Critical Zero-Days and Actively Exploited Flaws Plague Cisco, Apple, HPE, and MongoDB

Publication Date: December 20, 2025

Summary

This cybersecurity advisory for December 20, 2025, covers a surge of critical vulnerabilities and active zero-day exploits. Major vendors including HPE, WatchGuard, Cisco, Apple, and MongoDB are scrambling to patch flaws being weaponized by threat actors, with CISA issuing multiple emergency directives. Highlights include a perfect 10.0 CVSS score for an HPE OneView RCE, actively exploited zero-days in Cisco email gateways and Apple products, and a memory leak in MongoDB dubbed 'MongoBleed'. Other significant events include a major data breach at the University of Sydney, a guilty plea from a Nefilim ransomware operator, and new social engineering attacks targeting WhatsApp users.

Today New Articles

University of Sydney Data Breach Exposes Info of 27,500 Staff and Students

The University of Sydney has announced a significant data breach affecting approximately 27,500 individuals after an unauthorized party gained access to an internal IT code library. The compromised repository contained historical data files with personal infor...

Nefilim Ransomware Operator Pleads Guilty in U.S. Court

Artem Aleksandrovych Stryzhak, a Ukrainian national, has pleaded guilty in a U.S. federal court for his role in the Nefilim ransomware conspiracy. Stryzhak, 35, was a key operator for the ransomware group that targeted high-revenue companies in the U.S. and Eu...

URGENT: Cisco Warns of Active Zero-Day Attacks on Email Security Appliances

Cisco has issued an urgent security advisory for an actively exploited zero-day vulnerability in its AsyncOS software, affecting Cisco Secure Email Gateway (formerly IronPort) and Secure Email and Web Manager appliances. Threat actors are leveraging the unpatc...

Warning: "GhostPairing" Attack Hijacks WhatsApp Accounts with Malicious QR Codes

A new social engineering campaign dubbed "GhostPairing" is exploiting WhatsApp's multi-device linking feature to hijack user accounts. India's CERT-In has issued a high-severity warning about the attack, which tricks victims into scanning a malicious QR code o...

MongoDB 'MongoBleed' Flaw Allows Unauthenticated Data Leaks, Actively Exploited

MongoDB has disclosed a high-severity vulnerability, CVE-2025-14847, nicknamed "MongoBleed." The flaw is an unauthenticated memory leak in the database server's zlib compression functionality. A remote, unauthenticated attacker can send a malformed message to...

.NET "SOAPwn" Flaw Allows Authentication Bypass and RCE in Enterprise Apps

A critical vulnerability nicknamed "SOAPwn" has been discovered in .NET applications utilizing SOAP-based web services. The flaw, reported on December 19, 2025, allows an unauthenticated attacker to send a specially crafted SOAP request to bypass security chec...