Daily Digest

Critical Zero-Days in Cisco, React, and Android Under Active Attack; WatchGuard & Fortinet Race to Patch Exploited Flaws

Critical Zero-Days in Cisco, React, and Android Under Active Attack; WatchGuard & Fortinet Race to Patch Exploited Flaws

December 24, 2025
3 articles (2 new, 1 updated)
10 min read

Summary

This cybersecurity brief for December 24, 2025, covers a surge of actively exploited critical vulnerabilities. Chinese state-sponsored actors are leveraging a CVSS 10.0 zero-day in Cisco email gateways, while another CVSS 10.0 flaw, React2Shell, is being used by nation-states against SaaS and FinTech firms. CISA has issued urgent patch deadlines for these, as well as for exploited flaws in WatchGuard firewalls, Fortinet devices, and the Android OS. Major data breaches were also disclosed, with Nissan confirming a supply chain attack via Red Hat affecting 21,000 customers, and the University of Sydney reporting a breach impacting 27,000 individuals due to a DevSecOps failure.

Filter by Category

New Articles (2)

High-Severity Flaws in 'TheGem' WordPress Plugin Expose Sites to RFI and XSS Attacks

INFORMATIONAL

High-Severity Flaws in 'TheGem' WordPress Plugin Expose Sites to RFI and XSS Attacks

Security researchers have disclosed two vulnerabilities in the 'TheGem Theme Elements' plugin for WordPress, affecting versions up to 5.10.5.1. The more severe flaw, CVE-2025-68560, is a high-risk PHP Remote File Inclusion (RFI) vulnerability with a CVSS score of 7.5, which could allow an attacker to execute arbitrary code and achieve a full site compromise. The second flaw, CVE-2025-68559, is a medium-severity Cross-Site Scripting (XSS) vulnerability (CVSS 6.5) that allows for the injection of malicious scripts. Administrators of websites using this popular plugin are urged to update immediately to a patched version to mitigate the risk of attack.

December 24, 2025
5 min read
High-Severity Flaws in 'TheGem' WordPress Plugin Expose Sites to RFI and XSS Attacks

Warning Issued for 'Crystal PDF Converter' Malware Targeting U.S. Government Networks

INFORMATIONAL

Warning Issued for 'Crystal PDF Converter' Malware Targeting U.S. Government Networks

The Center for Internet Security (CIS) has issued an advisory about a malicious software campaign disguised as a legitimate tool named 'Crystal PDF Converter.' Activity associated with this malware has been detected on the networks of U.S. State, Local, Tribal, and Territorial (SLTT) government entities since October 2025. The campaign uses social engineering to trick employees into installing the malicious payload. The CIS advisory urges IT and security professionals in SLTT organizations to be vigilant, as these often under-resourced entities manage sensitive citizen data and are attractive targets for cybercriminals.

December 24, 2025
4 min read
Warning Issued for 'Crystal PDF Converter' Malware Targeting U.S. Government Networks

Updated Articles (1)

CISA Adds Actively Exploited Fortinet SSO Flaw to KEV Catalog, Urges Immediate Patching

CRITICAL

CISA Warns of Active Exploitation of Critical Fortinet SSO Bypass Vulnerability (CVE-2025-59718)

Update:

The federal agency patch deadline of December 23, 2025, for CVE-2025-59718 has now passed. This update provides enhanced technical analysis, including specific MITRE ATT&CK TTPs such as Defense Evasion (T1553.002), Initial Access (T1190), and Privilege Escalation (T1068). Detailed cyber observables for detection are outlined, focusing on anomalous authentication events, network traffic patterns, and firmware integrity checks. Mitigation advice is expanded to include restricting management interface access and continuous configuration hardening, reinforcing the critical need for immediate patching and robust security practices.

December 17, 2025
Updated: December 24, 2025
5 min read
CISAKEVFortinetCVE-2025-59718SSO +4 more
CISA Adds Actively Exploited Fortinet SSO Flaw to KEV Catalog, Urges Immediate Patching

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.