Ticker feed

France's national postal service La Poste suffered a suspected DDoS cyber-attack on Monday, disrupting mail deliveries and online banking services during the busiest shipping period of the year. The attack made websites and apps inaccessible, forcing post offices to turn away customers trying to send last-minute Christmas parcels. La Poste typically handles over 2 million items in the pre-Christmas rush.

The postal service's banking arm, La Banque Postale, also experienced disruptions to online banking and mobile apps, though ATMs and card payments continued working. Officials said customer data remained secure.

This incident follows a recent cyber-attack on France's interior ministry and comes amid allegations that Russia is conducting "hybrid warfare" against European allies of Ukraine through cyber-attacks.

Source: The Guardian

WatchGuard has patched a critical zero-day vulnerability (CVE-2025-14733) in its Firebox firewalls after detecting active exploitation in the wild. The flaw, scoring 9.3 on the CVSS scale, allows remote attackers to execute code without authentication through an out-of-bounds write issue in the iked process.

The Shadowserver Foundation identified roughly 125,000 vulnerable IP addresses worldwide, including nearly 40,000 in the United States. The vulnerability affects VPN configurations using IKEv2, particularly mobile user VPN and branch office VPN setups with dynamic gateway peers.

Patches are available for supported Fireware OS versions, but version 11.x won't receive fixes due to end-of-life status. CISA added the vulnerability to its Known Exploited Vulnerabilities catalog, giving federal agencies one week to remediate.

Source: Security Week

Cybercriminals are using a clever new trick to break into Microsoft 365 accounts by abusing OAuth device codes—a legitimate Microsoft feature meant for smart TVs and similar devices. The scam works by sending phishing emails with fake document links that generate real device codes. Victims then enter these codes on Microsoft's actual login page at microsoft.com/devicelogin, unknowingly handing over account access to hackers.

Two main tools are driving these attacks: SquarePhish2 uses QR codes for mass campaigns, while Graphish creates fake login pages that steal both passwords and authentication tokens. By September 2025, these attacks became widespread, targeting everyone from corporate users to government officials.

Since the attack uses Microsoft's real authentication system, it's extremely hard to detect with traditional security tools.

Source: Cybersecurity News

Denmark's Defense Intelligence Service revealed Thursday that Russia conducted cyberattacks on Danish infrastructure in 2024 and 2025, including a destructive attack on a water utility that caused pipes to burst near Køge, leaving homes without water. Russian hackers also targeted Danish websites with denial-of-service attacks ahead of November's regional elections.

Authorities linked the attacks to pro-Russian groups Z-Pentest and NoName057(16), calling them part of Russia's "hybrid war" against Western nations supporting Ukraine. Minister Torsten Schack Pedersen warned the incidents expose Denmark's vulnerability to such threats. The attacks join 147 documented incidents across Europe that officials attribute to Russia's broader sabotage campaign since invading Ukraine.

Source: Security Week

Security researchers discovered at least 120 Cisco Secure Email Gateway and Web Manager devices vulnerable to CVE-2025-20393, a critical zero-day flaw that attackers are actively exploiting. No patch is currently available, leaving organizations exposed.

The vulnerable devices are part of over 650 Cisco email security appliances accessible online. These systems are crucial for filtering malicious emails and protecting networks from phishing and malware.

Cisco has released a security advisory urging immediate defensive measures and temporary mitigations until a permanent fix arrives. The company hasn't provided a timeline for the security update, making interim protections essential for affected organizations.

Source: Cyber Security News

A sprawling cybercrime network called "the Com" is behind recent high-profile hacks including Pornhub user data theft by ShinyHunters. The loose affiliation comprises thousands of mostly male English speakers aged 16-25, operating like a criminal pipeline where older members groom younger recruits.

The Com splits into three branches: Hacker Com (ransomware attacks on retailers like M&S), IRL Com (bomb threats and "swatting" incidents), and Extortion Com (targeting children for self-harm content). FBI investigations have increased six-fold since 2022, with over 250 active cases focusing on the most disturbing branch alone.

Members communicate via Discord and Telegram, motivated by status, misogyny, and causing chaos.

Source: The Guardian

Chinese state-sponsored hackers are actively exploiting a critical zero-day vulnerability in Cisco's email security products, the company warned Wednesday. The flaw (CVE-2025-20393) affects Secure Email Gateway and Web Manager appliances, allowing attackers to execute commands with full system privileges.

Cisco's Talos team discovered the attacks on December 10, but they've been ongoing since late November. The hackers, tracked as UAT-9686, deployed custom tools including AquaShell backdoor and AquaTunnel for remote access. They're targeting devices with certain internet-facing ports open.

No patch is available yet, and Cisco hasn't identified workarounds. CISA ordered federal agencies to address the vulnerability by December 24.

Source: Security Week

Cisco faced two major security incidents this month. First, a Chinese threat group called UAT-9686 exploited a critical zero-day vulnerability (CVE-2025-20393) in Cisco's email security appliances, gaining root access and deploying custom malware including AquaShell backdoor. The flaw affects systems with Spam Quarantine features exposed to the internet and remains unpatched.

Separately, over 10,000 IP addresses launched brute force attacks against Cisco SSL VPNs and Palo Alto GlobalProtect systems, generating 1.7 million authentication attempts in 16 hours. The automated campaign primarily targeted US, Mexican, and Pakistani organizations before abruptly ending. Cisco is developing patches while recommending customers take Spam Quarantine offline immediately.

Source: Dark Reading

The UK government confirmed it's investigating a cyberattack that occurred in October, with a Chinese-affiliated group suspected of being behind the breach. Trade Minister Sir Chris Bryant said the security gap was "closed pretty quickly" and poses "fairly low risk" to individuals.

Hackers accessed Home Office systems operated by the Foreign Office, potentially targeting visa details according to reports. The National Cyber Security Centre is working with government partners to assess the full impact.

The timing creates diplomatic complications ahead of Prime Minister Keir Starmer's planned Beijing visit next year - the first by a UK PM since 2018. China has consistently denied backing cyberattacks against the UK, calling such accusations "malicious slander."

Source: BBC News

SonicWall disclosed that hackers are actively exploiting a new zero-day vulnerability (CVE-2025-40602) in its SMA1000 access devices. The medium-severity flaw allows privilege escalation and is being chained with an older critical vulnerability from January attacks.

Google researchers discovered the vulnerability, which stems from insufficient authorization in the device management console. SonicWall urges customers to immediately apply hotfixes in versions 12.4.3-03245 and 12.5.0-02283 or higher.

This marks another challenging year for SonicWall customers, following October's cloud backup breach that exposed all customer firewall configurations and summer ransomware attacks by the Akira gang.

Source: Dark Reading