 2025, Microsoft officially announced a significant vulnerability — CVE-2025-62468 — identified in the Windows Defender Firewall Service. This flaw allows a user with elevated privileges to read certain portions of system memory (heap memory) without authorization. The…

News

Critical SSO Flaw in the Fortinet Ecosystem: Unauthorized Administrator-Level Access via FortiCloud Identified

On December 9, 2025, Fortinet issued an emergency warning regarding a serious security vulnerability discovered in several of its products, including FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, and others. According to official information, the flaw allows attackers to bypass FortiCloud Single Sign-On…

News

A 0-Day Vulnerability in Windows Allowing SYSTEM Privilege Escalation Has Been Disclosed

On December 9, 2025, Microsoft released emergency security updates addressing a critical 0-day vulnerability — CVE-2025-62221 — discovered in Windows systems. The flaw was found in the Cloud Files Mini Filter Driver (cldflt.sys), a kernel-level driver, and allows attackers to…