Cybersecurity News | Daily Recap [19 Dec 2025]

Daily Recap, major breaches impacted 27,000 University of Sydney records and about 113,000 VA patients, while UK NHS‑linked providers and other government intrusions highlighted a broad cross‑sector threat landscape. The roundup also notes ransomware takedowns like E‑Note, critical exploits from WatchGuard and Cisco AsyncOS, and campaigns such as Kimsuky’s DocSwap Android malware and North Korea–linked crypto theft, plus policy and industry responses shaping defenses. #Kimsuky #DocSwap #NKCryptoTheft #ENote #WatchGuard #CiscoAsyncOS

Major Breaches & Intrusions

University of Sydney cyberattack exposed decades of staff and student records, impacting 27,000 individuals – Sydney Breach, Sydney Breach
Data breach at Virginia Mental Health Authority impacted around 113,000 individuals – VA Breach
Hackers breached internal servers of a UK health‑service tech provider (DXS), potentially exposing NHS data and services – NHS Provider

Government Attacks & Espionage

UK Foreign Office confirmed a hack with officials saying ‘low risk’ to individuals amid reports of possible China-linked activity – FO Hack
Denmark blames Russia for a destructive cyberattack on a water utility as hybrid threats rise in Europe – Denmark Attack, Denmark Attack
France arrests a Latvian suspected of installing remote‑control malware on an Italian passenger ferry amid probes of foreign interference – Ferry Malware, Ferry Malware
French authorities arrest a 22‑year‑old over a hack of the Interior Ministry – Interior Hack
Researchers warn a China-aligned espionage group is abusing Group Policy to target government networks – Group Policy

Ransomware & Crypto Takedowns

US authorities seized crypto exchange E-Note, charging a Russian administrator and linking the platform to ransomware money‑laundering operations – E-Note Takedown, E-Note Takedown, E-Note Takedown

Vulnerabilities & Patches

Active exploitation reported for critical WatchGuard Fireware/Firebox VPN RCE flaws; admins urged to patch immediately – WatchGuard Flaw, WatchGuard Flaw
Cisco warns of an unpatched AsyncOS zero‑day actively exploited in attacks, with reports of China‑linked actors abusing the flaw in security gear – Cisco AsyncOS, Cisco AsyncOS
SonicWall patched an exploited SMA 1000 zero‑day (CVE‑2025‑40602); customers should apply fixes urgently – SonicWall Patch, SonicWall Patch
HPE OneView flaw rated CVSS 10.0 allows unauthenticated RCE; HPE has issued advisories and patches – HPE OneView, HPE OneView
A disturbing UEFI vulnerability in major motherboards enables early‑boot attacks, raising firmware security concerns – UEFI Flaw
CISA warns of an exploited flaw in the Asus update tool being actively abused in the wild – Asus Flaw
A WordPress plugin vulnerability in Motors exposes sites to takeover via authenticated‑bypass flaws—patch or mitigate now – Motors WP
Recent Microsoft Windows updates are breaking RemoteApp / Azure Virtual Desktop sessions, disrupting remote environments after patching – RemoteApp Break

Malware & Threat Actors

The Kimsuky group is spreading the Android DocSwap malware via QR‑phishing that impersonates delivery apps – DocSwap Malware
Attackers are abusing WhatsApp device‑linking to hijack accounts, warning users to secure linked devices and 2FA – WhatsApp Hijacks
North Korea-linked cybercriminals reportedly stole about $2.02 Billion in 2025, remaining the largest source of global crypto theft – NK Crypto Theft
Amazon blocked about 1,800 suspected DPRK job applicants linked to fake profiles, part of fraud and workforce manipulation concerns – DPRK Applicants

Legal, Policy & Enforcement

President Trump signed the defense bill directing millions toward US Cyber Command and mandating new Pentagon phone‑security requirements – NDAA Cyber
The FTC ordered Instacart to refund $60M over deceptive subscription tactics – Instacart Refund
Pennsylvania’s high court ruled police can access Google search data without a warrant, raising privacy and legal debates – PA Ruling
Guidance on achieving NIS2 compliance emphasizes getting passwords and MFA right as a foundational control – NIS2 Guide
EU authorities dismantled fraudulent call centres in Ukraine linked to a roughly €10M scam network – Call Centre Bust

Industry & Research

Docker released 1,000 hardened images as free open‑source resources to improve container security hygiene – Docker Images
IoT security firm Exein raised €100 Million to expand device security capabilities across edge and embedded environments – Exein Raise
The ThreatsDay bulletin aggregates active trends including WhatsApp hijacks, MCP leaks, AI reconnaissance and emerging exploits—useful for SOC triage – ThreatsDay
Analysis argues for dynamic AI‑SaaS security as copilots and AI services scale across enterprises – AI‑SaaS Security

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print