Latest Internet & Cybersecurity News
December 2025 Critical CVE Round-Up: Zero-Days and RCEs
December 2025 featured a surge of critical vulnerabilities including React2Shell (CVE-2025-55182), a CVSS 10.0 zero-day RCE in React Server Components allowing unauthenticated code execution, ideal for phishing. FortiGate authentication bypass flaws (CVE-2025-59718, CVE-2025-59719) saw malicious SSO attempts.
Security teams urged to prioritize patching enterprise frameworks and firewalls.
Ransomware Hits Romania’s Water Management Authority
A ransomware attack compromised around 1,000 systems across Romania’s 11 river basin organizations starting December 20, using Windows BitLocker to lock files. Attackers demanded contact within 7 days, but operational capabilities remained unaffected.
This highlights ongoing ransomware threats to critical infrastructure.
Interpol’s Operation Sentinel Arrests 500+ in Cybercrime Bust
Operation Sentinel led to over 500 arrests across 19 countries, recovering $3M linked to BEC, extortion, and ransomware, with 6,000 malicious links taken down. Six ransomware variants were decrypted during the month-long effort.
Nigerian police also arrested three tied to Raccoon0365 phishing platform.
Suspected Chinese Hackers Breach UK Foreign Office
Storm-1849, linked to ArcaneDoor campaign, reportedly breached UK Foreign Office in October using Cisco zero-days targeting government networks. Cisco warned of ongoing activity in September.
This underscores state-sponsored threats to diplomatic entities.
Iranian APT Prince of Persia Resurfaces After 5 Years
Infy (Prince of Persia) launched a covert campaign targeting Middle East, Europe, India, Canada with updated Foudre downloader and Tonnerre implant. Attack chains evolved to use executables in documents and DGA-based C2.
Focuses on profiling and data exfiltration from high-value victims.
Qilin, DragonForce, LockBit Form Ransomware Alliance
In September 2025, DragonForce announced alliance with Qilin and LockBit amid police crackdowns and ecosystem fragmentation. Ransomware claims rose 61% YoY, with Qilin leading at 13% of claims.
LockBit inactive since June despite version 5.0 announcement.
Operation PCPcat Compromises 59,000+ Next.js Servers
Sophisticated campaign exploited CVE-2025-29927 and CVE-2025-66478 for RCE, stealing credentials from over 59,000 Next.js servers worldwide. Targets developers for mass credential theft.
Highlights vulnerabilities in modern web frameworks.
Russian GRU Sandworm Targets Global Critical Infrastructure
Multi-year campaign by Russia’s GRU/Sandworm shifted to misconfigured edge devices for credential theft and lateral movement, focusing on Western energy sector. Marks evolution in critical infrastructure attacks.
High-confidence attribution to state actors.
TikTok Fined $600M for GDPR Violations on China Data Transfers
Irish watchdog imposed €530M ($600M) fine on TikTok for transferring EU users' PII to China servers, contradicting prior assurances. Exposed gaps in data protection under Chinese law vs. GDPR.
Part of 2025's top data breach fines.
Capita Slapped with £14M Fine Over 2023 Ransomware Breach
UK ICO fined Capita £14M for security failures enabling ransomware affecting 7M pension customers across 600 funds. Issues included poor privilege controls, slow alerts, and inadequate testing.
Long-term outages impacted essential services.
Rhysida Ransomware Hits Japanese Firm Yokosuka Gakuin
CYFIRMA reported Rhysida compromise of Yokosuka Gakuin, a Japanese educational institution, with data posted on underground forums. Part of rising ransomware trends targeting various sectors.
Emphasizes need for robust defenses in non-critical entities.
Qilin Ransomware Breaches Singapore’s Dacon Networks
Singapore IT firm Dacon Networks Pte Ltd compromised by Qilin, exposing 1.2M records including 351K phone numbers, offered for sale at $300. Data includes confidential organization info.
Authenticity unverified but highlights regional risks.