December 2025 Patch Tuesday brings a moderate set of updates across Microsoft systems — including Windows 10 ESU, fixes for XAML-dependent app behavior, .LNK vulnerability handling, and Outlook–Excel attachment reliability.

Chrome, Firefox, and Adobe updates expected as well.

Source: https://www.helpnetsecurity.com/2025/12/08/december-2025-patch-tuesday-forecast-and-its-a-wrap/

What are you watching most closely this month?
Follow us for continued Patch Tuesday coverage.

#Cybersecurity #PatchTuesday #Infosec #Microsoft #CVE #VulnerabilityManagement #WindowsSecurity #SecOps #ThreatIntel #SecurityUpdates

We often find built-in Windows defences disabled or misconfigured during assessments. Those same controls can help stop credential theft, boot-level malware, and memory attacks when properly configured.

In our latest blog post, Nicole walks through five Windows security features you should be using, explains what they do, why they matter, and how to check them on your systems.

📌https://www.pentestpartners.com/security-blog/the-built-in-windows-security-features-you-should-be-using/

#windowssecurity #incidentresponse #endpointsecurity #cybersecurity #dfir

ASUS has patched a high-severity local privilege escalation flaw (CVE-2025-59373) in MyASUS that allowed elevation to NT AUTHORITY/SYSTEM via the System Control Interface Service. Patch now shipped through Windows Update with updated versions for x64 and ARM.

Full details:
https://www.technadu.com/asus-fixes-high-severity-myasus-vulnerability-that-allows-privilege-escalation-to-system-level-access/614620/

#infosec #vulnerability #ASUS #WindowsSecurity #patchmanagement #CVE2025

ClickFix operators are now using fake full-screen “Windows Update” pages to push victims into running malicious commands. Combined with steganographic loaders and in-memory execution, these campaigns continue to evolve.

What detection or user-training approach do you think works best today?

Source: https://www.helpnetsecurity.com/2025/11/25/fake-windows-update-screen-clickfix/

Follow @technadu for ongoing threat-intel breakdowns and practical defense insights.

#Infosec #ThreatIntel #ClickFix #EDR #CyberHygiene #MalwareTrends #SecurityOps #WindowsSecurity #InfoStealer

The decades-old Finger protocol is being abused in new ClickFix malware campaigns. Attackers are using Finger to pull remote commands onto Windows systems, leading to Python-based malware or NetSupport RAT infections. Newer variants even check for analysis tools before execution.

Anyone else seeing Finger traffic or legacy protocol misuse recently?
Follow for more updates.

#Malware #ClickFix #InfoSec #ThreatIntel #WindowsSecurity #CyberSecurity #RAT #LegacyProtocols #DefensiveSecurity

Three Windows GDI flaws - including critical CVE-2025-53766 - could allow RCE or data leaks.
Patched across May–Aug 2025 updates.
Stay updated.
https://www.technadu.com/windows-gdi-flaws-expose-systems-to-critical-threats-including-rce-and-data-leaks/612505/

#WindowsSecurity #CVE #RCE #InfoSec

The ULTIMATE Windows Privacy & Security Guide!

https://techlore.tv/w/gMiridfL1LHsto1DnRtd5N

Qilin ransomware just upped its game—using Windows’ Linux subsystem to sneak past defenses. Could your system be the next target? Dive into how attackers are blurring the lines between OSes to fly under the radar.

https://thedefendopsdiaries.com/qilin-ransomwares-wsl-exploit-a-new-hybrid-threat-to-windows-security/

#qilinransomware
#wslsecurity
#hybridthreats
#windowssecurity
#linuxransomware