As December unfolds, the cybersecurity landscape presents a mix of emerging threats and innovative defence strategies. This week’s news highlights active exploits targeting VPN gateways, evolving phishing tactics capitalising on the holiday season, advances in AI-powered defence automation, and new guidance for securing operational technology environments. Together, these stories underline the ongoing arms race between attackers leveraging novel techniques and defenders adopting smarter, AI-driven approaches.

Active Exploits Targeting Network Gateways

Command Injection Attacks on Array AG Series

Security teams have been alerted to active command injection attacks against Array Networks’ AG Series secure access gateways. The Japan Computer Emergency Response Team (JPCERT/CC) confirmed ongoing exploitation since August 2025 of a vulnerability patched by Array in May but not yet assigned a CVE identifier. Attackers exploit Array’s DesktopDirect remote access feature to plant webshells and create rogue user accounts, enabling persistent unauthorised access.

This issue emphasises the importance of timely patch management and continuous monitoring of critical network infrastructure. Business leaders should ensure that remote access solutions are scrutinised regularly, given their high value as attack vectors.

Phishing Campaigns Shift Focus Ahead of Holidays

SMS Phishing Exploits Points, Taxes, and Fake Retailers

Phishing groups based in China have adapted their SMS scams to tap into the holiday shopping season. Previously focused on fake package delivery or unpaid toll messages, these actors now deploy phishing kits to mass-produce counterfeit e-commerce websites. Their new tactics aim to convert stolen payment card data into mobile wallet credentials on platforms like Apple Pay and Google Pay.

Additionally, campaigns promising unclaimed tax refunds and mobile rewards points are becoming more prevalent. Security teams should heighten awareness around SMS phishing, especially as users may be more susceptible to financial lures during this period.

Advancements in AI-Driven Cyber Defence

Automating Threat Triaging with Agentic AI

At the recent Black Hat Middle East conference, Muhammad Ali Paracha, head of cyber defence at Transurban, shared insights into automating threat triage and scoring using agentic AI. This approach helps security operations teams prioritise incidents more effectively by reducing manual workload and accelerating response times.

CISA’s Security Guidance for AI in Operational Technology

Complementing advances in AI defence, the Cybersecurity and Infrastructure Security Agency (CISA) published new security guidance on deploying AI within operational technology (OT) environments. Given OT’s critical role in infrastructure, the guidance aims to mitigate risks associated with AI integration, including adversarial attacks and system reliability concerns.

This dual focus on AI reflects a broader trend where defensive capabilities increasingly rely on automation and intelligent analytics to keep pace with sophisticated threats.

Other Significant Developments

• CISA’s Warning on Brickstorm Backdoor Attacks: State-sponsored Chinese actors continue targeting VMware vSphere environments in government and tech sectors using the Brickstorm backdoor, highlighting persistent threats to virtualised infrastructure.
• Predator Spyware’s New Zero-Click Infection Vector: Intellexa’s Predator spyware now employs a novel zero-click attack, “Aladdin,” which compromises targets merely by viewing malicious advertisements, underscoring the rising complexity of spyware delivery mechanisms.
• UK’s NCSC Launches Proactive Notifications: The National Cyber Security Center is testing a new service to proactively alert UK organisations about vulnerabilities found in exposed devices within their environments, aiding in early risk mitigation.
• Russia Blocks FaceTime and Snapchat: Alleging their use in terrorist coordination, Russian authorities have blocked Apple’s FaceTime and Snapchat, raising questions about the balance between security concerns and digital communications accessibility.

Looking Ahead

While upcoming events like GISEC GLOBAL 2026 promise to bring together cybersecurity experts across the Middle East and Africa, the current threat landscape demands immediate attention. The combination of targeted infrastructure exploits, evolving phishing techniques, and the integration of AI into both attack and defence tactics calls for vigilance and adaptive strategies.

Key Takeaways

• Patch and monitor remote access gateways closely to defend against active command injection exploits.
• Heighten user awareness of sophisticated SMS phishing scams leveraging holiday-related incentives.
• Leverage AI-driven automation to improve threat triage and incident response effectiveness.
• Follow emerging security guidance for AI in operational technology to safeguard critical infrastructure.
• Stay informed on state-sponsored threats targeting virtualised environments and evolving spyware techniques.
• Utilise proactive vulnerability notification services where available to reduce attack surface exposure.

By recognising these trends and adapting accordingly, security teams and business leaders can better protect their organisations in an increasingly complex cyber threat environment.