Microsoft released patches for 57 vulnerabilities this month, including one zero-day bug that attackers are already exploiting. CVE-2025-62221 affects Windows Cloud Files Mini Filter Driver and lets attackers escalate privileges to system-level access once they're inside a network.

Two other flaws have public proof-of-concept exploits available: a PowerShell remote code execution bug and a GitHub Copilot vulnerability affecting JetBrains tools. Security experts say the Copilot flaw could let attackers use AI prompt injections to access development environments.

This December update is much lighter than earlier releases—Microsoft patched over 1,150 vulnerabilities in 2025, making it one of their busiest years ever.

Source: Dark Reading

Royal Cornwall Hospitals NHS Trust accidentally leaked personal details of 8,100 current and former employees through a botched Freedom of Information request response. The trust mistakenly shared an editable spreadsheet containing staff names, job titles, and detailed sick leave records spanning April 2020 to May 2023.

No patient data or financial information was compromised, but the breach exposed sensitive employment details that could embarrass or harm affected workers. The trust quickly removed the file, suspended its disclosure log, and reported the incident to the Information Commissioner's Office.

New safeguards now disable spreadsheet editing before any public releases. The ICO reviewed the case and decided no further action was needed.

Source: BBC News

Manufacturing companies are struggling against a rising ransomware threat, with a new Sophos report revealing alarming vulnerabilities across the sector. Based on 332 IT leaders' experiences, the study found exploited vulnerabilities caused 32% of attacks, while malicious emails accounted for 23%.

A critical skills shortage emerged as the top factor, with 42.5% of victims citing lack of expertise as a key vulnerability. Unknown security gaps and inadequate protection followed closely at 41.6% and 41% respectively.

The human toll is severe. Nearly half of IT teams reported increased anxiety about future attacks, while 27% saw leadership replaced after breaches. One in five teams experienced staff absenteeism due to stress.

There's hope: only 40% of attacks now result in data encryption, down from 74% in 2024, suggesting improved defenses are working.

Source: Industrial Cyber

A critical React vulnerability dubbed React2Shell (CVE-2025-55182) is facing massive exploitation just days after its December 3rd disclosure. The maximum severity flaw earned a perfect 10 CVSS score and enables remote code execution in React applications.

China-linked threat groups began attacking within hours, but exploitation has now exploded across the threat landscape. Security firm Wiz documented attacks ranging from cryptomining to sophisticated backdoor campaigns targeting Next.js applications and Kubernetes environments. VulnCheck reported hundreds of exploit attempts by December 6th.

Over 2.1 million exposed web services run vulnerable frameworks, with the US leading exposure counts. While web application firewalls offer some protection, researchers warn bypass techniques exist. Organizations must prioritize patching over temporary mitigations.

Source: Dark Reading

Chinese hackers gained remote access to several U.S. Treasury Department workstations and unclassified documents by compromising BeyondTrust, a third-party software provider. The Treasury discovered the breach on December 8 when hackers stole a security key used for remote technical support services.

The department called it a "major cybersecurity incident" but said there's no evidence the hackers still have access. China denied involvement, with officials calling the allegations "groundless" and an attempt to "smear" their reputation.

This breach adds to ongoing concerns about Chinese cyber espionage, including the Salt Typhoon campaign that affected nine U.S. telecommunications companies and intercepted Americans' private communications.

Source: CBS News

Ransomware payments fell sharply in 2024, dropping 33% from $1.1 billion to $734 million, according to a new Treasury Department report. The Financial Crimes Enforcement Network study offers cautious hope after ransomware payments skyrocketed 77% in 2023.

However, the number of attacks barely budged—1,476 incidents in 2024 versus 1,512 in 2023. Manufacturing bore the heaviest burden with 456 attacks and $285 million in payments, followed by financial services (432 incidents, $366 million) and healthcare (389 attacks, $305 million).

Officials identified 267 ransomware variants over three years, with ALPHV/BlackCat leading the pack. While the payment decline is encouraging, experts warn it's too early to declare victory over ransomware.

Source: CyberScoop

Cybersecurity researcher Mazin Ahmed discovered that attackers are exploiting VS Code and AI-powered IDEs like Cursor AI by publishing malicious extensions that bypass security screening. A fake Python linter called "Piithon-linter" successfully made it through Microsoft's marketplace security checks and could steal developer credentials and deploy remote access tools.

The malware activates automatically when VS Code launches, first checking for antivirus software before harvesting sensitive environment variables. It uses geofencing to avoid detection during Microsoft's sandbox testing and can target Windows, macOS, or Linux systems.

Most concerning is that OpenVSX marketplace, which powers Cursor AI, performs virtually no security verification. Since developers have access to source code, credentials, and production systems, these compromised extensions could lead to major supply chain attacks targeting entire organizations.

Source: Cybersecurity News

AT&T customers have until December 18 to claim their share of a $177 million settlement from two major data breaches. The 2019 breach exposed Social Security numbers and personal data of 73 million customers, while the 2024 Snowflake hack affected phone records of 109 million users.

Customers who can prove documented losses may receive up to $5,000 for the 2019 breach or $2,500 for the 2024 incident. Those without proof of loss will receive smaller tiered payments. You need a Class Member ID from Kroll's email notification to file your claim.

If you can't find the notification, check spam folders or call 833-890-4930. Customers affected by both breaches can file separate claims for each incident.

Source: CNET

US cybersecurity officials revealed Thursday that Chinese state-sponsored hackers have been using sophisticated Brickstorm malware to infiltrate critical infrastructure and government networks since at least 2022. The attackers maintain persistent access for an average of 393 days, targeting VMware vSphere and Windows environments while staying hidden in poorly monitored edge devices.

Dozens of US organizations have been compromised, including government agencies, IT firms, and legal services. The malware automatically reinstalls itself if disrupted and allows attackers to steal configuration data, emails, and documents aligned with China's strategic interests. CISA warns this represents an evolution in Chinese cyber tradecraft, with attackers positioning themselves for potential future sabotage operations.

Source: CyberScoop

Cybercriminals are actively targeting Palo Alto Networks' GlobalProtect VPN portals using over 7,000 IP addresses worldwide. The attacks, detected in late November 2025, exploit vulnerabilities in internet-facing VPN gateways through UDP port 4501.

Threat actors are using residential proxies and compromised servers across Asia, Europe, and North America to probe for weak configurations and deploy custom scripts. They're targeting historical flaws like CVE-2024-3400 and misconfigurations that allow unauthorized access.

Palo Alto Networks issued an urgent advisory December 5, recommending multi-factor authentication and firewall restrictions. CISA added related indicators to its Known Exploited Vulnerabilities catalog, giving federal agencies 72 hours to patch.

Source: Cybersecurity News