Latest Internet & Cybersecurity News
Cisco AsyncOS zero‑day actively exploited to backdoor email appliances
Cisco disclosed a critical zero‑day in AsyncOS for Secure Email Gateway and Secure Email and Web Manager that is being actively exploited by a China‑nexus APT, including backdoor and log‑purging activity, and urged immediate mitigation steps.
Fortinet FortiGate SSO authentication bypasses under active attack
Two critical SAML SSO authentication bypass vulnerabilities in Fortinet FortiGate (CVE‑2025‑59718 and CVE‑2025‑59719) are being exploited in the wild shortly after disclosure, with intrusions observed targeting administrative access.
Microsoft 365 device‑code phishing used by Russia‑linked and other groups
Threat actors, including suspected Russia‑aligned groups, are using device‑code phishing flows to take over Microsoft 365 accounts, leading to widespread account compromise and espionage risk since at least September 2025.
Kali Linux 2025.4 released with new tools and usability updates
OffSec released Kali Linux 2025.4, introducing quality‑of‑life improvements and updated toolsets for penetration testers and digital forensics practitioners.
Apple issues emergency updates for actively exploited vulnerabilities
Apple released patches addressing actively exploited zero‑days (e.g., CVE‑2025‑14174, CVE‑2025‑43529) and urged users to update devices to prevent ongoing attacks.
Android December 2025 bulletin fixes multiple zero‑days across vendors
Google published the December 2025 Android Security Bulletin addressing over 100 vulnerabilities, including two zero‑days and vendor component fixes for broader platform security.
SoundCloud reports breach and sustained denial‑of‑service incidents
SoundCloud confirmed a breach accompanied by repeated denial‑of‑service attacks that disrupted users (notably via VPN) and prompted incident response actions.
Clop and other ransomware actors target enterprise file servers and backups
Ransomware groups such as Clop are running large extortion campaigns targeting file server products (e.g., Gladinet CentreStack) and focusing on backup and domain controller disruption to maximize impact.
U.S. DOJ charges 54 in ATM jackpotting scheme using Ploutus malware
U.S. Department of Justice charged 54 individuals in a transnational ATM jackpotting and fraud operation that used Ploutus malware to drain cash from machines.
Major criminal use of generative AI observed on Tor for scalable illicit activity
Threat intelligence firms reported a Q4 2025 surge in criminal adoption of generative AI tools (DIG AI) on Tor, enabling scalable fraud and illicit operations ahead of major 2026 events.
Amazon reveals years‑long Russian state‑linked campaign against Western infrastructure
Amazon Threat Intelligence disclosed a multi‑year Russian state‑backed campaign (2021–2025) targeting Western critical infrastructure, highlighting long‑running supply‑chain and operational compromises.
French Interior Ministry email servers breached by cyberattack
The French Interior Minister confirmed a cyberattack that compromised the Interior Ministry’s email servers, prompting national incident response and investigations.
Nigeria arrests alleged RaccoonO365 phishing developer linked to global Microsoft 365 attacks
Nigerian authorities arrested suspects tied to high‑profile internet fraud, including the developer behind RaccoonO365 phishing‑as‑a‑service used against major corporations to phish Microsoft 365 credentials.
North Korea‑linked groups steal over $2 billion in crypto during 2025
Analysis shows North Korea‑linked cybercrime actors stole approximately $2.02 billion in 2025 via crypto thefts, underscoring continued state‑linked financial cybercrime targeting exchanges and bridges.
UEFI vulnerability exposes select motherboards to early‑boot DMA attacks
Researchers disclosed a UEFI flaw affecting some ASRock, ASUS, GIGABYTE, and MSI motherboards that can enable early‑boot DMA attacks and bypass IOMMU protections, raising hardware‑level security concerns.