Top 5 Cybersecurity News Stories December 19, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Apple says it fixed zero-day flaws used for ‘sophisticated’ attacks

Apple has released critical security updates to address multiple zero-day vulnerabilities actively exploited in targeted attacks. These flaws affected iOS, macOS, and other Apple platforms, enabling attackers to execute arbitrary code through malicious web content.

Apple confirmed the vulnerabilities were discovered during real-world exploitation and urges users to update immediately. The company continues to strengthen its security measures to protect against evolving threats. Timely patching is essential to prevent compromise and maintain device integrity.
Read more on Techradar

2. Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Cisco has issued an urgent advisory regarding active exploitation of a zero-day vulnerability in its Secure Email Gateway and Web Manager appliances. Attackers are leveraging the flaw to deploy persistent backdoors and tunneling tools, enabling long-term access to compromised systems.

While a patch is not yet available, Cisco recommends restricting access, monitoring logs, and applying interim mitigations. This incident highlights the critical role of email security infrastructure and the growing sophistication of targeted attacks against enterprise systems.
Read more on The Hacker News

3. SOAPwn .NET Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

A severe vulnerability named “SOAPwn” has been identified in .NET applications using SOAP-based services. The flaw allows attackers to bypass authentication and execute arbitrary code, potentially leading to data theft and system compromise.

Exploitation requires specially crafted SOAP requests, making exposed endpoints highly vulnerable. Microsoft has released guidance and patches to address the issue, urging immediate updates. This discovery underscores the importance of securing legacy protocols and implementing robust monitoring to detect suspicious activity in enterprise environments.
Read more on The Hacker News

4. WhatsApp device linking abused in account hijacking attacks

Cybercriminals are exploiting WhatsApp’s device-linking feature to hijack accounts without stealing passwords. Dubbed “GhostPairing,” the attack involves tricking users into scanning malicious QR codes, granting attackers full control of their accounts.

This method bypasses traditional authentication, making it particularly dangerous for individuals and businesses relying on WhatsApp for communication. Users are advised to verify QR codes and enable two-step verification to reduce risk. The campaign highlights the need for vigilance against social engineering tactics targeting widely used platforms.
Read more on BleepingComputer

5. HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

Hewlett Packard Enterprise has disclosed a critical vulnerability in its OneView management software, earning a maximum CVSS score of 10.0. The flaw enables unauthenticated attackers to gain complete control over affected systems, posing severe risks to enterprise infrastructure.

Exploitation could lead to data breaches, ransomware deployment, or operational disruption. HPE has released patches and strongly advises immediate updates to prevent exploitation. This vulnerability highlights the dangers of centralized management tools and the need for rigorous patch management in complex IT environments.
Read more on The Hacker News

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!