Microsoft Patches Actively Exploited Zero-Day as Phishing and Malware Tactics Evolve

Publication Date: December 18, 2025

Summary

This cybersecurity brief for December 18, 2025, covers several critical developments. The most urgent is Microsoft's final Patch Tuesday of the year, which addresses an actively exploited zero-day (CVE-2025-62221) in Windows, prompting a CISA directive. Concurrently, threat actors are escalating phishing campaigns against Microsoft 365 using OAuth device code abuse. Other significant events include the discovery of the 'GhostPoster' malware in Firefox add-ons, the emergence of AI-powered ransomware like 'PromptLock', and an investigation by Google into malicious code found within its search infrastructure.

Today New Articles

"GhostPoster" Malware Infects 50,000+ Firefox Users via Malicious Add-ons

A stealthy malware campaign named "GhostPoster" has infected over 50,000 Mozilla Firefox users by distributing 17 malicious browser extensions. The add-ons, which masqueraded as legitimate tools like VPNs and ad blockers, have been removed from the Firefox sto...

"Scripted Sparrow" BEC Group Targets Finance Teams with Highly Structured Attacks

A disciplined and persistent Business Email Compromise (BEC) group, newly identified by Fortra as "Scripted Sparrow," has been systematically targeting corporate finance teams since at least June 2024. The group employs a structured and well-researched approac...

"IRLeaks" Supply Chain Attack Hits Iranian Banks, Exposing Millions of Customer Records

A major supply chain attack dubbed "IRLeaks" has resulted in a significant data breach affecting several prominent Iranian banks and millions of their customers. Attackers first compromised a third-party IT vendor in October 2025, using it as a pivot point to...

Ransomware Evolves: "ClickFix" Social Engineering and Threat Actor Alliances on the Rise

A December 2025 threat report from NCC Group indicates that while ransomware attack volumes plateaued in November with 583 incidents, their sophistication markedly increased. Attackers are increasingly adopting the "ClickFix" (also known as ClearFake) social e...

"Operation ForumTroll" APT Targets Russian Academics with Plagiarism Lure

The Advanced Persistent Threat (APT) group known as Operation ForumTroll has launched a new, highly targeted phishing campaign aimed at Russian political scientists and academics. Active since at least 2022, the group's latest attack uses meticulously crafted...

Google Investigates Malicious Code Found in Search Result Infrastructure

Google has launched an urgent investigation after cybersecurity analysts discovered anomalous, encrypted code snippets and obfuscated JavaScript embedded within its core search result payloads on December 17, 2025. The malicious code appears designed to exploi...

Article Updates

2025: The Year Cybersecurity 'Crossed the AI Rubicon'

Update:New intelligence from ESET's H2 2025 threat report confirms the emergence of 'PromptLock,' the first known AI-driven ransomware capable of dynamically generating malicious scripts to evade detection. This represents a tangible realization of the 'adaptive thre...