Feed aggregator

DELAWARE, Ohio (WCMH) — A Delaware man missing since March has reportedly been found dead in a car submerged in a large body of water. According to Chaos Divers, 21-year-old Trenton Rollins was found dead after a vehicle was pulled out of Hoover Reservoir, located northeast of Westerville and south of Galena. In efforts to [...]

COLUMBUS, Ohio (WCMH) -- As Ohio State begins to rest and prepare for the Cotton Bowl on New Year's Eve, its quarterback will pack his bags to head to the Big Apple. Julian Sayin will be in New York starting Friday as one of the four finalists for this year's Heisman Trophy, which will be [...]

OBETZ, Ohio (WCMH) – A former auto body garage has found new life as a coffee shop in Obetz. Grumpy’s Coffee Garage began welcoming customers at 5210 Groveport Road on Dec. 1. The building previously housed a custom motorcycle repair shop named Grumpy’s. Ben Winkler owns the coffee shop alongside his brother-in-law, Corey Zeller. Winkler, [...]

COLUMBUS, Ohio (WCMH) -- Anduril, the defense weapons manufacturer behind the largest single-site job creation investment in Ohio history, is responding to reports of drone failures in testing and abroad. A report from Reuters drew attention to Anduril after highlighting sudden drone failures and setbacks in Ukraine, where Anduril weaponry is being used during the [...]

COLUMBUS, Ohio (WCMH) -- Ohio lawmakers are renewing an effort to restrict which flags may be displayed on state-owned buildings, months after Gov. Mike DeWine partially vetoed a similar measure in the state budget. House Bill 602, introduced in November by Reps. D.J. Swearingen (R-Huron) and Rodney Creech (R-Alexandria), would limit state agencies to flying [...]

COLUMBUS, Ohio (WCMH) – The Ohio Attorney General’s Office has agreed to look into the 2006 homicide of 8-year-old Mackenzie Branham, according to Fayette County Prosecutor Jess Weade.  In October, Weade referred the case to the Ohio Attorney General’s Special Prosecutors Unit, which consists of experienced attorneys who help investigate and prosecute local cases. The [...]

WHITEHALL, Ohio (WCMH) -- A Whitehall City councilmember, one day after being arrested on allegations of child sexual misconduct, was sworn into office at a council meeting Tuesday amid calls for his resignation. Within 24 hours, Whitehall City Councilman Gerald Dixon was arrested on felony charges of gross sexual imposition and compelling prostitution, spent the [...]

COLUMBUS, Ohio (WCMH) -- The CROWN Act. The RURAL Act. The Big, Beautiful Bill. Politicians create specific names, often with complex acronyms, when writing legislation. It's no coincidence; politicians said it's worth taking a minute to title bills in a way that conveys their intent and is memorable for constituents. "There's hundreds of bills that [...]

A devastating new React vulnerability earned a "perfect 10" for risk, letting attackers remotely run code on a million-plus servers with a single HTTP request. Find out what happened, how fast attackers moved in, and why this bug changes everything for web security.

• France's VanityFair face a stiff fine over cookies.
• GrapheneOS pulls out of France over coercion worries.
• The EU adds to the pile-on over underage social media.
• India mandates the tracking of all smartphones.
• Apple says no.
• India abandons its smartphone tracking mandate.
• India requires all encrypted messaging to be SIM-tied.
• Scattered Lapsus$ Hunters --becomes--> SLH.
• AI demand has driven RAM pricing sky high.
• GRC's DNS Benchmark is finished and available.
• Cisco may talk a good game, but they're still Cisco.
• Browsers to ask users for local network access permission.
• React: The worst remote code exploit in a LONG time.

Show Notes - https://www.grc.com/sn/SN-1055-Notes.pdf

Hosts: Steve Gibson and Leo Laporte

Download or subscribe to Security Now at https://twit.tv/shows/security-now.

You can submit a question to Security Now at the GRC Feedback Page.

For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free audio and video feeds, a members-only Discord, and exclusive content. Join today: https://twit.tv/clubtwit

Sponsors:

• 1password.com/securitynow
• veeam.com
• bigid.com/securitynow
• zscaler.com/security
• hoxhunt.com/securitynow

COLUMBUS, Ohio (WCMH) – It appears that the Columbus Promise program could end up being a broken promise. Columbus Promise is a joint initiative for the City of Columbus and Columbus State University that guarantees graduates of the Columbus City Schools can attend two years at the community college tuition-free It started as a pilot [...]

CHILLICOTHE, Ohio (WCMH) – Approximately three years ago, a Ross County Sheriff’s deputy was shot in the line of duty and returned fire. Sgt. Eric Kocheran had to undergo several surgeries and while it has been a long road to recovery, he is using his experiences to fuel his new mission. “Every day I think [...]

Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.

Despite releasing a lower-than-normal number of security updates these past few months, Microsoft patched a whopping 1,129 vulnerabilities in 2025, an 11.9% increase from 2024. According to Satnam Narang at Tenable, this year marks the second consecutive year that Microsoft patched over one thousand vulnerabilities, and the third time it has done so since its inception.

The zero-day flaw patched today is CVE-2025-62221, a privilege escalation vulnerability affecting Windows 10 and later editions. The weakness resides in a component called the “Windows Cloud Files Mini Filter Driver” — a system driver that enables cloud applications to access file system functionalities.

“This is particularly concerning, as the mini filter is integral to services like OneDrive, Google Drive, and iCloud, and remains a core Windows component, even if none of those apps were installed,” said Adam Barnett, lead software engineer at Rapid7.

Only three of the flaws patched today earned Microsoft’s most-dire “critical” rating: Both CVE-2025-62554 and CVE-2025-62557 involve Microsoft Office, and both can exploited merely by viewing a booby-trapped email message in the Preview Pane. Another critical bug — CVE-2025-62562 — involves Microsoft Outlook, although Redmond says the Preview Pane is not an attack vector with this one.

But according to Microsoft, the vulnerabilities most likely to be exploited from this month’s patch batch are other (non-critical) privilege escalation bugs, including:

–CVE-2025-62458 — Win32k
–CVE-2025-62470 — Windows Common Log File System Driver
–CVE-2025-62472 — Windows Remote Access Connection Manager
–CVE-2025-59516 — Windows Storage VSP Driver
–CVE-2025-59517 — Windows Storage VSP Driver

Kev Breen, senior director of threat research at Immersive, said privilege escalation flaws are observed in almost every incident involving host compromises.

“We don’t know why Microsoft has marked these specifically as more likely, but the majority of these components have historically been exploited in the wild or have enough technical detail on previous CVEs that it would be easier for threat actors to weaponize these,” Breen said. “Either way, while not actively being exploited, these should be patched sooner rather than later.”

One of the more interesting vulnerabilities patched this month is CVE-2025-64671, a remote code execution flaw in the Github Copilot Plugin for Jetbrains AI-based coding assistant that is used by Microsoft and GitHub. Breen said this flaw would allow attackers to execute arbitrary code by tricking the large language model (LLM) into running commands that bypass the guardrails and add malicious instructions in the user’s “auto-approve” settings.

CVE-2025-64671 is part of a broader, more systemic security crisis that security researcher Ari Marzuk has branded IDEsaster (IDE  stands for “integrated development environment”), which encompasses more than 30 separate vulnerabilities reported in nearly a dozen market-leading AI coding platforms, including Cursor, Windsurf, Gemini CLI, and Claude Code.

The other publicly-disclosed vulnerability patched today is CVE-2025-54100, a remote code execution bug in Windows Powershell on Windows Server 2008 and later that allows an unauthenticated attacker to run code in the security context of the user.

For anyone seeking a more granular breakdown of the security updates Microsoft pushed today, check out the roundup at the SANS Internet Storm Center. As always, please leave a note in the comments if you experience problems applying any of this month’s Windows patches.

COLUMBUS, Ohio (WCMH) – The City of Columbus has issued disciplinary charges against Columbus Division of Fire Chief Jeffrey Happ after the Department of Public Safety released an independent investigation into a 2023 fatal crash between a fire truck and two cars. Happ is facing two disciplinary charges and will have a chance to defend [...]

DELAWARE, Ohio (WCMH) -- Dozens of cases handled by the Delaware County Public Defender's Office could be reopened after a common pleas judge was accused of pressuring an attorney with the prosecutor's office into sex. Public Defender Carlos Crawford told NBC4 the office has identified nearly 30 cases that involved Judge James Schuck and the [...]

POWELL, Ohio (WCMH) — A woman shopping at a Delaware County grocery store found something in her bag that made her immediately stop in her tracks. A woman told NBC4 that after she left a Kroger grocery store in Powell, she discovered a dead frog in her unopened salad kit. The woman, who asked that [...]

COLUMBUS, Ohio (WCMH) -- As central Ohio hospitals continue dialogue about workplace violence, OhioHealth announced safety precautions to protect employees. OhioHealth announced it will now require all hospital visitors 18 and older to show government ID before accessing care facilities. The healthcare network said the change is already being implemented at five OhioHealth sites, and [...]

COLUMBUS, Ohio (WCMH) -- Pivot Boutique, a women's fashion retailer in the Short North, will close at the end of the year. The boutique, located at 718 N. High St. shared the news in a social media post, in which owner Nicci Hicks said the decision followed "a great deal of reflection." She wrote that Pivot [...]

COLUMBUS, Ohio (WCMH) -- An 11-year-old died days after an accidental shooting in the Hilltop neighborhood. Police were called Friday evening to the 200 block of South Wheatland Avenue and found the child with a gunshot wound, police said. The child, who officials identified as Amya Frazier, was taken to Nationwide Children's Hospital where she [...]