Global Site
Argentina Aruba Barbados Bolivia Brazil Canada Cayman Islands Chile Colombia Costa Rica Curacao El Salvador Guatemala Honduras Mexico Paraguay Peru Puerto Rico Saint Martin Suriname United States Uruguay Venezuela
Australia Cambodia China Hawaii Hong Kong India Indonesia Japan Macau Malaysia Maldives Mongolia Myanmar Nepal New Zealand Pakistan Philippines Singapore South Korea Sri Lanka Taiwan Thailand Vietnam
Albania Andorra Armenia Austria Azerbaijan Belgium Bulgaria Croatia Cyprus Czech Republic Denmark Estonia Finland France Georgia Germany Greece Hungary Ireland Italy Kazakhstan Kosovo Latvia Lithuania Luxembourg Malta Moldova Netherlands Norway Poland Portugal Romania Serbia Slovakia Slovenia Spain Sweden Switzerland Tajikistan Turkey Ukraine United Kingdom Uzbekistan
Algeria Angola Bahrain Egypt Ghana Israel Jordan Kenya Kuwait Lebanon Liberia Mauritius Morocco Mozambique Nigeria Oman Qatar Saudi Arabia Senegal Sierra Leone South Africa Tanzania Togo Tunisia Uganda United Arab Emirates Yemen
Contact Us
home News
Cybersecurity Alert: 08–14 December 2025 Cyber Threat Advisory

Cybersecurity Alert: 08–14 December 2025 Cyber Threat Advisory

12/17/2025
Cybersecurity Alert: 08–14 December 2025 Cyber Threat Advisory

The second week of December 2025 unveiled a wave of critical zero-day exploitation and supply chain risks across mobile, enterprise, and identity stacks. A CVSS 10.0 RCE in Apache Tika threatens widespread Atlassian ecosystems, while actively exploited WebKit zero-days in iOS expose users to targeted espionage campaigns. Concurrently, a Windows kernel privilege escalation (CVE-2025-62221) is granting attackers SYSTEM-level access in the wild, and new React Server Components flaws are opening doors to unauthenticated denial-of-service and source code disclosure. Beyond software flaws, the 700Credit breach exposed 5.8 million records via unsecured third-party APIs, and a sophisticated AiTM phishing campaign is successfully bypassing Okta and Microsoft 365 MFA protections, underscoring the urgent need for patch management and identity hardening.

  1. Vulnerability Details

    1.1. Actively Exploited iOS/iPadOS WebKit Zero-Days (CVE-2025-43529, CVE-2025-14174)

    Apple patched two WebKit zero-day vulnerabilities in iOS 26 / iPadOS 26 and earlier that allow arbitrary code execution via malicious web content and are confirmed to be actively exploited in targeted attacks. Additional fixes include WebKit memory corruption bugs and high-impact flaws in the kernel, App Store, and core apps/frameworks.

    Action: Update to iOS 26.2 / iPadOS 26.2 immediately.
    Reference    https://support.apple.com/en-ae/125884

    1.2. React Server Components – DoS & Source Code Exposure (CVE-2025-55184, CVE-2025-67779, CVE-2025-55183)

    New vulnerabilities in React Server Components (react-server-dom-* packages) can enable pre-authentication denial-of-service and server-side source code disclosure, affecting versions 19.0.0–19.2.2 depending on the CVE. The issues were discovered after the React2Shell RCE (CVE-2025-55182) and impact Server Functions exposed over HTTP.

    Action: Upgrade to the latest React Server Components releases as recommended by the React team.
    Reference    https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components

    1.3. Windows Cloud Files Driver Privilege Escalation (CVE-2025-62221)

    A use-after-free vulnerability in the Windows Cloud Files Mini Filter Driver (cldflt.sys) allows local attackers to escalate privileges to SYSTEM. The flaw is widely deployed across Windows environments and is confirmed to be actively exploited.

    Action: Apply Microsoft’s December 2025 security updates across all Windows endpoints and servers.
    Reference:     https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62221

Attack Campaigns

700Credit Data Breach – 5.8M Individuals Affected

700Credit disclosed a breach impacting 5,836,521 individuals after attackers abused a third-party API linked to its dealer application (700Dealer.com). Exposed data includes names, addresses, dates of birth, and Social Security numbers collected between May and October 2025.

Action: Affected dealers should notify impacted customers; individuals should monitor credit reports and consider fraud alerts or credit freezes.
References:

https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/d546001c-f4d5-4c31-8b0e-c28e80d3b35f.html

AiTM Phishing Bypassing MFA for Microsoft 365 & Okta

Datadog Security Labs reported an active Adversary-in-the-Middle (AiTM) phishing campaign that proxies Okta and Microsoft 365 login flows to steal valid session cookies, effectively bypassing MFA. Emails spoof HR/benefits notices and leverage compromised marketing platforms and lookalike Okta domains.

Action:

Enforce phishing-resistant MFA where possible (FIDO2/WebAuthn).

Monitor sign-in anomalies and unusual Okta/M365 sessions.

Block known malicious domains and shorten URL abuse.

Referencehttps://securitylabs.datadoghq.com/articles/investigating-an-aitm-phishing-campaign-m365-okta/

Security News & Updates

3.1. Atlassian Patches Critical Apache Tika XXE and Other Third-Party Flaws

Atlassian released updates fixing nearly 30 vulnerabilities across Bamboo, Bitbucket, Confluence, Crowd, Fisheye/Crucible, Jira, and Jira Service Management. Notably, CVE-2025-66516 (CVSS 10.0) is a critical Apache Tika XXE issue that can lead to information disclosure, SSRF, DoS, or RCE via malicious PDFs.

Action: Upgrade all affected Atlassian Data Center and Server products to the latest fixed versions.
Reference: https://confluence.atlassian.com/security/security-bulletin-december-11-2025-1689616574.html

3.2 MITRE 2025 Top 25 Most Dangerous Software Weaknesses

MITRE published the 2025 CWE Top 25 list, with XSS, SQL injection, and CSRF occupying the top three spots. New entries emphasize classic, stack-based, and heap-based buffer overflows, improper access control, and unthrottled resource allocation.

Action: Integrate the CWE Top 25 into secure development, code review, and AppSec testing programs.
Referencehttps://cwe.mitre.org/top25/archive/2025/2025_cwe_top25.html

Microsoft December 2025 Patch Tuesday – 56 Vulnerabilities Fixed

Microsoft’s December 2025 Patch Tuesday addresses 56 vulnerabilities across Windows, Office, Exchange, PowerShell, Azure Monitor Agent, and Hyper-V, including three zero-days:

CVE-2025-62221 – Windows Cloud Files Mini Filter Driver LPE (actively exploited)

CVE-2025-64671 – Command injection in GitHub Copilot for JetBrains

CVE-2025-54100 – Command injection in Windows PowerShell

The release also includes 19 RCE and 28 elevation-of-privilege fixes, many in Windows kernel drivers.

Action: Ensure automated patch deployment remains enabled and prioritize systems exposed to user interaction and internet access.
Referencehttps://support.microsoft.com/en-us/topic/december-9-2025-kb5072033-os-build-26100-7462-fca31d8d-5fe8-4b5e-9591-6641ef1d26a1

Summary

Vulnerability Details

  • Actively Exploited WebKit Zero-Day Vulnerabilities in iOS and iPadOS Enable Arbitrary Code Execution (CVE-2025-43529, CVE-2025-14174)
  • New React Server Components Vulnerabilities Enable Denial-of-Service and Source Code Disclosure (CVE-2025-55184, CVE-2025-67779, CVE-2025-55183)
  • Windows Cloud Files Mini Filter Driver Privilege Escalation via Use-After-Free Vulnerability (CVE-2025-62221)

700Credit Data Breach Exposes Personal Information of Over 5.8 Million Individuals

  • AiTM Phishing Campaign Bypasses MFA to Compromise Microsoft 365 and Okta Accounts

Security News

  • Atlassian Releases Security Updates to Address Critical Apache Tika Vulnerability Across Multiple Products
  • MITRE Publishes 2025 Top 25 Most Dangerous Software Vulnerabilities List
  • Microsoft Releases December 2025 Patch Tuesday Fixing 56 Vulnerabilities, Including