Daily Digest

Critical Zero-Days in Cisco, Chrome, and WatchGuard Actively Exploited; React2Shell Weaponized for Ransomware

Critical Zero-Days in Cisco, Chrome, and WatchGuard Actively Exploited; React2Shell Weaponized for Ransomware

December 19, 2025
4 articles (4 new)
12 min read

Summary

This cybersecurity brief for December 19, 2025, covers a surge in critical vulnerability exploitation. Multiple threat actors are leveraging the React2Shell flaw (CVE-2025-55182) to deploy ransomware. Concurrently, a China-linked APT is exploiting a zero-day in Cisco email gateways (CVE-2025-20393), and actively exploited flaws in WatchGuard firewalls and Google Chrome are putting networks and users at severe risk. Other major incidents include critical patches for HPE OneView, significant data breaches at SoundCloud and 700Credit, and new regulatory updates from the UK.

Filter by Category

New Articles (4)

China-Linked Hackers Exploit Critical Cisco Email Gateway Zero-Day

CRITICAL

Cisco Discloses Actively Exploited Zero-Day (CVE-2025-20393) in Email Security Appliances Linked to Chinese APT

Cisco has revealed that a China-affiliated advanced persistent threat (APT) group, tracked as UAT-9686, is actively exploiting a critical zero-day vulnerability in its email security products. The flaw, CVE-2025-20393, is a remote code execution vulnerability with a maximum CVSS score of 10.0, affecting Cisco Secure Email Gateway and Secure Email and Web Manager appliances. The attackers have been exploiting the flaw since late November 2025 to gain root-level access and have deployed persistence mechanisms on compromised devices. Due to active exploitation by a nation-state actor, CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating immediate patching for federal agencies.

December 19, 2025
6 min read
Zero-DayCiscoAPTUAT-9686China +3 more
China-Linked Hackers Exploit Critical Cisco Email Gateway Zero-Day

HPE Issues Urgent Patch for 10.0 CVSS RCE Flaw in OneView

CRITICAL

HPE Patches Critical Unauthenticated RCE Vulnerability (CVE-2025-37164) in OneView Infrastructure Management Software

Hewlett Packard Enterprise (HPE) has released an urgent security advisory for CVE-2025-37164, a critical vulnerability in its OneView infrastructure management software with a maximum CVSS score of 10.0. The flaw allows a remote, unauthenticated attacker to achieve complete remote code execution on affected systems. HPE OneView versions 5.20 through 10.20 are impacted. Given that OneView serves as a central control plane for enterprise server, storage, and firmware management, a compromise could give an attacker control over vast segments of IT infrastructure. HPE is urging customers to upgrade to the patched version 11.0 or apply an emergency hotfix immediately.

December 19, 2025
5 min read
HPEOneViewRCEVulnerabilityCVSS 10 +2 more
HPE Issues Urgent Patch for 10.0 CVSS RCE Flaw in OneView

Actively Exploited RCE Flaw in WatchGuard Firewalls Puts Networks at Risk

CRITICAL

WatchGuard Urges Immediate Patching for Actively Exploited Critical RCE Vulnerability (CVE-2025-14733) in Fireware OS

WatchGuard has issued an urgent advisory for customers to patch CVE-2025-14733, a critical remote code execution vulnerability in its Fireware OS that is confirmed to be under active exploitation. The flaw, an out-of-bounds write issue in the IKEv2 process, has a CVSS score of 9.3 and can be exploited by an unauthenticated remote attacker. The vulnerability affects Firebox firewalls with specific IKEv2 VPN configurations enabled. Given that firewalls are prime targets for initial access, immediate application of the provided security updates is crucial to protect network perimeters from compromise.

December 19, 2025
5 min read
WatchGuardFirewallRCEVPNIKEv2 +2 more
Actively Exploited RCE Flaw in WatchGuard Firewalls Puts Networks at Risk

Manufacturing Web Portals Are a Weak Link in Supply Chain Attacks

HIGH

Attackers Target Manufacturers' Web Portals with Bots and SQL Injection to Launch Supply Chain Attacks

A new report reveals that cybercriminals are increasingly targeting manufacturers through their public-facing web portals, such as supplier and customer forms, to execute supply chain attacks. Attackers are using bots and SQL injection to compromise these forms, which often run on legacy systems with weak security. The goal is to steal sensitive data, including credentials and intellectual property, or to gain a foothold to attack more heavily regulated downstream customers in defense, healthcare, and finance. A survey found that 85% of manufacturing firms experienced a security incident related to web forms, and 42% confirmed a resulting data breach.

December 19, 2025
5 min read
Supply ChainManufacturingSQL InjectionBotsWeb Security +1 more
Manufacturing Web Portals Are a Weak Link in Supply Chain Attacks

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.