Techworks Threat Brief - December 19, 2025

This week's security landscape was dominated by critical vulnerabilities requiring immediate patching and significant breaches impacting major organizations. High-severity CVEs across multiple platforms underscored the persistent threat of unpatched systems, while several high-profile incidents highlighted ongoing risks to data and infrastructure.

Top Security Stories

China-Linked Hackers Exploiting Zero-Day in Cisco Security Gear

The critical zero-day is tracked as CVE-2025-20393 and it impacts Secure Email Gateway and Secure Email and Web Manager appliances. The post China-Linked Hackers Exploiting Zero-Day in Cisco Security ...

Source: securityweek.com

SonicWall Patches Exploited SMA 1000 Zero-Day

The medium-severity flaw has been exploited in combination with a critical bug for remote code execution. The post SonicWall Patches Exploited SMA 1000 Zero-Day appeared first on SecurityWeek.

Source: securityweek.com

Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw

Apple has released macOS and iOS updates to patch two WebKit zero-days exploited in an “extremely sophisticated” attack. The post Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw a...

Source: securityweek.com

CISA Flags Critical ASUS Live Update Flaw After Evidence of Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting ASUS Live Update to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of ...

Source: thehackernews.com

Apple Patches More Zero-Days Used in 'Sophisticated' Attack

Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.

Source: darkreading.com

HPE Patches Critical Flaw in IT Infrastructure Management Software

Tracked as CVE-2025-37164, the critical flaw could allow unauthenticated, remote attackers to execute arbitrary code. The post HPE Patches Critical Flaw in IT Infrastructure Management Software appear...

Source: securityweek.com

SonicWall Edge Access Devices Hit by Zero-Day Attacks

In the latest attacks against the vendor's SMA1000 devices, threat actors have chained a new zero-day flaw with a critical vulnerability disclosed earlier this year.

Source: darkreading.com

Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild

Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of...

Source: thehackernews.com

VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption

The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test...

Source: thehackernews.com

Critical Fortinet Flaws Under Active Attack

Attackers targeted admin accounts, and once authenticated, exported device configurations including hashed credentials and other sensitive information.

Source: darkreading.com

Zeroday Cloud hacking event awards $320,0000 for 11 zero days

The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. [...]

Source: bleepingcomputer.com

Auto Parts Giant LKQ Confirms Oracle EBS Breach

LKQ said the personal information of thousands of individuals was compromised as a result of the hacker attack. The post Auto Parts Giant LKQ Confirms Oracle EBS Breach appeared first on SecurityWeek....

Source: securityweek.com

Illusory Systems settles with FTC over 2022 cryptocurrency hack

The company was charged with materially misrepresenting the cybersecurity of its Token Bridge software as executives failed to implement reasonable security. The post Illusory Systems settles with FTC...

Source: cyberscoop.com

SoundCloud confirms breach after member data stolen, VPN access disrupted

Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database exposing users'...

Source: bleepingcomputer.com

Opexus claims background checks missed red flags on twins accused of insider breach

The federal government contractor admits it made multiple mistakes in the hiring and firing of Muneeb and Sohaib Akhter. The post Opexus claims background checks missed red flags on twins accused of i...

Source: cyberscoop.com

Critical Vulnerabilities (CVEs)