The UK government confirmed it's investigating a cyberattack that occurred in October, with a Chinese-affiliated group suspected of being behind the breach. Trade Minister Sir Chris Bryant said the security gap was "closed pretty quickly" and poses "fairly low risk" to individuals.

Hackers accessed Home Office systems operated by the Foreign Office, potentially targeting visa details according to reports. The National Cyber Security Centre is working with government partners to assess the full impact.

The timing creates diplomatic complications ahead of Prime Minister Keir Starmer's planned Beijing visit next year - the first by a UK PM since 2018. China has consistently denied backing cyberattacks against the UK, calling such accusations "malicious slander."

Source: BBC News

SonicWall disclosed that hackers are actively exploiting a new zero-day vulnerability (CVE-2025-40602) in its SMA1000 access devices. The medium-severity flaw allows privilege escalation and is being chained with an older critical vulnerability from January attacks.

Google researchers discovered the vulnerability, which stems from insufficient authorization in the device management console. SonicWall urges customers to immediately apply hotfixes in versions 12.4.3-03245 and 12.5.0-02283 or higher.

This marks another challenging year for SonicWall customers, following October's cloud backup breach that exposed all customer firewall configurations and summer ransomware attacks by the Akira gang.

Source: Dark Reading

CISA added a critical vulnerability in Asus Live Update utility to its Known Exploited Vulnerabilities catalog Wednesday, warning federal agencies to stop using the now-discontinued software. The flaw (CVE-2025-59374) stems from Operation ShadowHammer, a 2018 supply chain attack by Chinese state-sponsored group APT41.

The hackers injected a backdoor into the pre-installed utility used for updating BIOS and drivers on Asus devices. While over 1 million users downloaded the compromised software, attackers targeted only about 600 specific devices based on hardcoded MAC addresses. Asus patched the issue in March 2019 after discovery.

Federal agencies have three weeks to identify and remove vulnerable products from their networks.

Source: Security Week

CISA added a critical Fortinet vulnerability (CVE-2025-59718) to its exploited vulnerabilities catalog after detecting active attacks. The flaw, along with CVE-2025-59719, allows hackers to bypass authentication on FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager devices using crafted SAML messages.

Arctic Wolf researchers spotted attacks starting December 12, just three days after Fortinet disclosed the vulnerabilities on December 9. Attackers from Germany, the US, and Asia targeted admin accounts, stealing device configurations and credentials from compromised FortiGate devices.

The vulnerabilities affect devices with FortiCloud SSO enabled, which automatically activates when administrators register through the GUI. Federal agencies must patch by December 23 or stop using affected products. Organizations can temporarily disable FortiCloud login while implementing patches across multiple Fortinet product versions.

Source: Dark Reading

Hackers calling themselves ShinyHunters have accessed the viewing habits and search history of over 200 million Pornhub premium users. The breach exposed email addresses, video preferences, search activities, and location data, though passwords and payment information weren't compromised.

The attack targeted Mixpanel, a data analytics company that worked with Pornhub until 2021, meaning the stolen data isn't current. ShinyHunters, a western-based group of English-speaking hackers in their teens and twenties, has demanded bitcoin payment to prevent releasing the information publicly.

Pornhub emphasized their own systems weren't breached and that only a "select" number of users were affected through the third-party analytics provider.

Source: The Guardian

Fortune 500 automotive parts giant LKQ Corporation has confirmed it was hit by the Cl0p ransomware group's Oracle E-Business Suite hacking campaign. The breach compromised personal information of over 9,000 individuals, primarily sole proprietor suppliers whose data included Social Security numbers and Employer Identification Numbers.

LKQ discovered the attack on October 3 and completed its investigation on December 1. The company says there's no evidence the breach extended beyond its Oracle EBS environment. However, cybercriminals have allegedly leaked several terabytes of stolen files online.

This marks LKQ's second cyberattack in two years. The Cl0p group has targeted over 100 organizations through this Oracle campaign, with confirmed victims including Logitech, Canon, Cox, and Mazda.

Source: SecurityWeek

Google addressed eight actively exploited zero-day vulnerabilities in Chrome during 2025, all classified as high severity with CVSS scores averaging 8.5. Half targeted Chrome's V8 JavaScript engine, while others exploited graphics rendering and sandbox protection mechanisms.

Google's Threat Analysis Group discovered six vulnerabilities, with external contributions from Kaspersky and Apple teams. Notable attacks included Operation ForumTroll in March, which used CVE-2025-2783 to deploy LeetAgent spyware on Russian targets through sandbox escape techniques.

Type confusion vulnerabilities dominated, accounting for three flaws that exploited V8's optimization strategies. Two vulnerabilities enabled complete sandbox escapes, the most severe browser attack class. All eight were added to CISA's Known Exploited Vulnerabilities catalog, mandating immediate federal agency remediation.

Source: Cyber Security News

Japanese B2B office supplies company Askul suffered a devastating ransomware attack in October, compromising over 700,000 customer and business partner records. The RansomHouse group detected the breach on October 19, encrypting files and stealing more than 1TB of sensitive data before the company could respond.

The attack crippled Askul's highly automated logistics systems, disrupting orders and shipping for weeks. Services didn't resume until early December. The hackers accessed the network using stolen credentials, then moved laterally through systems while disabling security measures and deleting backups.

RansomHouse leaked stolen data in November and December after Askul refused to pay ransom demands. The breach joins a troubling pattern of cyberattacks targeting major Japanese companies including Asahi, Nikkei, and Nippon Steel subsidiaries.

Source: Security Week

Apple patched two critical zero-day vulnerabilities on December 12 that were actively exploited in what the company calls "extremely sophisticated attacks" targeting specific individuals. The flaws, CVE-2025-43529 and CVE-2025-14174, affect WebKit and allow attackers to execute malicious code through crafted web content.

Discovered by Apple's security team and Google's Threat Analysis Group, these memory corruption bugs were fixed across iOS, iPadOS, and macOS devices. One vulnerability also impacts Google Chrome's graphics engine, suggesting cross-platform exploitation potential.

Apple has used similar language before when describing commercial spyware attacks, though neither Apple nor Google provided technical details about the exploitation. Security experts say vendors deliberately limit disclosure to prevent attackers from reverse-engineering patches into new exploits.

Source: Dark Reading

Asahi Group Holdings is overhauling its cybersecurity after a September ransomware attack exposed 2 million people's personal data and crippled operations. CEO Atsushi Katsuki announced plans for a dedicated cybersecurity unit and admitted their previous measures "were easily broken."

The Qilin ransomware group's attack encrypted servers and infected employee devices, forcing the Japanese brewing giant to halt automated order and shipping processes. Recovery efforts will continue until February 2026, with the company scrapping VPNs for a zero-trust security model.

The financial impact is severe: alcohol sales in Japan dropped 20% year-over-year in November, and Asahi has skipped three months of sales disclosures due to ongoing system disruptions.

Source: Infosecurity Magazine