Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database exposing users’ email addresses and profile information.

The disclosure follows widespread reports over the past four days from users who were unable to access SoundCloud when connecting via VPN, with attempts resulting in the site displaying 403 “forbidden” errors.

In a statement shared with BleepingComputer, SoundCloud said it recently detected unauthorized activity involving an ancillary service dashboard and activated its incident response procedures.

Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service.

RasMan is a critical Windows system service that starts automatically, runs in the background with SYSTEM-level privileges, and manages VPN, Point-to-Point Protocol over Ethernet (PPoE), and other remote network connections.

ACROS Security (which manages the 0patch micropatching platform) discovered a new denial-of-service (DoS) flaw while looking into CVE-2025–59230, a Windows RasMan privilege escalation vulnerability exploited in attacks that was patched in October.

Google is discontinuing its “dark web report” security tool, stating that it wants to focus on other tools it believes are more helpful.

Google’s dark web report tool is a security feature that notifies users if their email address or other personal information was found on the dark web.

After Google scans the dark web and identifies your personal information, it will notify you where the data was found and what type of data was exposed, encouraging users to take action to protect their data.

Apple fixes two exploited WebKit bugs targeting specific users, issuing security updates across iOS, macOS, and Safari.

Google issues a Chrome update to fix actively exploited issue 466192044 and other confirmed 2025 security flaws.

SAP has released its December security updates addressing 14 vulnerabilities across a range of products, including three critical-severity flaws.

The most severe (CVSS score: 9.9) of all the issues is CVE-2025–42880, a code injection problem impacting SAP Solution Manager ST 720.

“Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module,” reads the flaw’s description.

Microsoft releases Windows 10 KB5071546 extended security update.

https://www.bleepingcomputer.com/news/microsoft/microsoft-re…ty-update/

#

---

Microsoft’s December 2025 Patch Tuesday fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities.