Cisco Zero-Day Exploited, Kali Linux 2025.4 Released
▼ Summary
– A new research study explores how AI agents should determine when to use personal data without asking for permission every time, addressing a key challenge as AI handles more tasks.
– Multiple critical vulnerabilities are being actively exploited, including flaws in Fortinet firewalls, SonicWall appliances, and Apple devices, prompting urgent patching advisories.
– Several major companies, including SoundCloud and Cisco, have confirmed recent security breaches involving data theft, denial-of-service attacks, and the compromise of email security devices.
– Security interviews highlight evolving threats in sectors like telehealth, space infrastructure, and AI systems, emphasizing the need for adaptive security models and better threat partitioning.
– Reports indicate significant security challenges, such as over half of public vulnerabilities bypassing leading web application firewalls and North Korean hackers dominating cryptocurrency theft in 2025.
The digital security landscape remains a dynamic and challenging environment, with threat actors actively exploiting newly discovered vulnerabilities across a wide range of platforms. A critical zero-day flaw in Cisco’s email security appliances has been under active exploitation by a suspected Chinese-nexus threat group since late November 2025, according to researchers from Cisco Talos. The attackers have been using this unpatched vulnerability to compromise devices, plant backdoors, and deploy tools designed to purge system logs, highlighting the persistent threat to network perimeter security. This incident underscores the urgent need for organizations to maintain vigilant patch management and threat-hunting practices, especially for critical security infrastructure.
In parallel, other major vendors have addressed serious security issues. Fortinet is warning that attackers are exploiting an authentication bypass vulnerability (CVE-2025-59718) in FortiGate firewalls to gain access and export system configuration files. Similarly, SonicWall has released a hotfix for a local privilege escalation flaw (CVE-2025-40602) in its Secure Mobile Access (SMA) 1000 appliances, noting that it has already been exploited in the wild. Apple has also issued urgent updates to patch two actively exploited WebKit zero-days (CVE-2025-14174, CVE-2025-43529) affecting its devices. These widespread exploits demonstrate that attackers are quick to weaponize vulnerabilities in both enterprise and consumer technologies.
The threat extends beyond software flaws to sophisticated social engineering campaigns. Microsoft 365 users are being targeted with a clever device code phishing technique that abuses the OAuth 2.0 authorization flow. Attackers present users with a device code to enter on a legitimate Microsoft page, which, when approved, grants the attackers access tokens and control over enterprise accounts. Meanwhile, a global business email compromise (BEC) operation tracked as Scripted Sparrow has been conducting highly targeted phishing campaigns, masquerading as professional services firms to trick finance teams into making fraudulent wire transfers.
On the defensive side, the tools and strategies for security professionals continue to evolve. OffSec has released Kali Linux 2025.4, the latest iteration of the popular penetration testing platform, featuring numerous quality-of-life improvements and new tools for security assessments. Furthermore, a shift in authentication paradigms is becoming more evident. A new report suggests that passwordless authentication methods are finally gaining mainstream traction, improving security without negatively impacting user experience, challenging the long-held belief that stronger security inherently slows people down.
Research continues to reveal systemic challenges. A concerning study indicates that more than half of publicly known vulnerabilities can bypass leading web application firewalls (WAFs), raising questions about the effectiveness of this foundational security control when used in isolation. In the financial sector, North Korean hacking groups continue to dominate cryptocurrency theft, now focusing on larger services to maximize the impact of a single breach. Additionally, European law enforcement recently dismantled Ukraine-based scam call centers that were defrauding victims by posing as police officers and bank officials.
The integration of artificial intelligence presents both new risks and potential solutions. Security leaders are advised to threat model AI systems by function and impact, rather than treating them as a monolithic risk. Conversely, research explores whether large language models (LLMs) can be used to create more effective phishing awareness training for users. Another study suggests that using coordinated groups of LLMs, rather than a single model, can improve the detection of bugs in smart contract audits.
Other notable developments include a confirmed breach and denial-of-service attacks against the audio streaming service SoundCloud, and the identification by ESET of a new China-aligned APT group, tracked as LongNosedGoblin, which abuses Windows Group Policy to target government institutions in Southeast Asia and Japan. As the year draws to a close, these incidents collectively paint a picture of an interconnected threat landscape where rapid response, layered defense, and continuous adaptation are paramount for organizational resilience.
(Source: HelpNet Security)
