Cybersecurity News | Daily Recap [10 Dec 2025]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Patches

• Microsoft released its December security updates addressing 56–57 flaws including 3 zero-days and active exploits – MS Patch, MS Patch, MS Patch
• Adobe pushed fixes for nearly 140 vulnerabilities across products – Adobe Fixes
• SAP and other vendors issued urgent fixes for multiple critical vulnerabilities across products – SAP Fixes, SAP Fixes, Vendor Patches
• Ivanti patched a critical Endpoint Manager remote code execution flaw and urged immediate updates – Ivanti Fix, Ivanti Fix
• WinRAR vulnerability CVE-2025-6218 is under active attack by multiple threat groups — update now – WinRAR CVE
• CISA and vendors warned/mitigated firmware, PCIe and ICS flaws including U-Boot, Intel/AMD PCIe issues and patches from Siemens, Rockwell, and Schneider – Bootloader CISA, PCIe Flaws, ICS Patch
• Windows platform updates and behavior changes: Win11 cumulative KBs and extended Win10 KB plus PowerShell now warns on Invoke-WebRequest scripts – Win11 KBs, Windows 10 KB, PowerShell Warn

Threat Actors & Malware

• North Korea-linked actors exploited React2Shell to deploy new EtherRAT variants in recent intrusions – EtherRAT Deploy, EtherRAT Deploy
• Multiple clusters under a malware‑as‑a‑service model are using CastleLoader/CastleRAT as GrayBravo expands its infrastructure targeting logistics and transport – CastleLoader MaaS
• Threat group Storm‑0249 has escalated tactics—using ClickFix, fileless PowerShell and DLL sideloading—to facilitate stealthy ransomware campaigns – Storm-0249
• ChrimeraWire Trojan fakes Chrome activity to manipulate search rankings and evade detection – ChrimeraWire Trojan
• Researchers report a 700% surge in hypervisor attacks while initial access brokers are increasingly tied to attacks on critical infrastructure – Hypervisor Spike, Initial Access
• The FBI warns criminals are manipulating online photos to fuel virtual kidnapping ransom schemes – Virtual Kidnapping

Incidents & Breaches

• Coupang CEO resigned after a massive data breach exposing millions of users’ data – Coupang Breach
• Ireland’s HSE acknowledged damage from a cyberattack and proposed a €750 payout for 90,000 victims – HSE Compensation
• Seoul investigators seized data and devices from “South Korea’s Amazon” following a major data breach probe – Seoul Seizure

Law & Enforcement

• India’s CBI filed a chargesheet against 30 suspects, including two Chinese nationals, in a ₹1,000 Cr cyber fraud network case – CBI Chargesheet
• A California man pled guilty to RICO charges as the DOJ continues prosecutions of a crypto theft gang – RICO Guilty
• European law enforcement arrested 193 suspects tied to ‘violence‑as‑a‑service’ platforms in a cross-border operation – EU Arrests
• Jamal Khashoggi’s widow filed a complaint in France alleging the Saudi government infected devices with spyware — a legal escalation with geopolitical implications – Khashoggi Complaint
• The UK sanctioned several Russian and Chinese firms accused of information warfare and hybrid threats targeting the West – UK Sanctions

Industry, Research & Events

• Webinar explores how attackers exploit cloud misconfigurations across AWS, AI models, and Kubernetes—today’s session for cloud defenders – Cloud Webinar
• SecurityWeek is hosting a webinar on managing the first 72 hours of a cyber event for incident responders and SOC teams – Incident Webinar
• Startup Prime Security raised $20 million to build an agentic security architect aimed at autonomous defense capabilities – Prime Funding
• Practical guidance published on maintaining enterprise IT hygiene using Wazuh SIEM/XDR to improve detection and response posture – Wazuh Guide

Cybersecurity News | Daily Recap – hendryadrian.com