RadioCSIRT English Edition – Your cybersecurity News for Monday, December 15, 2025 (Ep.51)

カートのアイテムが多すぎます

ご購入は五十タイトルがカートに入っている場合のみです。

カートに追加できませんでした。

しばらく経ってから再度お試しください。

ウィッシュリストに追加できませんでした。

しばらく経ってから再度お試しください。

ほしい物リストの削除に失敗しました。

しばらく経ってから再度お試しください。

ポッドキャストのフォローに失敗しました

ポッドキャストのフォロー解除に失敗しました

RadioCSIRT English Edition – Your cybersecurity News for Monday, December 15, 2025 (Ep.51)

無料で聴く

ポッドキャストの詳細を見る

このコンテンツについて

Welcome to your daily cybersecurity podcast.

Horizon3.ai exposes three critical FreePBX vulnerabilities. The most severe, CVE-2025-66039 scored 9.3, enables complete authentication bypass via simple forged Authorization header. Two additional flaws provide SQL injection and PHP web shell upload for remote code execution. Patches available but require manual CLI configuration and audit of instances exposed before September.

New BreachForums avatar claims major intrusion on French Interior Ministry infrastructure. Actor "Indra" asserts exfiltration of police databases TAJ and FPR with ransom demand under one-week deadline. Place Beauvau confirms email compromise and business application access. Emergency deployment of systematic two-factor authentication and password rotation. Investigation assigned to Anti-Cybercrime Office.

BleepingComputer reveals how scammers hijacked PayPal infrastructure to send legitimate emails from service@paypal.com. Exploitation of "pause subscription" feature bypassed all spam filters enabling large-scale tech support scam campaigns. PayPal confirms loophole closure following investigation.

CERT-FR issues advisory CERTFR-2025-AVI-1111 for Roundcube Webmail. Multiple XSS vulnerabilities affect versions prior to 1.5.12 and 1.6.12, enabling remote code injection and data confidentiality breach. Patches available since December 13 with immediate application recommended for all exposed webmail instances.

Don't think, just patch!

Sources:
FreePBX: https://thehackernews.com/2025/12/freepbx-authentication-bypass-exposed.html
Interior Ministry: https://www.zdnet.fr/actualites/lattaque-informatique-contre-le-ministere-de-linterieur-revendiquee-par-un-nouvel-avatar-de-breachforums-486636.htm
PayPal: https://www.malwarebytes.com/blog/news/2025/12/paypal-closes-loophole-that-let-scammers-send-real-emails-with-fake-purchase-notices
Roundcube: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1111/

Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtintl.substack.com

まだレビューはありません