Ticker feed

Japanese B2B office supplies company Askul suffered a devastating ransomware attack in October, compromising over 700,000 customer and business partner records. The RansomHouse group detected the breach on October 19, encrypting files and stealing more than 1TB of sensitive data before the company could respond.

The attack crippled Askul's highly automated logistics systems, disrupting orders and shipping for weeks. Services didn't resume until early December. The hackers accessed the network using stolen credentials, then moved laterally through systems while disabling security measures and deleting backups.

RansomHouse leaked stolen data in November and December after Askul refused to pay ransom demands. The breach joins a troubling pattern of cyberattacks targeting major Japanese companies including Asahi, Nikkei, and Nippon Steel subsidiaries.

Source: Security Week

Apple patched two critical zero-day vulnerabilities on December 12 that were actively exploited in what the company calls "extremely sophisticated attacks" targeting specific individuals. The flaws, CVE-2025-43529 and CVE-2025-14174, affect WebKit and allow attackers to execute malicious code through crafted web content.

Discovered by Apple's security team and Google's Threat Analysis Group, these memory corruption bugs were fixed across iOS, iPadOS, and macOS devices. One vulnerability also impacts Google Chrome's graphics engine, suggesting cross-platform exploitation potential.

Apple has used similar language before when describing commercial spyware attacks, though neither Apple nor Google provided technical details about the exploitation. Security experts say vendors deliberately limit disclosure to prevent attackers from reverse-engineering patches into new exploits.

Source: Dark Reading

Asahi Group Holdings is overhauling its cybersecurity after a September ransomware attack exposed 2 million people's personal data and crippled operations. CEO Atsushi Katsuki announced plans for a dedicated cybersecurity unit and admitted their previous measures "were easily broken."

The Qilin ransomware group's attack encrypted servers and infected employee devices, forcing the Japanese brewing giant to halt automated order and shipping processes. Recovery efforts will continue until February 2026, with the company scrapping VPNs for a zero-trust security model.

The financial impact is severe: alcohol sales in Japan dropped 20% year-over-year in November, and Asahi has skipped three months of sales disclosures due to ongoing system disruptions.

Source: Infosecurity Magazine

CISA has added a critical Windows zero-day vulnerability to its catalog, warning that CVE-2025-62221 is being actively exploited in attacks. The flaw affects the Windows Cloud Files Mini Filter Driver and allows attackers with initial access to escalate privileges and potentially take complete system control.

The use-after-free vulnerability enables authorized attackers to execute arbitrary code with elevated privileges. CISA added this threat to its catalog on December 9, 2025, with organizations required to remediate by December 30, 2025.

The compressed timeline reflects the severity of active exploitation. Organizations must immediately apply Microsoft mitigations or discontinue using affected systems until patches are available.

Source: Cybersecurity News

Nissan North America suffered a ransomware attack in November 2023 that exposed Social Security numbers of over 53,000 current and former employees. Hackers infiltrated the company's virtual private network and demanded payment, though Nissan hasn't disclosed whether they paid the ransom.

The automaker notified law enforcement immediately and worked with cybersecurity experts to contain the threat. Employees learned about the breach during a December town hall meeting, a month after it occurred.

While Social Security numbers were compromised, financial information remained secure. Nissan found no evidence the data was misused and is providing two years of free identity theft protection to affected workers.

Source: CBS News

A critical vulnerability in React Server Components called React2Shell has triggered a massive wave of cyberattacks, with over 50 organizations confirmed compromised across the US, Asia, South America, and the Middle East. The Cybersecurity and Infrastructure Security Agency moved up the patching deadline to Friday due to escalating threats.

Attackers from nation-states to cybercriminals are exploiting this "one click, game over" flaw that affects popular frameworks like Next.js. Shadowserver found over 165,000 vulnerable IP addresses, with nearly two-thirds in the US. Half remain unpatched despite active exploitation since Tuesday.

Experts compare React2Shell to the devastating Log4Shell vulnerability, warning it's easier to weaponize and harder to detect once compromised.

Source: CyberScoop

CISA added a dangerous zero-day vulnerability in Google Chromium's graphics engine to its priority threat list. The flaw, CVE-2025-14174, lets attackers execute malicious code through crafted web pages by exploiting memory corruption in the ANGLE graphics component.

Discovered and patched within days, this vulnerability affects Chrome, Edge, and other Chromium-based browsers used by over 70% of desktop users. Attackers could use it for drive-by attacks, data theft, or ransomware deployment through malicious websites or ads.

Google released Chrome version 131.0.6778.201 on December 10 with the fix. Federal agencies must patch by January 2, 2026, or stop using affected browsers. Users should update immediately and restart their browsers to stay protected.

Source: Cybersecurity News

Cybersecurity firm Huntress has discovered a new wave of attacks targeting Gladinet CentreStack instances, with hackers exploiting a cryptographic vulnerability to breach nine organizations across healthcare and technology sectors.

The flaw allows attackers to access the 'web.config' file and steal machine keys by exploiting CentreStack's reliance on the same two 100-byte strings for key derivation. Once obtained, these keys never change, enabling hackers to decrypt any server-generated ticket or create their own malicious ones.

Attackers then use these keys to forge ViewState payloads and achieve remote code execution through deserialization attacks. Gladinet released patches in late November and December, urging customers to update immediately.

Source: Security Week

Apple released critical iOS 26.2 and iPadOS 26.2 updates on December 12, 2025, patching two WebKit zero-day vulnerabilities actively exploited in sophisticated spyware attacks. The flaws, discovered by Google's Threat Analysis Group, allow hackers to execute malicious code through compromised websites.

CVE-2025-43529 involves a use-after-free bug, while CVE-2025-14174 is a memory corruption issue. Both were used in targeted campaigns against specific iPhone users. The update also fixes over 30 other security holes, including a kernel flaw that could grant root access.

Affected devices include iPhone 11 and newer models, plus recent iPad Pro, Air, and mini versions. Users should update immediately through Settings > General > Software Update.

Source: Cybersecurity News

UK parliamentary authorities are warning MPs and officials about a sharp rise in phishing attacks targeting their WhatsApp and Signal accounts, with Russian-based actors actively involved. The attacks involve fake messages from app support teams asking users to enter codes, click links, or scan QR codes, potentially giving hackers access to messages and contacts.

Despite new security measures introduced by the National Cyber Security Centre in October, attacks continue climbing. Parliament is now urging legislators to stop using commercial messaging apps for work and switch to Microsoft Teams instead.

This follows previous incidents, including a 2023 investigation into "Abigail" WhatsApp attacks and the identification of Russian intelligence group Star Blizzard targeting MPs since 2015.

Source: The Guardian