Apple Patches Actively Exploited Zero-Days; CISA Warns of Critical Router Flaw Amidst Ransomware Surge

Publication Date: December 14, 2025

Summary

In the period covering December 13-14, 2025, the cybersecurity landscape was dominated by critical vulnerability disclosures and active exploitation campaigns. Apple released an emergency patch for two zero-day flaws in iOS being used in targeted spyware attacks. CISA added a high-severity RCE vulnerability in Sierra Wireless routers to its KEV catalog. Meanwhile, ransomware groups KillSec and Qilin continued their global extortion campaigns, and several major data breaches came to light, including a massive 16TB database exposing 4.3 billion records and a breach at Canadian airline WestJet affecting 1.2 million passengers.

Today New Articles

Apple Rushes iOS 26.2 Update to Patch Two Actively Exploited Zero-Days

Apple has released an emergency security update, iOS 26.2 and iPadOS 26.2, to address 26 vulnerabilities. Among these are two critical zero-day flaws, CVE-2025-43529 and CVE-2025-14174, both residing in the WebKit browser engine. The company confirmed reports...

CISA KEV Alert: Actively Exploited RCE Flaw in Sierra Wireless Routers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Sierra Wireless AirLink routers, CVE-2018-4063, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, which has a CVSS score as high as 9.9, is an...

Germany Summons Russian Ambassador Over Suspected Air Traffic Control Cyberattack

In a significant diplomatic escalation, the German government has summoned the Russian Ambassador to Berlin following allegations of a cyberattack targeting the nation's air traffic control (ATC) systems. The incident, reported on December 13, 2025, has raised...

KillSec Ransomware Hits U.S. Financial Firm Daba Finance in Data Extortion Attack

The ransomware group known as KillSec has claimed responsibility for a cyberattack against Daba Finance Inc., a financial services company in the United States. On December 14, 2025, the group listed the company on its data leak site, employing a double-extort...

WestJet Data Breach Exposes Info of 1.2 Million Passengers; Scattered Spider Suspected

Canadian airline WestJet has disclosed a significant data breach that occurred in June 2025, impacting approximately 1.2 million passengers. The compromised data includes sensitive personal information such as names, contact details, and travel documentation....

"Catastrophic" Data Breach at Norwegian News Agency NTB Exposes Customer Data

NTB (Norsk Telegrambyrå), Norway's leading news and content provider, has disclosed what it calls a "catastrophic" data breach that occurred in early December 2025. The company announced on December 13 that attackers exploited vulnerabilities in its systems to...

Eswatini Faces Cybersecurity Crisis as Government Fails to Act on Rising Threats

A report published on December 13, 2025, reveals a deepening cybersecurity crisis in the Kingdom of Eswatini. The nation is experiencing a significant increase in cyberattacks targeting citizens, businesses, and government bodies. This surge is compounded by a...

Article Updates

Qilin Ransomware Gang Adds Business Services Firm B Dynamic to Leak Site

Update:The Qilin ransomware group, also known as Agenda, has significantly expanded its global campaign, claiming multiple new victims since December 1st. On December 14, 2025, Vlp Hellas, a Greek business services firm, was added to their leak site. This follows cla...