Daily Digest

Microsoft Patches Actively Exploited Zero-Day as Gogs Git Service Reels from Unpatched Flaw

Microsoft Patches Actively Exploited Zero-Day as Gogs Git Service Reels from Unpatched Flaw

December 11, 2025
8 articles (7 new, 1 updated)
24 min read

Summary

In cybersecurity news for December 11, 2025, Microsoft issued its final Patch Tuesday of the year, addressing an actively exploited privilege escalation zero-day (CVE-2025-62221) in Windows. Concurrently, an unpatched zero-day (CVE-2025-8110) in the Gogs Git service is under active attack, compromising hundreds of instances. New malware threats emerged with 'DroidLock' targeting Android devices and the 'AshTag' suite used by the Ashen Lepus APT against Middle Eastern governments. Other significant developments include new vulnerabilities in React, sophisticated social engineering tactics detailed by HP, and an espionage campaign, 'Operation DupeHike,' targeting Russian corporations.

Filter by Category

New Articles (7)

NATO Sharpens Cyber Defenses in Massive "Cyber Coalition" War Game

INFORMATIONAL

NATO's "Cyber Coalition" Exercise Simulates Hybrid Attacks on Critical Infrastructure

NATO has successfully concluded its largest annual cyber defense exercise, "Cyber Coalition," in Tallinn, Estonia. The week-long event involved approximately 1,500 military and civilian personnel from 29 NATO members and seven partner nations. Participants collaborated to defend a fictional nation's critical infrastructure against a series of realistic, hybrid cyberattacks, enhancing their collective ability to respond to modern threats.

December 11, 2025
4 min read
NATOCyber ExerciseCyber CoalitionHybrid WarfareCritical Infrastructure +1 more
NATO Sharpens Cyber Defenses in Massive "Cyber Coalition" War Game
Security Operations
Policy and Compliance
Industrial Control Systems

Critical Infrastructure at Risk Due to "Deficient" OT Cybersecurity Training

MEDIUM

Secolve Report Finds OT Cybersecurity Training is "Infrequent, Weak, and Generic" in Critical Sectors

A new report from Australian cybersecurity firm Secolve has exposed significant deficiencies in operational technology (OT) cybersecurity training across critical infrastructure sectors. The survey of senior professionals in industries like energy, manufacturing, and water found that training is often generic, infrequent, or completely ignored. This lack of specialized training is creating a dangerously immature security culture and leaving vital industrial environments unprepared for cyberattacks.

December 11, 2025
4 min read
OT SecurityICSCybersecurity TrainingCritical InfrastructureAustralia +1 more
Critical Infrastructure at Risk Due to "Deficient" OT Cybersecurity Training
Industrial Control Systems
Policy and Compliance
Security Operations

Hackers Use Animated Lures and Fake Legal Warnings to Spread Malware

HIGH

HP Report: Cybercriminals Evolve Social Engineering with Animated Lures and Abuse of Trusted Platforms like Discord

HP's latest Threat Insights Report reveals a significant evolution in social engineering tactics, with cybercriminals using highly convincing lures such as professional animations and fake legal warnings to trick users into downloading malware. The report highlights a campaign impersonating the Colombian Prosecutor's Office to deliver PureRAT. It also details the abuse of trusted platforms like Discord for hosting malicious payloads like the Phantom Stealer and notes the rising threat of session cookie hijacking.

December 11, 2025
4 min read
Social EngineeringPhishingPureRATPhantom StealerInfoStealer +2 more
Hackers Use Animated Lures and Fake Legal Warnings to Spread Malware
Phishing
Malware
Threat Intelligence

Hamas-Linked APT "Ashen Lepus" Targets Middle East with New "AshTag" Malware

HIGH

Ashen Lepus (WIRTE) APT Group Deploys New Modular "AshTag" Malware in Espionage Campaign Against Middle Eastern Governments

The Hamas-affiliated advanced persistent threat (APT) group known as Ashen Lepus (or WIRTE) is conducting an ongoing espionage campaign targeting governmental and diplomatic entities in the Middle East. Researchers have identified a new, modular .NET malware suite named AshTag being used in these attacks. The campaign marks a significant evolution in the group's sophistication, incorporating enhanced encryption, in-memory payload execution, and the use of legitimate-looking subdomains to evade detection.

December 11, 2025
4 min read
Ashen LepusWIRTEAshTagAPTCyber Espionage +2 more
Hamas-Linked APT "Ashen Lepus" Targets Middle East with New "AshTag" Malware
Threat Actor
Malware
Cyberattack

"Operation DupeHike" Espionage Campaign Targets Russian Corporate HR Depts

HIGH

New Cyber-Espionage Campaign "Operation DupeHike" Targets Russian Corporations with Sophisticated Social Engineering

A highly targeted cyber-espionage campaign, dubbed "Operation DupeHike," has been identified targeting employees in Russian corporations. Attributed to the threat actor cluster UNG0902, the campaign uses convincing social engineering lures, such as decoy documents about employee bonuses, to infiltrate networks. The primary targets are staff in HR, payroll, and administrative departments, with the goal of achieving persistent surveillance and exfiltrating sensitive corporate data.

December 11, 2025
4 min read
Operation DupeHikeUNG0902Cyber EspionageRussiaAPT +1 more
"Operation DupeHike" Espionage Campaign Targets Russian Corporate HR Depts
Threat Actor
Phishing
Cyberattack

Unpatched Zero-Day in Gogs Git Service Actively Exploited to Gain SSH Access

CRITICAL

Active Exploitation of Unpatched Gogs Zero-Day (CVE-2025-8110) Compromises Over 700 Instances

A critical, unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, is being actively exploited in the wild. Tracked as CVE-2025-8110 with a CVSS score of 8.7, the flaw is a bypass of a previously patched RCE and allows an attacker to overwrite arbitrary files, ultimately leading to SSH access on the server. Researchers at Wiz have identified over 700 compromised instances, with attackers deploying the Supershell C2 framework.

December 11, 2025
4 min read
GogsZero-DayVulnerabilityRCESupershell +2 more
Unpatched Zero-Day in Gogs Git Service Actively Exploited to Gain SSH Access
Vulnerability
Cyberattack
Cloud Security

Fake Leonardo DiCaprio Movie Torrent Used as Bait to Spread Agent Tesla Trojan

HIGH

Bitdefender Uncovers Campaign Distributing Agent Tesla Info-Stealer via Fake Movie Torrent

Cybercriminals are luring victims with a fake torrent for a new Leonardo DiCaprio movie to distribute the Agent Tesla information-stealing trojan. Security researchers at Bitdefender analyzed the campaign, revealing a complex, multi-stage attack chain that uses a malicious .lnk shortcut, hidden batch commands in subtitle files, and multiple layers of PowerShell to execute the final payload. The malware runs only in memory and establishes persistence through a fake audio diagnostic task, making it highly evasive.

December 11, 2025
4 min read
Agent TeslaMalwareTorrentInfoStealerPhishing +1 more
Fake Leonardo DiCaprio Movie Torrent Used as Bait to Spread Agent Tesla Trojan
Malware
Phishing

Updated Articles (1)

React2Shell: Critical 10.0 CVSS RCE Flaw in React and Next.js Under Active Exploitation

CRITICAL

Critical 'React2Shell' RCE Vulnerability (CVE-2025-55182) in React Server Components Sparks Widespread Emergency Patching

Update:

Following the critical React2Shell RCE, two additional vulnerabilities have been disclosed in React Server Components. These include a high-severity Denial of Service (CVE-2025-55184, CVE-2025-67779) allowing attackers to trigger infinite loops and consume server resources, and a medium-severity Source Code Exposure (CVE-2025-55183) that could leak sensitive application data. These flaws affect the same `react-server-dom-*` packages and require immediate updates to versions 19.0.3, 19.1.4, 19.2.3 or later, even for systems already patched against React2Shell. While no active exploitation is reported yet, the discovery of these new issues further complicates the security landscape for React Server Component users.

December 4, 2025
Updated: December 11, 2025
6 min read
RCEReactNext.jsCVE-2025-55182KEV +3 more
React2Shell: Critical 10.0 CVSS RCE Flaw in React and Next.js Under Active Exploitation
Vulnerability
Cyberattack
Threat Intelligence

📢 Share This Publication

Help others stay informed about cybersecurity threats