TheCyberThrone

The CISO at the CrossRoads – From 2025 Fatigue to 2026 Resilience

Cybersecurity leadership reached an inflection point in 2025. CISOs were asked to absorb expanding digital risk while operating in environments optimized for speed, not control. The resulting strain was not…

PravinKarthik December 13, 2025

CISA adds Chrome ans Sierra Bugs to KEV Catalog

CISA has added two high‑impact vulnerabilities—CVE‑2025‑14174 in Google Chromium and CVE‑2018‑4063 in Sierra Wireless AirLink ALEOS—to the Known Exploited Vulnerabilities (KEV) catalog after confirming active exploitation in the wild. Under…

PravinKarthik December 13, 2025

GeoServer CVE-2025-58360 added to CISA KEV

Why this vulnerability matters CVE-2025-58360 is a recently disclosed XML External Entity (XXE) vulnerability in OSGeo GeoServer that has now been added to the CISA Known Exploited Vulnerabilities (KEV) catalog,…

PravinKarthik December 12, 2025

CISSP

CISSP Executive Briefing: Secure Software Development Lifecycle

1. Expanded Executive Summary The business increasingly competes through software—mobile apps, APIs, cloud-native services, data platforms, and AI-driven applications. This speed creates value but also compounds exposure. Traditional security practices,…

PravinKarthik December 11, 2025

Google Fixes two Medium Severity Bugs in Chrome

Google Chrome recently addressed two medium-severity vulnerabilities, CVE-2025-14372 and CVE-2025-14373, in its Stable channel update to version 143.0.7499.109, released around December 9-10, 2025. These flaws affect browsers prior to this…

PravinKarthik December 11, 2025

Fortinet Critical Bugs CVE-2025-59718 and CVE-2025-59719

Fortinet recently disclosed two critical authentication bypass vulnerabilities in its FortiCloud SSO login feature, tracked as CVE-2025-59718 and CVE-2025-59719. These flaws allow unauthenticated attackers to gain full administrative access via…

PravinKarthik December 11, 2025

CVE-2025-6218 and CVE-2025-62221 Hit CISA KEV

CISA has added CVE-2025-6218 and CVE-2025-62221 to its Known Exploited Vulnerabilities (KEV) catalog, signaling active real-world exploitation and immediate remediation requirements for federal agencies and private sector organizations. These flaws…

PravinKarthik December 10, 2025

Microsoft Patch Tuesday December 2025

Microsoft’s final Patch Tuesday of 2025, released on December 9, addresses approximately 56-57 vulnerabilities across Windows, Office, Exchange, and related components, including three zero-days and several Critical remote code execution…

PravinKarthik December 10, 2025