Microsoft and Google Patch Actively Exploited Zero-Days Amidst Major Healthcare Breaches and Sophisticated Supply Chain Attacks
Summary
In the 24-hour period ending December 12, 2025, the cybersecurity landscape was dominated by the urgent patching of actively exploited zero-day vulnerabilities by both Microsoft and Google. Microsoft's December Patch Tuesday addressed a critical privilege escalation flaw (CVE-2025-62221) already in use by attackers, while Google rushed out an emergency fix for its eighth Chrome zero-day this year. The healthcare sector remains under siege, with massive data breaches at Conduent and TriZetto Provider Solutions coming to light, affecting millions. Concurrently, new intelligence revealed sophisticated threats, including the "Shai-Hulud 2.0" supply chain worm, an espionage campaign by the Hamas-affiliated "Ashen Lepus" group, and a novel hardware attack named "Battering RAM" capable of breaking CPU security protections.
Today New Articles
Conduent Breach Exposes 10.5M Patients, Ranks as 8th Largest US Healthcare Breach
Business services giant Conduent has disclosed a massive data breach that exposed the personal and medical information of over 10.5 million people, making it the 8th largest healthcare data breach in U.S. history. The breach, which was active for months betwee...
"Battering RAM": $50 Hardware Attack Cracks Intel and AMD Secure CPU Enclaves
At the Black Hat Europe 2025 conference, researchers from KU Leuven University demonstrated "Battering RAM," a novel hardware attack that completely undermines modern confidential computing technologies. Using a custom-built DDR4 interposer costing just $50, t...
TriZetto Discloses Year-Long Data Breach Exposing Patient PHI
TriZetto Provider Solutions, a healthcare revenue management company owned by Cognizant, has started notifying clients about a major data breach. An unauthorized party had access to patient data for nearly a full year, from November 2024 until the breach was d...
Ransomware Goes Global, Targeting New Regions and Industries with Weaker Defenses
Ransomware is becoming a more globalized and unpredictable threat, according to the H2 2025 Global Threat Briefing from cyber analytics firm CyberCube. The report warns that ransomware groups are actively expanding into new geographic regions and industry sect...