Introduction
This week’s cybersecurity roundup highlights a surge in critical zero-day vulnerabilities actively exploited in enterprise environments, along with concerning developments in supply chain attacks and cloud infrastructure security. From high-severity flaws in widely used network and email appliances to weaponised mobile malware and cryptomining campaigns, security teams and business leaders must stay vigilant as threat actors continue to exploit unpatched systems and legitimate features for malicious gain.
Critical Zero-Day Vulnerabilities and Active Exploitation
Cisco AsyncOS Zero-Day Attacks
Cisco has issued urgent warnings about a maximum-severity zero-day vulnerability (CVE details not disclosed) in its AsyncOS software affecting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. This flaw is actively exploited by a China-linked advanced persistent threat (APT) group known as UAT-9686. The campaigns targeting these critical email security appliances were detected in early December 2025, posing severe risks to organisations relying on Cisco’s email security infrastructure.
Security teams must prioritise rapid patching and monitoring for indicators of compromise given the high impact and active exploitation reported.
ASUS Live Update Supply Chain Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in ASUS Live Update (CVE-2025-59374, CVSS 9.3) to its Known Exploited Vulnerabilities catalog. This flaw stems from malicious code embedded via a supply chain compromise, highlighting the persistent risks in trusted software update mechanisms.
Businesses using ASUS hardware should urgently mitigate exposure, as supply chain attacks can bypass traditional defences and enable widespread impact.
Fortinet Flaws Under Active Attack
Fortinet devices are also under attack, with threat actors targeting administrative accounts to export device configurations, including hashed credentials and sensitive data. This underlines the ongoing threat to network security appliances and the importance of securing privileged access.
Cloud and Identity Threats
Zeroday Cloud Hacking Competition Highlights Critical Cloud Vulnerabilities
In London, the Zeroday Cloud hacking competition awarded $320,000 to researchers who uncovered 11 critical remote code execution vulnerabilities in cloud infrastructure components. This event shines a spotlight on the persistent vulnerabilities in cloud environments that underpin modern IT operations.
Organisations relying on cloud services must ensure continuous vulnerability management and apply patches promptly to reduce attack surfaces.
Amazon AWS Cryptomining Campaign
Amazon’s AWS GuardDuty has flagged an ongoing cryptomining campaign exploiting compromised AWS Identity and Access Management (IAM) credentials to run unauthorised workloads on Elastic Compute Cloud (EC2) and Elastic Container Service (ECS). This campaign illustrates how attackers leverage stolen cloud credentials to generate financial gain while draining organisational resources.
Robust credential management, including multi-factor authentication and anomaly detection, is essential to defend against such abuse.
Mobile and Messaging Application Threats
‘Cellik’ Android RAT Using Google Play Store
A new remote access Trojan (RAT) named “Cellik” has been found exploiting the Google Play Store to distribute malicious apps that grant attackers remote control over victims’ Android devices. This tactic abuses the trust users place in official app stores.
Mobile security strategies should include app vetting, behavioural analysis, and user education to mitigate these risks.
WhatsApp Device Linking Abused for Account Hijacking
Threat actors have been abusing WhatsApp’s legitimate device-linking feature in a campaign dubbed “GhostPairing.” Attackers use pairing codes to hijack user accounts, bypassing traditional authentication methods.
This attack vector highlights the need for awareness around device linking features and enhanced security controls on messaging platforms.
Law Enforcement and Policy Updates
Arrest in Cyberattack Targeting France’s Interior Ministry
French authorities have arrested a 22-year-old suspect linked to a cyberattack on the Ministry of the Interior earlier this month. This development underscores ongoing government efforts to tackle cybercrime and the increasing targeting of public sector institutions.
Advances in Cybersecurity AI Tools
Anthropic’s Claude LLM Shows Resilience Against Abuse
Anthropic’s large language model, Claude, has demonstrated a strong resistance to misuse compared to other LLMs. This progress indicates a growing emphasis on building safer AI tools for cybersecurity, which could enhance threat detection and response capabilities.
Conclusion
The current cybersecurity environment is marked by critical zero-day exploits targeting essential infrastructure, emphasising the importance of timely patching, supply chain security, and cloud defence strategies. Additionally, attacks on mobile platforms and messaging services illustrate the expanding attack surface that organisations must safeguard. Advances in AI and law enforcement actions provide some positive counterpoints amid these challenges.
Key Takeaways
- Active exploitation of critical zero-day vulnerabilities in Cisco AsyncOS and ASUS Live Update demand immediate attention.
- Supply chain compromises remain a significant risk vector, particularly for trusted update mechanisms.
- Cloud infrastructure and credentials are prime targets for financially motivated attacks such as cryptomining.
- Mobile RATs and abuse of messaging app features reveal evolving tactics in endpoint and social engineering attacks.
- Law enforcement actions highlight ongoing efforts to disrupt cybercriminal operations.
- Advances in AI-driven cybersecurity tools offer promising improvements in threat mitigation and safety.
Security teams and business leaders should prioritise comprehensive vulnerability management, credential hygiene, and user awareness to mitigate these multi-faceted threats as we close out the year 2025.