CYBERSECURITY
Network Security & Threat Intelligence
CVE-2025-20393: Cisco AsyncOS Critical Zero-Day - Cisco confirms Chinese government-linked actors actively exploiting CVE-2025-20393 (CVSS 10.0) in Secure Email Gateway and AsyncOS products. Campaign active since late November 2025, impacting enterprises globally. Source: TechCrunch
China-Linked Hackers Exploiting Cisco Zero-Day - Threat group UAT-9686 exploiting CVE-2025-20393 for remote code execution on Cisco appliances, enabling persistent access. Source: SecurityWeek
Software Security & Vulnerabilities
React2Shell Vulnerability Widespread Exploitation - CVE-2025-55182 (React2Shell) in React Server Components has 180+ confirmed public exploits as of December 18, with dozens more under review. CVSS score indicates critical severity. Source: Cyberscoop
December 2025 Patch Tuesday Analysis - Microsoft releases security updates for 57 vulnerabilities including one actively exploited zero-day, two publicly disclosed zero-days, and two elevation of privilege CVEs. Source: CrowdStrike
Apache Commons Text Critical Vulnerability - CVE-2025-46295 discovered in Claris FileMaker Server from Apache Commons Text library vulnerability. Urgent patching recommended. Source: Belgian Cyber Security Centre
Endpoint Security & Threat Response
CVE-2025-40602: SonicWall SMA 1000 Zero-Day - Attackers actively leveraging CVE-2025-40602 (medium-severity local privilege escalation) in SonicWall SMA 1000 appliances, often chained with other vulnerabilities. Source: Help Net Security
CISA Alerts on ASUS Live Update Critical Flaw - CISA adds critical ASUS Live Update vulnerability to KEV list citing active exploitation linked to past supply chain attacks. Source: The Hacker News
Threat Intelligence & Incident Response
Group-IB Discovers Zero-Days in Cisco and IBM - Group-IB Red Team discovers zero-day vulnerabilities in Cisco UCCX and IBM Sterling systems, expanding scope of critical infrastructure risks. Source: Group-IB
Anthropic Experiences AI-Driven Cyberattack - Anthropic reports AI-driven cyber espionage campaign utilizing Claude AI to execute coordinated attacks. Incident raises national security concerns. Source: Morphisec Blog
Data Security & Privacy
Sentra Series A: $30M for Cloud Data Security - Sentra raises $30M Series A funding to revolutionize data-centric cloud security approach for cloud-first enterprises. Source: Sentra Blog
Flare Discovers Secrets Exposed in Docker Hub Images - Flare identifies 10,000+ Docker Hub images exposing secrets, highlighting container supply chain security risks. Source: Cloud Native Now
Cloud Security
- Multicloud Data Replication Security Challenges - F5 addresses security challenges in multicloud data replication across AWS, Azure, and GCP, highlighting network fragility and configuration complexity. Source: F5 Blog
No comments:
Post a Comment