🔒 Cybersecurity [21-Dec-2025]

 

🔒 Cybersecurity

Network Security & Critical Vulnerabilities

• CVE-2025-20393: Critical Cisco Email Gateway RCE (CVSS 10.0) - Critical remote code execution vulnerability actively exploited in Cisco Secure Email Gateways by China-nexus threat actors. Immediate patching required. Source: Corelight

• WatchGuard Firebox Critical RCE Under Active Exploitation - CVE-2025-14733 (CVSS 9.3) in WatchGuard Fireware OS is actively being exploited; CISA added to Known Exploited Vulnerabilities list. Source: The Register

Server Security & Infrastructure

• Cisco VPN and Email Services Hit in Separate Threat Campaigns - Threat actors exploit CVE-2025-20393 to execute system commands and deploy malware across vulnerable Cisco appliances. Source: Dark Reading

Cloud Security

• Airbus Migrates Critical Apps to Sovereign Euro Cloud - Major European aerospace firm moves critical infrastructure to European-controlled cloud infrastructure for data sovereignty and security. Source: The Register

Software Security & Vulnerabilities

• CISA Flags ICS Vulnerabilities in Industrial Control Systems - Multiple critical vulnerabilities discovered in industrial control systems from Siemens, Schneider Electric, and Rockwell Automation. Source: Industrial Cyber

• CISA Alerts on Chromium Zero-Day CVE-2025-14174 - CISA added Chromium vulnerability to Known Exploited Vulnerabilities catalog; federal agencies mandated to patch immediately. Source: CyberPress

Threat Intelligence & Incident Response

• Fortinet Critical Authentication Bypass Vulnerabilities - CVE-2025-59718 and CVE-2025-59719 identified as critical authentication bypass flaws requiring immediate attention. Source: VulnCheck