Cisco email security products actively targeted in zero‑day campaign
Security researchers are reporting active exploitation of a critical, unpatched zero‑day vulnerability (CVE‑2025‑20393) in Cisco AsyncOS‑based email security appliances by a China‑linked advanced persistent threat group. The campaign allows remote attackers to gain root‑level access and deploy persistent backdoors on vulnerable devices, prompting urgent defensive actions and interim mitigations while a patch remains unavailable.
UK NHS supplier DXS International confirms cyber attack
DXS International, a technology provider for NHS England, disclosed a cybersecurity incident affecting its internal servers discovered on December 14 and contained with support from NHS and external security teams. Front‑line clinical operations reportedly remained unaffected, but the breach underscores supply‑chain risk in healthcare sectors and has prompted investigations by regulators including the UK Information Commissioner’s Office.
China‑linked “Ink Dragon” threat group expands into European government networks
Cybersecurity researchers from Check Point report that a Chinese state‑sponsored actor dubbed “Ink Dragon” has broadened its espionage operations against European government targets by exploiting misconfigured IIS and SharePoint servers. The group’s updated “FinalDraft” backdoor hides traffic within normal email drafts and leverages compromised servers as relay points, indicating evolving tactics to evade detection and maintain persistence.
CVE‑2025‑59718 exploited to bypass FortiGate firewall authentication
Security researchers warn of active exploitation of a recently disclosed vulnerability (CVE‑2025‑59718) in Fortinet FortiGate firewalls that allows attackers to bypass authentication and extract configuration data. The same weekly review also highlighted exploitation of unpatched SonicWall SMA appliances and underscores a trend of active zero‑day exploitation across widely deployed network defense products.
Breach at University of Phoenix exposed data of 3.5 million people
The University of Phoenix confirmed a breach affecting about 3.49 million individuals after attackers exploited a zero-day vulnerability in Oracle’s E-Business Suite in August 2025. Stolen data includes names, dates of birth, Social Security numbers, and bank account and routing numbers, though academic systems were not disrupted. The incident ties into the broader exploitation of CVE-2025-61882 by the Clop group against multiple large organizations.
