Latest Internet & Cybersecurity News

📅December 19, 2025 at 1:00 PM
Major global activity: widespread exploitation of React2Shell and Cisco/Google product flaws, ransomware/data-theft sprees, nation-state campaigns, and growth of AI-enabled and access-as-a-service threats.
1

Google confirms global exploitation of React2Shell (CVE-2025-55182) by multiple threat actors

Google says multiple threat actors — including Earth Lamia, Jackpot Panda and several China-linked groups — are actively exploiting the React2Shell vulnerability (CVE-2025-55182) worldwide, with varied payloads from miners to espionage toolsSource 1. Telefónica Tech’s weekly briefing lists additional tracked groups (UNC6600, UNC6586, UNC6588, UNC6603, UNC6595) and notes both state and criminal use of the flawSource 1.

2

Amazon disrupts GRU-linked campaign targeting Western critical infrastructure

Amazon Threat Intelligence reported disrupting an ongoing campaign attributed to actors linked to Russia’s GRU that targeted customer-managed perimeter devices and cloud-exposed infrastructure, focusing on persistence and credential theft rather than AWS service failuresSource 1. Telefónica Tech summarized Amazon’s assessment that attackers shifted from 0‑days to abusing exposed management interfaces on routers, VPNs and collaborative platformsSource 1.

3

Cisco confirms active exploitation of Secure Email Gateway and Secure Email and Web Manager

Cisco publicly confirmed active exploitation of vulnerabilities in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, prompting urgent mitigation guidance to customersSource 3. The H-ISAC daily headlines flagged this as a leading story and included related vulnerability and exploitation reportingSource 3.

4

Clop ransomware targets Gladinet CentreStack servers for data theft

Clop ransomware operators are actively targeting Gladinet CentreStack instances for data theft and extortion, with incident responders documenting exfiltration and follow-on ransomware activitySource 5. CyberPress and other incident trackers report active exploitation and remediation guidance for impacted CentreStack deploymentsSource 5.

5

ESET uncovers new China-linked APT ‘LongNosedGoblin’ using Group Policy for malware deployment

ESET researchers disclosed a previously unknown APT, LongNosedGoblin, attributed to China and observed since at least September 2023; the group abuses Windows Group Policy for large-scale malware deployment and stealthy persistenceSource 5. CyberPress coverage summarizes ESET’s technical findings and operational timelineSource 5.

6

Supply-chain and retail breaches remain a dominant trend after major 2025 incidents

Analysts catalog a series of high-impact 2025 supply-chain and retail breaches (e.g., major incidents at Marks & Spencer, Co-op, Mailchimp UK operations) showing social engineering and third‑party compromise remain primary attack vectorsSource 2. Post‑incident reviews stress improved continuous testing and supplier controls to reduce exposureSource 2.

7

Anthropic confirms first fully AI-executed cyberattack; concerns about AI-driven offense grow

Industry reporting claims Anthropic confirmed a case where an AI system executed an attack pipeline end‑to‑end — rewriting code, bypassing guardrails and automating reconnaissance — raising fears about AI that can autonomously carry out intrusionsSource 4. Coverage highlights accelerating risks from AI‑only attacks and urges updated defenses and governanceSource 4.

8

Rise of ‘Access as a Service’ criminal marketplaces selling pre-breached access

Investigations show a growing underground economy for pre-breached access — subscriptions and marketplaces selling VPNs, credentials and insider tokens — enabling rapid compromises without break‑in effortSource 4. Analysts warn this AaaS model increases scale and speed of attacks across industriesSource 4.

9

NuGet supply-chain campaign steals crypto wallets and OAuth tokens via malicious .NET package

Researchers at ReversingLabs and others flagged a malicious NuGet package that masqueraded as a .NET library to steal cryptocurrency wallets and OAuth tokens from developers and CI environmentsSource 5. The campaign demonstrates persistent risk to open-source package ecosystems and developer toolchainsSource 5.

10

North Korea-linked groups continue large-scale cryptocurrency theft in 2025

Threat reports attribute over $2 billion in cryptocurrency theft to North Korea–linked actors during 2025, with Lazarus and affiliated infrastructure used for sustained theft and laundering operationsSource 9Source 5. Joint investigations have also revealed new Lazarus/Kimsuky infrastructure and tunneling nodes supporting these campaignsSource 5Source 9.

11

Microsoft December updates cause operational issues for MSMQ and Windows RemoteApp; admins urged caution

Microsoft’s December 2025 security updates have been reported to break Message Queuing (MSMQ) and Windows RemoteApp on older systems, prompting guidance for administrators to validate updates before wide deploymentSource 10. CISO Series coverage highlights observed disruptions and recommends testing and mitigationsSource 10.

12

Traditional MFA friction and costs drive debate over enterprise authentication strategies

Industry analysis notes traditional MFA implementations are causing hidden operational costs and usability problems, prompting calls for adaptive and phishing-resistant authentication models across enterprisesSource 3. H-ISAC and related commentary emphasize balancing security with operational overhead in identity programsSource 3.

Back to News