Daily Digest

Multiple Zero-Days Under Active Attack; Critical Flaws in Windows, SonicWall, and Web Frameworks Threaten Global Systems

Multiple Zero-Days Under Active Attack; Critical Flaws in Windows, SonicWall, and Web Frameworks Threaten Global Systems

December 21, 2025
6 articles (4 new, 2 updated)
18 min read

Summary

For the period ending December 21, 2025, the cybersecurity landscape is dominated by a surge in actively exploited critical vulnerabilities. Security teams are grappling with zero-days in Microsoft Windows, SonicWall, and WatchGuard appliances, all added to CISA's KEV catalog. A new CVSS 10.0 flaw dubbed 'React2Shell' is being used to compromise web applications globally. Major incidents also include a significant data breach at fintech vendor Marquis impacting over 400,000 bank customers, a sophisticated 'GhostPairing' account takeover attack on WhatsApp, and a ransomware strike on an Australian fertility clinic. These events highlight persistent threats from unpatched systems, supply chain weaknesses, and social engineering.

Filter by Category

New Articles (4)

Australian Fertility Clinic Genea Hit by 'Termite' Ransomware Gang

HIGH

'Termite' Ransomware Gang Claims Attack on Australian Fertility Clinic Genea, Steals 700GB of Patient Data

The 'Termite' ransomware gang has claimed responsibility for an attack on Australian fertility provider Genea. The group, which uses a variant of the leaked Babuk ransomware code, alleges it exfiltrated 700GB of highly sensitive patient data, including medical histories and diagnostic results. This double-extortion attack places victims at severe risk of fraud and personal extortion, highlighting the growing threat to the healthcare sector.

December 21, 2025
5 min read
TermiteRansomwareData BreachHealthcareAustralia +2 more
Australian Fertility Clinic Genea Hit by 'Termite' Ransomware Gang
Ransomware
Data Breach
Threat Actor

SonicWall Zero-Day Chained with Older Flaw for Full Device Takeover

CRITICAL

Actively Exploited Zero-Day (CVE-2025-40602) in SonicWall SMA Appliances Chained with Older Flaw for Root Access

A new zero-day vulnerability (CVE-2025-40602) in SonicWall SMA 100 and 1000 series appliances is being actively exploited in the wild. Threat actors are chaining this local privilege escalation flaw with a previously patched critical pre-authentication vulnerability (CVE-2025-23006) to achieve full, unauthenticated root access on the secure access devices. Administrators are urged to patch immediately.

December 21, 2025
5 min read
Zero-DaySonicWallVulnerabilityCVE-2025-40602CVE-2025-23006 +2 more
SonicWall Zero-Day Chained with Older Flaw for Full Device Takeover
Vulnerability
Cyberattack
Patch Management

Trump Administration Preparing New 6-Pillar National Cybersecurity Strategy

INFORMATIONAL

Trump Administration Drafting New 6-Pillar National Cybersecurity Strategy for 2026 Release

The Trump administration is reportedly preparing a new, concise national cybersecurity strategy for release in January 2026. According to reports, the five-page document is structured around six core pillars and may be accompanied by a new executive order to mandate its implementation across all U.S. federal agencies, aiming to address accelerating threats from nation-states and criminal groups.

December 21, 2025
4 min read
Cybersecurity StrategyUS GovernmentPolicyExecutive OrderNational Security
Trump Administration Preparing New 6-Pillar National Cybersecurity Strategy
Policy and Compliance
Regulatory

Australian Health Audit Finds Clinicians Routinely Bypass Security Controls

MEDIUM

NSW Health Audit Uncovers "Normalisation of Non-Compliance" with Cybersecurity Controls

An audit of the New South Wales (NSW) healthcare system in Australia has revealed that clinicians are routinely bypassing critical cybersecurity controls, such as password sharing and using personal devices, to save time in high-pressure environments. This widespread "normalisation of non-compliance" creates significant security gaps and increases the risk of cyberattacks in the already heavily targeted healthcare sector, highlighting a critical failure in security culture.

December 21, 2025
5 min read
HealthcareComplianceInsider RiskPassword SharingSecurity Culture +1 more
Australian Health Audit Finds Clinicians Routinely Bypass Security Controls
Policy and Compliance
Security Operations
Threat Intelligence

Updated Articles (2)

CISA Adds Actively Exploited Fortinet SSO Flaw to KEV Catalog, Urges Immediate Patching

CRITICAL

CISA Warns of Active Exploitation of Critical Fortinet SSO Bypass Vulnerability (CVE-2025-59718)

Update:

The critical Fortinet SSO vulnerabilities, CVE-2025-59718 and CVE-2025-59719, are now both rated CVSS 9.8, an increase from the previously reported 9.1 for CVE-2025-59718. These flaws enable unauthenticated attackers to gain full administrative control. While CISA previously confirmed active exploitation, new alerts from the Australian Cyber Security Centre (ACSC) and Pakistan's National CERT underscore the continued urgency for immediate patching. Fortinet has also provided more specific fixed versions for products like FortiOS, and new detection methods have been identified, including log monitoring for unusual SSO logins and D3FEND techniques like User Geolocation Logon Pattern Analysis.

December 17, 2025
Updated: December 21, 2025
5 min read
CISAKEVFortinetCVE-2025-59718SSO +4 more
CISA Adds Actively Exploited Fortinet SSO Flaw to KEV Catalog, Urges Immediate Patching
Vulnerability
Patch Management
Cyberattack

React2Shell Apocalypse: CVSS 10.0 Flaw Exploited by China, North Korea, and Botnets

CRITICAL

React2Shell: Critical RCE Vulnerability (CVE-2025-55182) Under Mass Exploitation by State Actors and Criminals

Update:

New intelligence indicates that threat actors are actively exploiting the React2Shell vulnerability (CVE-2025-55182) with new payloads. Campaigns are now deploying the XMRig cryptocurrency miner to hijack server resources and the 'COMPOOD' backdoor for persistent access. Initial targeting appears focused on vulnerable SaaS and eCommerce platforms, particularly within Australia. New cyber observables for detection include the 'xmrig' process, 'compood.so' file, and 'stratum+tcp://' network traffic, indicating a broader and evolving threat landscape for this critical RCE.

December 10, 2025
Updated: December 21, 2025
7 min read
React2ShellRCEZero-DayNext.jsDeserialization +2 more
React2Shell Apocalypse: CVSS 10.0 Flaw Exploited by China, North Korea, and Botnets
Vulnerability
Cyberattack
Threat Actor

📢 Share This Publication

Help others stay informed about cybersecurity threats