Latest Internet & Cybersecurity News

📅December 18, 2025 at 1:00 PM
Active exploits of Fortinet and Cisco zero-days, ransomware surges, data breaches, Russian GRU attacks on critical infrastructure, and rising SMB cyber threats dominate December 2025 cybersecurity news.
1

Newly Disclosed Fortinet Vulnerabilities Actively Exploited in Enterprise Networks

Fortinet vulnerabilities are seeing active exploitation in enterprise networks, marking the leading cyber story. This poses significant risks to affected systems.Source 1 Immediate patching is recommended to mitigate threats.

2

Cisco Warns of Active Attacks on Zero-Day Flaw CVE-2025-20393 in AsyncOS

A China-nexus APT actor UAT-9686 is exploiting a maximum-severity zero-day in Cisco Secure Email Gateway and Web Manager since December 10, 2025.Source 2Source 13 CISA added it to KEV catalog, mandating FCEB mitigations by December 24.Source 2 Brute-force attacks on Cisco SSL VPNs also spiked from 1,273 IPs.Source 2

3

700,000 Records Compromised in Askul Ransomware Attack

Japanese firm Askul suffered a ransomware attack exposing 700,000 records in a major data breach.Source 1 This incident highlights ongoing ransomware threats to businesses.

4

New ClickFix Attack Exploits finger.exe to Execute Malicious Code

The ClickFix attack tricks users into running malicious code via the finger.exe tool, representing a novel cyber crime tactic.Source 1 Users should beware of such social engineering exploits.

5

SantaStealer Malware Expands Credential Theft Threat

SantaStealer is growing as a credential theft malware, increasing risks of account compromises.Source 1 It adds to the proliferation of infostealer threats.

6

React2Shell Flaw Abused to Compromise Web Apps and Servers

The React2Shell vulnerability is actively exploited to breach web applications and servers.Source 1 Organizations running vulnerable React setups face high risks.

7

Russian GRU Hackers Target Energy and Critical Infrastructure Edge Devices

Russian GRU actors are sustaining attacks on network edge devices in energy, tech, cloud, and telecom sectors through 2025.Source 6 Victims include electric utilities and security providers.Source 6

8

ASEC Warns of Expanding Gentlemen Ransomware in Manufacturing and Healthcare

Gentlemen ransomware campaigns are growing, targeting manufacturing and healthcare sectors.Source 1 ASEC urges enhanced defenses against this threat.

9

Guardz Report: 45% of US SMBs Hit by Cyber Attacks in 2025

Nearly 50% of U.S. small businesses faced cyberattacks, with phishing, ransomware, and employee errors as top threats.Source 7 SMBs struggle with common defenses.

10

Google Ends Dark Web Monitoring Feature

Google is discontinuing its Dark Web monitoring tool, shifting responsibility to users and organizations for privacy protection.Source 1 This changes proactive breach detection strategies.

11

PowerSchool Breach Exposes Data of 60 Million Students and Teachers

Hackers accessed sensitive student data including SSNs and medical records via weak security in PowerSchool's portal, affecting nationwide districts.Source 4 Lawsuits filed in Texas and Memphis.Source 4

12

CloudFlare Reports Rise in Cyber Threats and AI Activity for 2025

CloudFlare's 2025 trends highlight increased cyber threats and AI-driven activities.Source 1 This underscores evolving attack landscapes.

Back to News