Latest Internet & Cybersecurity News
CISA, NSA Expose Chinese BRICKSTORM Malware in Multi-Year Espionage Campaign
Joint advisory from CISA, NSA, and Canadian Cyber Centre reveals BRICKSTORM backdoor used by Chinese state-sponsored actors targeting VMware vSphere and Windows for persistent access in government and IT sectors. Malware steals VM snapshots for credentials and uses DNS-over-HTTPS for covert communications, with access maintained from April 2024 to September 2025.
Organizations urged to scan networks and block unauthorized DNS-over-HTTPS traffic.
700Credit API Breach Exposes 5.6 Million People's Data
Michigan-based 700Credit suffered a breach via flawed API connection, allowing access to client data from May to October 2025, affecting over 5.6 million individuals. China-linked groups like Earth Lamia exploited it post-disclosure, deploying miners and backdoors; CISA added to Known Exploited Vulnerabilities.
North Korean actors also targeted the flaw, with 39% of cloud environments vulnerable.
TriZetto Healthcare Provider Confirms Year-Long Data Breach
TriZetto Provider Solutions detected unauthorized access to its web portal on October 2, 2025, but breach started in November 2024, exposing patient names, SSNs, and insurance data. The portal serves physicians, hospitals, and health systems with revenue management tools.
Forensic analysis confirmed access to historical eligibility reports.
Microsoft December 2025 Patches Address Actively Exploited CVE-2025-62221
Microsoft's security update fixes multiple vulnerabilities, including actively exploited CVE-2025-62221; Canada's Cyber Centre stresses rapid enterprise patching. CISA added CVE-2022-37055 (D-Link routers) and CVE-2025-66644 (Array Networks) to exploited catalog.
Fortinet patched authentication bypass flaws CVE-2025-59718/59719 in FortiCloud, FortiOS, FortiWeb.
CISA Issues 12 New ICS Advisories Targeting Industrial and Medical Devices
Mid-December advisories cover vulnerabilities in Mitsubishi Electric, Advantech, Johnson Controls, and medical devices, expanding healthcare OT attack surface. Australia's ACSC warns of pro-Russia hacktivists disrupting exposed ICS infrastructure with low-sophistication attacks.
Persistent risks to critical infrastructure highlighted.
Massive AWS Cloud Outage Impacts Millions for 15 Hours
AWS suffered a widespread 15-hour outage in October 2025, affecting millions due to cybersecurity and software issues. Listed among top 10 cloud outages including Microsoft Azure and Google Cloud disruptions.
Highlights ongoing reliability challenges in major providers.
Ingram Micro Ransomware Attack via Leaked VPN Credentials
SafePay ransomware group exploited leaked GlobalProtect VPN credentials at Ingram Micro, taking six days to remediate. Attack slipped past perimeter defenses, prompting new safeguards and monitoring.
Part of broader 2025 cloud and supply chain incidents.
Microsoft Azure Global Outage Hits Multiple Services
October 29 outage affected every Azure region due to Azure Front Door configuration change, impacting Entra, Purview, Defender, and more. Caused latencies, timeouts in Azure Portal, SQL Database, Virtual Desktop, and Copilot for Security.
AFD CDN/security service was central to the issues.
CISA Releases Version 2.0 Cross-Sector Cybersecurity Performance Goals
Updated goals integrate NIST Framework, adding governance for accountability, risk management, and operational cybersecurity embedding. Aims to standardize defenses across sectors amid rising threats.
Released end of December 2025.
React Framework Vulnerabilities Enable Remote Code Execution
Critical flaws in React allow server-side code execution, source code exposure, DoS; 165,000 IPs and 644,000 domains vulnerable as of December 10. Tied to Cl0p ransomware exploiting MOVEit-like issues, with $50M ransom demands.
Exploitations ongoing across organizations.
SIFMA Updates Financial Services Cyber Incident Reconnection Framework
SIFMA and FSSCC release updated framework to help financial firms reconnect post-cyber incidents. Enhances recovery coordination for sector resilience.
Responds to evolving threats in 2025.
AI-Driven Threats Surge with GenAI Phishing and Deepfakes in 2025
Generative AI fueled phishing, deepfakes, social engineering, ransomware; businesses expose risks adopting GenAI without controls. Recommendations include stronger identity verification and updated incident response for AI threats.
Reshaped external and internal cyber risks.