Latest Internet & Cybersecurity News
Fortinet FortiGate Vulnerabilities CVE-2025-59718 and CVE-2025-59719 Exploited in the Wild
Attackers are exploiting critical flaws in Fortinet FortiGate devices allowing unauthorized SSO logins and config exfiltration, linked to Chinese infrastructure. Arctic Wolf observed malicious activity from December 12, targeting admin accounts. CISA added CVE-2025-59718 to KEV catalog with remediation due by December 23.
Cisco Secure Email Gateway Actively Attacked via CVE-2025-20393
Cisco reports active exploitation of CVE-2025-20393 in Secure Email Gateway and Web Manager appliances with Spam Quarantine exposed online, discovered December 10. The improper input validation flaw is in CISA's KEV catalog without a patch yet.
Targets both physical and virtual setups.
BlueDelta Russian APT Targets UKR.NET with Credential Harvesting
Russian state-sponsored BlueDelta (APT28/Fancy Bear) runs persistent phishing campaign against Ukrainian webmail service UKR.NET. Emphasizes need for phishing-resistant MFA.
Insikt Group details the sustained operation.
North Korean Lazarus Group Uses WinRAR n-Day CVE-2025-8088 for Crypto Theft
Lazarus exploits WinRAR vulnerability via email to deploy Blank Grabber Trojan stealing browser data, Discord/Telegram sessions, and crypto wallet keys like MetaMask. Disguised as toolkits in RAR files.
Targets credentials and wallets.
Venezuela's PDVSA Oil Giant Hit by Cyberattack Amid US Tensions
PDVSA suffers cyberattack as tensions with US rise, part of escalating threat actor activity. Cybercriminals use alarming spying and theft tactics in related campaigns like GhostPoster.
Highlights infrastructure vulnerabilities.
DXS International NHS Software Supplier Discloses Cyber Incident
UK firm DXS International, providing NHS clinical tools, reports breach on internal servers discovered December 14. Engaged experts; notified ICO and regulators.
Affects GP practices across England.
RBHA Ransomware Breach Exposes Sensitive Health and Financial Data
Ransomware attack on September 29 encrypts RBHA network, stealing SSNs, passports, accounts, and health info. Notified HHS OCR on December 4.
Data theft confirmed in breach notice.
Apple Patches Zero-Day Flaws Used in Sophisticated Attacks
Apple fixed zero-day vulnerabilities exploited for sophisticated attacks, topping December 19 news. Part of ongoing mobile security threats.
Users urged to update immediately.
Cybersecurity Pros Rapidly Adopt AI Tools Amid New Risks
Cyber teams now 90%+ using AI for threats, per CSA-Google survey; requires data security overhaul for prompt injection, model inversion. CSA proposes new AI Controls Matrix additions.
PwC predicts responsible AI focus in 2026.
Clop Ransomware Extorts Companies via Oracle E-Business Breaches
Clop exploits Oracle servers, stealing data from giants like Cloudflare, Google, LinkedIn; demands ransoms with exec personal info. Follows mass-hacks like MOVEit; new victims ongoing.
Largest 2025 breaches include US gov, Treasury.
FinCEN Reports Slight Downward Trend in Ransomware Incidents
US FinCEN data shows ransomware peaking but declining slightly 2022-2024, despite 2025 class actions over breaches. Key findings from BSA report highlight trends.
Continued high-impact attacks persist.
Silver Fox False-Flag SEO Poisoning Targets Chinese Users
Silver Fox uses SEO poisoning for backdoors in 20+ apps, impersonating Russian actors with Cyrillic; hits China, AsiaPac, Europe, NA since July. ReliaQuest assesses as false-flag.
Broad campaign uncovered.