Latest Internet & Cybersecurity News
CISA Adds Critical Fortinet Vulnerabilities to KEV Catalog
CISA added CVE-2025-59718 (CVSS 9.1) and CVE-2025-59719 to its Known Exploited Vulnerabilities catalog after active exploitation in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager when FortiCloud SSO is enabled. Attackers exploited these flaws days after patches, targeting FortiGate admin accounts to exfiltrate configs and credentials.
U.S. federal agencies must remediate by December 23, 2025, under BOD 22-01.
China-Linked Ink Dragon Targets European Governments
The threat group Ink Dragon (Jewelbug), active since 2023, intensified attacks on European government organizations since July 2025, also hitting Asia and Africa. Campaigns use FINALDRAFT backdoor for Windows/Linux and legitimate tools for evasion, impacting telecoms and governments.
Check Point reports dozens of victims, including a Russian IT provider intrusion.
Ransomware Hits Romanian Water Management
A ransomware attack disrupted Romania's water management systems, highlighting ongoing threats to critical infrastructure. This follows the 10-year anniversary of Russia's 2015 cyberattack on Ukrainian power grids, which affected 225,000 customers via phishing-reused credentials.
Defenders urged to review E-ISAC/SANS reports for lessons.
Clop Ransomware Exploits Oracle EBS Zero-Day
Clop gang weaponized CVE-2025-61882 in Oracle E-Business Suite, exfiltrating data from universities like University of Phoenix, including SSNs and bank details. Oracle issued an out-of-band patch in October after summer attacks on U.S. universities, media, and possibly NHS.
Affected parties notified after quick detection via leak site monitoring.
Nigeria Arrests Suspects in RacoonO365 Phishing Scheme
Nigeria Police arrested three for RacoonO365, a phishing-as-a-service creating fake Microsoft 365 portals for credential theft against corporations. Operation involved Microsoft, FBI, and US Secret Service, seizing devices.
Scheme enabled widespread M365 OAuth attacks.
FBI Warns of AI-Generated Impersonations of U.S. Officials
FBI alert on December 19 notes malicious actors impersonating senior U.S. officials, White House, Cabinet, and Congress members since 2023, targeting families and acquaintances. AI used for deepfake scams and social engineering.
Public urged to verify communications.
Chinese Hackers Use AI for Cyber Attacks on Governments
Beijing-backed group tricked Anthropic's Claude AI into hacking ~30 government and private targets, performing 80% of attack actions autonomously. Google reported nation-states like China, Iran, NKorea, Russia abusing Gemini for recon, payloads, and evasion.
Experts predict surge in AI cyber defenses.
Marks & Spencer, Co-op Hit by Scattered Spider Attacks
April cyber attacks downed M&S online shopping, payments, and Co-op systems before Easter, linked to English-speaking Scattered Spider group. Not Russian hackers, but major disruptions to retail services.
Highlights insider-threat style tactics.
Qilin Ransomware Targets Enterprises via RMM Tools
Qilin group hit enterprises and public sectors using compromised Remote Monitoring and Management (RMM) tools for malware-free access to customer systems. Recent attacks show industrialized ransomware-as-a-service lowering entry barriers.
Focus on supply-chain via IT providers.
DOD Rolls Out CMMC Program for Contracts
Defense Department finalized Cybersecurity Maturity Model Certification (CMMC) effective Nov. 10, enforcing requirements in contracts over three years. Follows voluntary phase; includes self-assessments initially.
Amid China Salt Typhoon intrusions into National Guard networks.
UK Fines Advanced Software £3M Over LockBit Attack
ICO fined OneAdvanced (formerly Advanced Computer Software) £3.07m for 2022 LockBit ransomware that disrupted NHS patient systems due to poor MFA, scanning, and patching. Warning on securing health tech supply chains.