Multiple Zero-Days Under Active Attack; Critical Flaws in Windows, SonicWall, and Web Frameworks Threaten Global Systems

Publication Date: December 21, 2025

Summary

For the period ending December 21, 2025, the cybersecurity landscape is dominated by a surge in actively exploited critical vulnerabilities. Security teams are grappling with zero-days in Microsoft Windows, SonicWall, and WatchGuard appliances, all added to CISA's KEV catalog. A new CVSS 10.0 flaw dubbed 'React2Shell' is being used to compromise web applications globally. Major incidents also include a significant data breach at fintech vendor Marquis impacting over 400,000 bank customers, a sophisticated 'GhostPairing' account takeover attack on WhatsApp, and a ransomware strike on an Australian fertility clinic. These events highlight persistent threats from unpatched systems, supply chain weaknesses, and social engineering.

Today New Articles

Australian Fertility Clinic Genea Hit by 'Termite' Ransomware Gang

The 'Termite' ransomware gang has claimed responsibility for an attack on Australian fertility provider Genea. The group, which uses a variant of the leaked Babuk ransomware code, alleges it exfiltrated 700GB of highly sensitive patient data, including medical...

SonicWall Zero-Day Chained with Older Flaw for Full Device Takeover

A new zero-day vulnerability (CVE-2025-40602) in SonicWall SMA 100 and 1000 series appliances is being actively exploited in the wild. Threat actors are chaining this local privilege escalation flaw with a previously patched critical pre-authentication vulnera...

Trump Administration Preparing New 6-Pillar National Cybersecurity Strategy

The Trump administration is reportedly preparing a new, concise national cybersecurity strategy for release in January 2026. According to reports, the five-page document is structured around six core pillars and may be accompanied by a new executive order to m...

Australian Health Audit Finds Clinicians Routinely Bypass Security Controls

An audit of the New South Wales (NSW) healthcare system in Australia has revealed that clinicians are routinely bypassing critical cybersecurity controls, such as password sharing and using personal devices, to save time in high-pressure environments. This wid...

Article Updates

React2Shell Apocalypse: CVSS 10.0 Flaw Exploited by China, North Korea, and Botnets

Update:New intelligence indicates that threat actors are actively exploiting the React2Shell vulnerability (CVE-2025-55182) with new payloads. Campaigns are now deploying the XMRig cryptocurrency miner to hijack server resources and the 'COMPOOD' backdoor for persist...

CISA Adds Actively Exploited Fortinet SSO Flaw to KEV Catalog, Urges Immediate Patching

Update:The critical Fortinet SSO vulnerabilities, CVE-2025-59718 and CVE-2025-59719, are now both rated CVSS 9.8, an increase from the previously reported 9.1 for CVE-2025-59718. These flaws enable unauthenticated attackers to gain full administrative control. While...