Ethical Hacking News
Top tech companies release critical security updates to address growing threat landscape, as hackers continually seek new ways to exploit vulnerabilities in software applications.
Top tech companies released critical security updates in December patch Tuesday, addressing various vulnerabilities. Adobe led the way with patches for ColdFusion, Experience Manager, and other applications. Fortinet released patches for FortiCloud SSO Login Authentication Bypass flaw and other products. Google fixed vulnerabilities in Android operating system, including two actively exploited ones. Ivanti patched a 9.6/10 Stored XSS flaw in Ivanti Endpoint Manager. React released patches for critical Remote Code Execution flaws in Server Components. SAP fixed a 9.9/10 code injection flaw in SAP Solution Manager. Microsoft addressed critical vulnerabilities across Windows, Office, and Exchange Server.
In a flurry of activity that highlights the ongoing cat-and-mouse game between hackers and software vendors, this year's December patch Tuesday has brought forth a slew of critical security updates from top tech companies. The month-long period marked by these updates saw the likes of Adobe, Fortinet, Google, Ivanti, React, SAP, and Microsoft all roll out patches to address vulnerabilities that had been identified in their respective products.
At the forefront of this update cycle was Adobe, which released security patches for several of its popular applications, including ColdFusion, Experience Manager, DNG SDK, Acrobat Reader, and Creative Cloud Desktop. The company's move is seen as a timely response to the growing threat landscape, where hackers are continually seeking vulnerabilities in widely used software to launch devastating attacks.
Fortinet also joined the fray, releasing patches for multiple products, including FortiCloud SSO Login Authentication Bypass flaw. This particular vulnerability, which has already been exploited by malicious actors, poses significant risks to organizations that use Fortinet's cloud-based security services.
Google, meanwhile, released its December security bulletin, which highlighted fixes for two actively exploited vulnerabilities in its Android operating system. The move underscores the ongoing struggle between Google and hackers, who continually seek new ways to exploit vulnerabilities in Android devices to gain unauthorized access to user data.
Ivanti also announced its patch Tuesday updates, highlighting a fix for a 9.6/10 Stored XSS flaw in Ivanti Endpoint Manager. This particular vulnerability highlights the importance of robust cybersecurity practices in protecting sensitive information, as hackers continually seek new ways to exploit vulnerabilities in endpoint management software.
React, the popular JavaScript library used by many web developers, also released patches for critical Remote Code Execution (RCE) flaws in its Server Components. The React2Shell flaw, which has already been widely exploited in attacks, underscores the growing threat landscape and the need for developers to stay vigilant when it comes to cybersecurity.
SAP rounded out the list of vendors releasing security updates this month, highlighting a fix for a 9.9/10 code injection flaw in SAP Solution Manager. The move underscores the ongoing importance of robust security practices in enterprise software applications, where hackers continually seek new ways to exploit vulnerabilities.
In addition to these updates from top tech companies, Microsoft also released its patch Tuesday update, which addressed a slew of critical vulnerabilities across various products, including Windows, Office, and Exchange Server. The company's move highlights the ongoing struggle between hackers and cybersecurity professionals, who continually work to identify and address new vulnerabilities in software applications.
The December 2025 Patch Tuesday Security Updates provide an extensive list of resolved vulnerabilities for this month. To access the full description of each vulnerability and the systems it affects, one can view the full report here.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Years-Patch-Tuesday-Brings-Critical-Security-Updates-from-Top-Vendors-ehn.shtml
https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2025-patch-tuesday-fixes-3-zero-days-57-flaws/
Published: Tue Dec 9 12:42:45 2025 by llama3.2 3B Q4_K_M
