![Cybersecurity News | Daily Recap [22 Dec 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [22 Dec 2025]")
Daily Recap, WatchGuard reports a zero-day RCE exploited in the wild affecting over 115,000 Firebox devices, alongside a Somalia e-visa data exposure and Docker releasing hardened open-source images to bolster container security. Daily Recap, RansomHouse upgrades encryption with multi-layered data processing while Nefilim affiliates are implicated, an Android malware campaign combines droppers, SMS theft and RATs, and the U.S. DOJ charges 54 for an ATM jackpotting scheme using Ploutus, with North Korea-linked groups Lazarus, Kimsuky, Bluenoroff and BlueDelta resurfacing and Infy reappearing on the scene. #Firebox #WatchGuard #Somalia #Docker #RansomHouse #Nefilim #Android #Ploutus #Lazarus #Kimsuky #BlueDelta #Bluenoroff #Infy #NorthKorea
Vulnerabilities & Patches
- WatchGuard fixed a zero‑day and warned that a critical RCE has impacted over 115,000 Firebox devices being actively exploited – WatchGuard Patch, WatchGuard RCE
- A flaw in Somalia‘s e‑visa system exposed travelers’ passport data – Somalia E‑Visa
- Docker released open‑source hardened images available for free to improve container security – Docker Images
Malware & Ransomware
- Ransomware evolution: RansomHouse upgraded encryption with multi‑layered data processing while a Ukrainian hacker admitted an affiliate role in Nefilim operations – RansomHouse Upgrade, Nefilim Confession
- Operators combined droppers, SMS theft, and RAT capabilities into a large‑scale Android malware campaign – Android Malware
- The U.S. DOJ charged 54 individuals in an ATM jackpotting scheme that used Ploutus malware to steal cash from ATMs – ATM Charges
Nation‑state Activity
- An investigation unmasks the sprawling cyber infrastructure behind North Korea‘s groups like Lazarus, Kimsuky, and Bluenoroff, revealing shared assets and operational habits – DPRK Infrastructure
- The GRU‑linked BlueDelta group hijacks Ukrainian webmail using ngrok and Mocky to maintain stealthy access – BlueDelta Hijack
- The Iran‑linked Infy APT resurfaced with new malware activity after years of silence, signaling renewed targeting activity – Infy Resurfaces
Government & Policy
- CISA launched an internal investigation after a polygraph controversy led to six staff being placed on leave – CISA Polygraph
- The UK government acknowledged it is investigating a reported cyber incident following media disclosures – UK Incident
- Analysis argues that by 2026 protecting data will matter more than stopping attacks, advocating a shift to data‑centric security approaches – Data‑Centric 2026
Roundups & Research
- Consolidated threat research and daily summaries (Weekly recap for 21 Dec 2025) – Weekly Recap