Ticker feed

CISA added a critical vulnerability in Asus Live Update utility to its Known Exploited Vulnerabilities catalog Wednesday, warning federal agencies to stop using the now-discontinued software. The flaw (CVE-2025-59374) stems from Operation ShadowHammer, a 2018 supply chain attack by Chinese state-sponsored group APT41.

The hackers injected a backdoor into the pre-installed utility used for updating BIOS and drivers on Asus devices. While over 1 million users downloaded the compromised software, attackers targeted only about 600 specific devices based on hardcoded MAC addresses. Asus patched the issue in March 2019 after discovery.

Federal agencies have three weeks to identify and remove vulnerable products from their networks.

Source: Security Week

CISA added a critical Fortinet vulnerability (CVE-2025-59718) to its exploited vulnerabilities catalog after detecting active attacks. The flaw, along with CVE-2025-59719, allows hackers to bypass authentication on FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager devices using crafted SAML messages.

Arctic Wolf researchers spotted attacks starting December 12, just three days after Fortinet disclosed the vulnerabilities on December 9. Attackers from Germany, the US, and Asia targeted admin accounts, stealing device configurations and credentials from compromised FortiGate devices.

The vulnerabilities affect devices with FortiCloud SSO enabled, which automatically activates when administrators register through the GUI. Federal agencies must patch by December 23 or stop using affected products. Organizations can temporarily disable FortiCloud login while implementing patches across multiple Fortinet product versions.

Source: Dark Reading

Hackers calling themselves ShinyHunters have accessed the viewing habits and search history of over 200 million Pornhub premium users. The breach exposed email addresses, video preferences, search activities, and location data, though passwords and payment information weren't compromised.

The attack targeted Mixpanel, a data analytics company that worked with Pornhub until 2021, meaning the stolen data isn't current. ShinyHunters, a western-based group of English-speaking hackers in their teens and twenties, has demanded bitcoin payment to prevent releasing the information publicly.

Pornhub emphasized their own systems weren't breached and that only a "select" number of users were affected through the third-party analytics provider.

Source: The Guardian

Fortune 500 automotive parts giant LKQ Corporation has confirmed it was hit by the Cl0p ransomware group's Oracle E-Business Suite hacking campaign. The breach compromised personal information of over 9,000 individuals, primarily sole proprietor suppliers whose data included Social Security numbers and Employer Identification Numbers.

LKQ discovered the attack on October 3 and completed its investigation on December 1. The company says there's no evidence the breach extended beyond its Oracle EBS environment. However, cybercriminals have allegedly leaked several terabytes of stolen files online.

This marks LKQ's second cyberattack in two years. The Cl0p group has targeted over 100 organizations through this Oracle campaign, with confirmed victims including Logitech, Canon, Cox, and Mazda.

Source: SecurityWeek

Google addressed eight actively exploited zero-day vulnerabilities in Chrome during 2025, all classified as high severity with CVSS scores averaging 8.5. Half targeted Chrome's V8 JavaScript engine, while others exploited graphics rendering and sandbox protection mechanisms.

Google's Threat Analysis Group discovered six vulnerabilities, with external contributions from Kaspersky and Apple teams. Notable attacks included Operation ForumTroll in March, which used CVE-2025-2783 to deploy LeetAgent spyware on Russian targets through sandbox escape techniques.

Type confusion vulnerabilities dominated, accounting for three flaws that exploited V8's optimization strategies. Two vulnerabilities enabled complete sandbox escapes, the most severe browser attack class. All eight were added to CISA's Known Exploited Vulnerabilities catalog, mandating immediate federal agency remediation.

Source: Cyber Security News

Japanese B2B office supplies company Askul suffered a devastating ransomware attack in October, compromising over 700,000 customer and business partner records. The RansomHouse group detected the breach on October 19, encrypting files and stealing more than 1TB of sensitive data before the company could respond.

The attack crippled Askul's highly automated logistics systems, disrupting orders and shipping for weeks. Services didn't resume until early December. The hackers accessed the network using stolen credentials, then moved laterally through systems while disabling security measures and deleting backups.

RansomHouse leaked stolen data in November and December after Askul refused to pay ransom demands. The breach joins a troubling pattern of cyberattacks targeting major Japanese companies including Asahi, Nikkei, and Nippon Steel subsidiaries.

Source: Security Week

Apple patched two critical zero-day vulnerabilities on December 12 that were actively exploited in what the company calls "extremely sophisticated attacks" targeting specific individuals. The flaws, CVE-2025-43529 and CVE-2025-14174, affect WebKit and allow attackers to execute malicious code through crafted web content.

Discovered by Apple's security team and Google's Threat Analysis Group, these memory corruption bugs were fixed across iOS, iPadOS, and macOS devices. One vulnerability also impacts Google Chrome's graphics engine, suggesting cross-platform exploitation potential.

Apple has used similar language before when describing commercial spyware attacks, though neither Apple nor Google provided technical details about the exploitation. Security experts say vendors deliberately limit disclosure to prevent attackers from reverse-engineering patches into new exploits.

Source: Dark Reading

Asahi Group Holdings is overhauling its cybersecurity after a September ransomware attack exposed 2 million people's personal data and crippled operations. CEO Atsushi Katsuki announced plans for a dedicated cybersecurity unit and admitted their previous measures "were easily broken."

The Qilin ransomware group's attack encrypted servers and infected employee devices, forcing the Japanese brewing giant to halt automated order and shipping processes. Recovery efforts will continue until February 2026, with the company scrapping VPNs for a zero-trust security model.

The financial impact is severe: alcohol sales in Japan dropped 20% year-over-year in November, and Asahi has skipped three months of sales disclosures due to ongoing system disruptions.

Source: Infosecurity Magazine

CISA has added a critical Windows zero-day vulnerability to its catalog, warning that CVE-2025-62221 is being actively exploited in attacks. The flaw affects the Windows Cloud Files Mini Filter Driver and allows attackers with initial access to escalate privileges and potentially take complete system control.

The use-after-free vulnerability enables authorized attackers to execute arbitrary code with elevated privileges. CISA added this threat to its catalog on December 9, 2025, with organizations required to remediate by December 30, 2025.

The compressed timeline reflects the severity of active exploitation. Organizations must immediately apply Microsoft mitigations or discontinue using affected systems until patches are available.

Source: Cybersecurity News

Nissan North America suffered a ransomware attack in November 2023 that exposed Social Security numbers of over 53,000 current and former employees. Hackers infiltrated the company's virtual private network and demanded payment, though Nissan hasn't disclosed whether they paid the ransom.

The automaker notified law enforcement immediately and worked with cybersecurity experts to contain the threat. Employees learned about the breach during a December town hall meeting, a month after it occurred.

While Social Security numbers were compromised, financial information remained secure. Nissan found no evidence the data was misused and is providing two years of free identity theft protection to affected workers.

Source: CBS News