Cyber Briefing: 2025.12.22
Active VPN exploits, Cisco zero-days, emergency Microsoft fixes, major public sector breaches, global cyber arrests, and state-backed attacks dominated.
👉 What’s happening in cybersecurity today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. WatchGuard Warns Of Active VPN Exploit
WatchGuard has issued urgent patches for a critical out-of-bounds write vulnerability in Fireware OS that is currently being exploited by hackers to execute unauthorized code. This security flaw, identified as CVE-2025-14733, primarily targets VPN configurations using IKEv2 and has been linked to IP addresses previously associated with attacks on Fortinet systems.
2. Tool Detects Cisco Email ZeroDay
A new Python-based scanning tool has been released to help organizations identify exposure to CVE-2025-20393, a critical zero-day vulnerability affecting Cisco Secure Email Gateway and Secure Malware Analytics. Developed by GitHub user StasonJatham, the script detects exposed management interfaces and indicators of compromise associated with active exploitation of this remote code execution flaw.
3. Microsoft Ships MSMQ IIS Fix
Microsoft has released an emergency out-of-band update to resolve a critical flaw in Message Queuing functionality triggered by earlier December security patches. This fix specifically restores the ability for applications to write to queues, preventing service disruptions in enterprise environments and clustered systems.
For more alerts click here!
💥 Cyber Incidents
4. University Of Sydney Suffers Data Breach
The University of Sydney recently revealed a data breach involving a code library that compromised the personal details of approximately 27,500 individuals. Although the university confirmed that information was accessed and downloaded, there is currently no evidence that the stolen data has been published or misused.
5. Hackers Hit French Police Systems
French authorities have confirmed a major data breach involving the national police database, which contains records on millions of individuals and details regarding criminal investigations. While officials state the breach does not pose a direct threat to public safety, the unauthorized access to sensitive investigator contact information and wanted persons lists is considered an unprecedented security failure for the country.
6. Ombudsman Office Cyber Data Theft
The Office of the Ombudsman is responding to a ransomware attack that has forced its IT systems offline and potentially compromised user data. Legal injunctions and forensic investigations are currently underway to protect information and restore services across several impacted public commissions.
For more incidents click here!
📢 Cyber News
7. Nigeria Arrests RaccoonO365 Dev
Authorities in Nigeria have arrested three high-profile cybercrime suspects, including the alleged developer of the RaccoonO365 phishing-as-a-service toolkit. The operation was a joint effort involving Microsoft and the FBI to dismantle a network responsible for stealing thousands of corporate credentials across nearly 100 countries.
8. North Korea Crypto Theft And Fake IT
North Korea has intensified its digital operations to bypass international sanctions, stealing over 2 billion dollars in cryptocurrency in 2025 while attempting to infiltrate global companies through identity fraud. Data from Chainalysis and Amazon highlights a record-breaking year for these state-sponsored thefts and a growing network of fraudulent IT workers targeting high-paying remote roles.
9. Denmark Blames Russia For Attack
Danish intelligence has officially linked the Russian government to a series of hybrid cyberattacks targeting Denmark’s critical infrastructure and democratic processes. These operations, carried out by state-sponsored groups, are designed to punish Denmark for its support of Ukraine and to foster a sense of insecurity within Western nations.
For more news click here!
📈Cyber Stocks
On Monday, 22nd December, cybersecurity stocks traded with mild strength as continued enterprise demand for cloud, identity and perimeter security helped support the sector amid broader market volatility. Positive sector drivers, including sustained cloud adoption and ongoing security modernisation efforts, underpinned selective buying interest even as macro uncertainty limited broader gains.
Palo Alto Networks closed at 186.88 dollars and moved higher, supported by strong enterprise demand for its unified security platform and continued momentum in cloud and AI-driven cybersecurity adoption.
Fortinet closed at 80.24 dollars and edged up modestly, as steady interest in zero-trust and network-security solutions supported the stock despite ongoing sector rotation pressures.
Zscaler closed at 232.55 dollars and gained, reflecting continued enterprise adoption of cloud-delivered security and zero-trust architectures as organisations prioritise modern defence frameworks.
Check Point Software Technologies closed at 189.14 dollars and moved higher, buoyed by ongoing demand for perimeter and firewall defences amid persistent global cyber-threat activity.
Okta closed at 90.21 dollars and was largely flat, with sustained enterprise focus on identity and access management balancing broader caution across technology and defensive sectors.
💡 Cyber Tip
📱 WatchGuard Warns Of Active VPN Exploit
A critical WatchGuard Fireware OS flaw (CVE-2025-14733) is actively exploited to hijack IKEv2 VPNs and run unauthorized code. Attackers linked to past Fortinet intrusions are already scanning the internet—patching isn’t optional.
🔐 What You Should Do
Immediately update Fireware OS to the latest patched release
Disable dynamic peer branch-office VPNs until patched
Review VPN configs using IKEv2, especially mobile users and branch sites
Monitor for indicators: large certificate payloads, VPN hangs/crashes
If you can’t patch today, create access-control rules to restrict inbound IPs
⚠️ Why This Matters
Gateway appliances are now prime targets, one compromise gives attackers a foothold into your entire network. If left unpatched, this vulnerability can become a silent entry point for ransomware and data theft.
📚 Cyber Book
Cybersecurity Bible by Shawn Walker
That concludes today’s briefing. You can check the top headlines here!
Copyright © 2025CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium