Daily Digest

Apple Patches Actively Exploited Zero-Days; CISA Warns of Critical Router Flaw Amidst Ransomware Surge

Apple Patches Actively Exploited Zero-Days; CISA Warns of Critical Router Flaw Amidst Ransomware Surge

December 14, 2025
8 articles (7 new, 1 updated)
24 min read

Summary

In the period covering December 13-14, 2025, the cybersecurity landscape was dominated by critical vulnerability disclosures and active exploitation campaigns. Apple released an emergency patch for two zero-day flaws in iOS being used in targeted spyware attacks. CISA added a high-severity RCE vulnerability in Sierra Wireless routers to its KEV catalog. Meanwhile, ransomware groups KillSec and Qilin continued their global extortion campaigns, and several major data breaches came to light, including a massive 16TB database exposing 4.3 billion records and a breach at Canadian airline WestJet affecting 1.2 million passengers.

Filter by Category

New Articles (7)

Apple Rushes iOS 26.2 Update to Patch Two Actively Exploited Zero-Days

CRITICAL

Apple Issues Emergency iOS 26.2 Update to Fix Two Zero-Day Flaws Used in Targeted Spyware Attacks

Apple has released an emergency security update, iOS 26.2 and iPadOS 26.2, to address 26 vulnerabilities. Among these are two critical zero-day flaws, CVE-2025-43529 and CVE-2025-14174, both residing in the WebKit browser engine. The company confirmed reports that these vulnerabilities have been actively exploited in sophisticated, targeted spyware campaigns, potentially allowing attackers to execute arbitrary code on unpatched devices. The update also patches a severe kernel vulnerability, CVE-2025-46285, that could grant an attacker root privileges. All iPhone and iPad users are urged to update their devices immediately.

December 14, 2025
5 min read
zero-dayiOSWebKitspywareRCE +2 more
Apple Rushes iOS 26.2 Update to Patch Two Actively Exploited Zero-Days
Vulnerability
Patch Management
Mobile Security

CISA KEV Alert: Actively Exploited RCE Flaw in Sierra Wireless Routers

CRITICAL

CISA Adds High-Severity Sierra Wireless Router Vulnerability (CVE-2018-4063) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Sierra Wireless AirLink routers, CVE-2018-4063, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which has a CVSS score as high as 9.9, is an unrestricted file upload vulnerability that allows an authenticated attacker to achieve remote code execution (RCE). Due to evidence of active exploitation, CISA has mandated that all Federal Civilian Executive Branch (FCEB) agencies patch the vulnerability by a specified deadline, highlighting the severe risk it poses to network infrastructure.

December 14, 2025
4 min read
CISAKEVRCESierra Wirelessrouter +2 more
CISA KEV Alert: Actively Exploited RCE Flaw in Sierra Wireless Routers
Vulnerability
Patch Management
Industrial Control Systems

Germany Summons Russian Ambassador Over Suspected Air Traffic Control Cyberattack

HIGH

Germany Demands Answers from Russia Over Suspected Cyberattack on Air Traffic Control Systems

In a significant diplomatic escalation, the German government has summoned the Russian Ambassador to Berlin following allegations of a cyberattack targeting the nation's air traffic control (ATC) systems. The incident, reported on December 13, 2025, has raised grave concerns about the security of Germany's critical national infrastructure and points towards a potential act of state-sponsored cyber-espionage or disruption. While technical details remain undisclosed, the move underscores the high stakes of cyber hostilities between Western nations and Russia.

December 14, 2025
4 min read
geopoliticscyber warfarestate-sponsoredGermanyRussia +2 more
Germany Summons Russian Ambassador Over Suspected Air Traffic Control Cyberattack
Cyberattack
Threat Actor
Industrial Control Systems

KillSec Ransomware Hits U.S. Financial Firm Daba Finance in Data Extortion Attack

HIGH

KillSec Ransomware Group Claims Cyberattack on U.S.-Based Daba Finance

The ransomware group known as KillSec has claimed responsibility for a cyberattack against Daba Finance Inc., a financial services company in the United States. On December 14, 2025, the group listed the company on its data leak site, employing a double-extortion tactic by threatening to release sensitive stolen data if a ransom is not paid. This incident underscores the persistent threat that data extortion gangs pose to the financial sector, which remains a high-value target due to the sensitive customer and corporate information it handles.

December 14, 2025
4 min read
ransomwaredata extortionKillSecDaba Financefinancial services +1 more
KillSec Ransomware Hits U.S. Financial Firm Daba Finance in Data Extortion Attack
Ransomware
Data Breach
Threat Actor

WestJet Data Breach Exposes Info of 1.2 Million Passengers; Scattered Spider Suspected

HIGH

WestJet Discloses Data Breach Affecting 1.2 Million Customers, Potentially Linked to Scattered Spider

Canadian airline WestJet has disclosed a significant data breach that occurred in June 2025, impacting approximately 1.2 million passengers. The compromised data includes sensitive personal information such as names, contact details, and travel documentation. While investigations are ongoing, some reports suggest the notorious Scattered Spider hacking group, known for its social engineering prowess, may be behind the attack. The breach poses a serious risk of identity theft and fraud for the affected customers.

December 14, 2025
4 min read
data breachWestJetScattered SpideraviationPII +1 more
WestJet Data Breach Exposes Info of 1.2 Million Passengers; Scattered Spider Suspected
Data Breach
Threat Actor
Cyberattack

"Catastrophic" Data Breach at Norwegian News Agency NTB Exposes Customer Data

HIGH

Norwegian News Agency NTB Hit by "Catastrophic" Data Breach

NTB (Norsk Telegrambyrå), Norway's leading news and content provider, has disclosed what it calls a "catastrophic" data breach that occurred in early December 2025. The company announced on December 13 that attackers exploited vulnerabilities in its systems to gain unauthorized access to its customer database, exposing sensitive personal information, detailed customer profiles, and internal communications for thousands of users. NTB is now undertaking a major overhaul of its security infrastructure in response.

December 14, 2025
3 min read
data breachNTBNorwaymediavulnerability +1 more
"Catastrophic" Data Breach at Norwegian News Agency NTB Exposes Customer Data
Data Breach
Cyberattack
Vulnerability

Eswatini Faces Cybersecurity Crisis as Government Fails to Act on Rising Threats

MEDIUM

Report Highlights Growing Cybersecurity Crisis in Eswatini Due to Government Inaction

A report published on December 13, 2025, reveals a deepening cybersecurity crisis in the Kingdom of Eswatini. The nation is experiencing a significant increase in cyberattacks targeting citizens, businesses, and government bodies. This surge is compounded by a lack of effective government response, characterized by outdated laws, minimal funding for cybersecurity initiatives, a severe shortage of skilled personnel, and a failure to implement its own national cybersecurity strategy. As a result, the country's digital infrastructure remains highly vulnerable to escalating threats.

December 14, 2025
3 min read
Eswatinicybersecurity policygovernancenational securitycybercrime
Eswatini Faces Cybersecurity Crisis as Government Fails to Act on Rising Threats
Policy and Compliance
Regulatory
Other

Updated Articles (1)

Qilin Ransomware Gang Adds Business Services Firm B Dynamic to Leak Site

HIGH

Qilin Ransomware Group Claims B Dynamic as New Victim in Ongoing Double-Extortion Campaign

Update:

The Qilin ransomware group, also known as Agenda, has significantly expanded its global campaign, claiming multiple new victims since December 1st. On December 14, 2025, Vlp Hellas, a Greek business services firm, was added to their leak site. This follows claims against Nepes (South Korea), Spitzer Auto Group (U.S.), and Dan Technologies (Denmark) on December 13. The group continues to employ double-extortion tactics, with updated TTPs including abusing legitimate remote access and backup tools, using PowerShell for execution, and exfiltrating data to cloud storage services (T1537) before encryption. This demonstrates Qilin's high operational tempo and broad targeting across diverse sectors.

December 1, 2025
Updated: December 14, 2025
5 min read
RansomwareQilinRaaSDouble ExtortionDark Web
Qilin Ransomware Gang Adds Business Services Firm B Dynamic to Leak Site
Ransomware
Threat Actor
Cyberattack

📢 Share This Publication

Help others stay informed about cybersecurity threats