Cybersecurity News | Daily Recap [12 Dec 2025]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Exploits

• The actively exploited GeoServer CVE-2025-58360 XXE flaw lets attackers read files, trigger SSRF or DoS, prompting CISA patch mandates and KEV cataloging – GeoServer CVE, GeoServer CVE, GeoServer CVE
• Multiple React Server Component flaws (including CVE-2025-55182/“React2Shell”) enable RCE/privileged JS execution and source-code exposure, triggering emergency CISA guidance and shortened patch deadlines for federal agencies – React RSC, React2Shell, React2Shell
• A new Windows RasMan zero-day targeting the Remote Access Connection Manager can crash the service and enable privilege escalation, with free unofficial 0Patch fixes available until Microsoft issues a patch – RasMan Zero-day

Software & Marketplace Threats

• Attackers exploited a Gladinet CentreStack cryptographic flaw to achieve remote code execution in the wild – Gladinet RCE
• Notepad++ patched a flaw that allowed attackers to push malicious update files to users, urging immediate updates – Notepad++ Fix
• Malicious VSCode Marketplace extensions hid a trojan inside fake PNG files, bypassing detection and exposing developers to supply-chain risk – Malicious VSCode

Data Breaches & Ransomware

• The Akira ransomware group breached Fieldtex Products, exposing protected health data of over 238,000 individuals and large volumes of corporate documents – Fieldtex Breach
• UK watchdog ICO fined LastPass £1.2 million over the 2022 breach that impacted about 1.6 million UK users, underscoring employee-device and safeguard failures despite zero-knowledge encryption – LastPass Fine, LastPass Fine
• The City of Cambridge advised residents to reset credentials after a nationwide outage/breach of the legacy CodeRED emergency-notification system during its migration to Crisis24’s platform – CodeRED Breach
• Hackers reportedly breached a developer tied to Russia’s digital military draft system (Micord), leaking sensitive source code and raising concerns about enlistment modernization security – Russia Draft, Russia Draft

Policy, Programs & Guidance

• Microsoft expanded its bug bounty to make all online services and third-party components “in scope by default,” broadening incentives to find flaws across its ecosystem and dependencies – MS Bounty, MS Bounty
• President Donald Trump signed an executive order blocking state-level AI regulations to preserve a unified federal approach and restrict funding for non-compliant programs – Trump AI EO
• Guidance on securing GenAI in browsers stresses policy, isolation, data controls, and education as essential to mitigate data-exfiltration and permission risks from enterprise AI use via web interfaces – GenAI Browser

Research, Events & Rewards

• Security researchers earned $320,000 at Zeroday.Cloud for uncovering flaws in open-source cloud/AI stacks (Redis, PostgreSQL, Linux kernel, etc.), highlighting continued investment in white-hat discovery – Zeroday Payouts
• The UK’s NCSC tested honeypots and cyber-deception tools to evaluate detection and response capabilities against realistic adversary behavior – NCSC Honeypots
• Virtual event: Day 2 of the Cyber AI & Automation Summit is running today, focusing on AI-driven defensive and automation strategies – Cyber Summit

Takedowns & Legal Actions

• An international coalition led by ACE dismantled the Indian-based piracy network (including MKVCinemas), which had drawn ~142M visits, removing major illegal streaming hubs and related infrastructure – MKVCinemas Takedown

Malware & Mobile Threats

• New Android “DroidLock” ransomware locks victims out of devices and demands payment, adding to mobile extortion incidents—users should avoid sideloading and keep devices patched – DroidLock Malware

Cybersecurity News | Daily Recap – hendryadrian.com