Threat Advisories:
CVE-2026-34926: Trend Micro Apex One Under Active Exploitation CVE-2026-5426: Hard-Coded Machine Keys Open Door to RCE CVE-2026-9082 Opens the Door to Remote SQL Injection on Drupal Gemini on Payroll: A Solo Actor Outsources a Five-Year Influence Op to AI CVE-2026-48172: Critical LiteSpeed cPanel Flaw Actively Exploited SHub Reaper A macOS Stealer Wearing Three Trusted Masks 72-Hour Window of Trust: Fox Tempest’s Abuse of Microsoft Artifact Signing May 2026 Linux Patch Roundup From npm to GitHub: TeamPCP’s May 2026 Escalation Reaches the Source Code Platform Inside Storm-2949’s Cloud Takeover Campaign Targeting Microsoft 365 and Azure Dead.Letter Walking: Unauthenticated RCE Stalks Exim Mail Servers One Million WordPress Sites at Risk: Avada Builder Flaws Expose Sensitive Data Three Strikes in Two Weeks: Fragnesia Joins the Dirty Frag Family Critical NGINX Vulnerabilities Including 18-Year-Old RCE Flaw Actively Exploited Active Exploitation of CVE-2026-42897 Targets Microsoft Exchange Servers FamousSparrow’s Persistent Hold on Azerbaijani Oil & Gas Cisco SD-WAN Authentication Bypass Exploited in Zero-Day Attacks Mini Shai-Hulud npm Supply Chain Worm: TanStack and Multi-Ecosystem Compromise Malicious Ruby Gems Fuel GemStuffer Data Theft Campaign Microsoft’s May 2026 Patch Tuesday
New Report Critical Threat Research : The Iranian Cyber War Intensifies! Download the Report
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them. Powered by:
IntegrationsOut of box integrations available with a comprehensive set of Security and IT operations tools in your organisation.
HiveForce LabsThe in-house intelligence that enables customers to identify and address immediate cyber risks and potential threats with precision, clear insights, and swift action.
Hive Pro’s ComparisonSave Cost , Reduce Complexity and Increase Security by Augmenting and Replacing your existing Vulnerability Management platform
Hive Pro vs Rapid7
Hive Pro vs Tenable
Hive Pro vs Qualys
Hive Pro vs Nucleus Security
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Learning Center
Podcasts
Threat Advisories
Threat Digests
Blog
Whitepapers
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoFree Iranian Exposure Assessment
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and adversarial exposure validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them. Powered by:
IntegrationsOut of box integrations available with a comprehensive set of Security and IT operations tools in your organisation.
HiveForce LabsThe in-house intelligence that enables customers to identify and address immediate cyber risks and potential threats with precision, clear insights, and swift action.
Hive Pro’s Comparison
Hive Pro vs Rapid7
Hive Pro vs Tenable
Hive Pro vs Qualys
Hive Pro vs Nucleus Security
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Adversarial Exposure Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Learning Center
Podcasts
Threat Advisories
Threat Digests
Blog
Whitepapers
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoFree Iranian Exposure Assessment
January 7, 2026

Monthly Threat Digest DECEMBER 2025

For a detailed threat digest, download the pdf file here


December emerged as a particularly volatile period for cybersecurity, underscored by the disclosure of three high-profile “celebrity” vulnerabilities, React2Shell, MongoBleed, and LangGrinch, alongside eleven zero-day flaws. Chief among them was CVE-2025-55182, widely known as React2Shell, a critical unauthenticated remote code execution vulnerability rooted in unsafe deserialization within React Server Components’ Flight protocol. The flaw was weaponized within days of disclosure, with multiple threat actors leveraging it to deploy cryptominers, web shells, and persistent backdoors. The month also saw Google issue an emergency Chrome update, patching three vulnerabilities, including the actively exploited zero-day CVE-2025-14174 in the ANGLE graphics engine.

At the same time, attackers aggressively exploited weaknesses across widely deployed enterprise infrastructure. Two critical Fortinet flaws, CVE-2025-59718 and CVE-2025-59719, enabled unauthenticated bypass of FortiCloud SSO authentication through crafted SAML responses, placing exposed environments at immediate risk. Cisco was also forced to confront a severe zero-day, CVE-2025-20393, affecting AsyncOS in Cisco Secure Email Gateway and Secure Email and Web Manager appliances. Exploitation has been ongoing since late November 2025 and has been attributed to the China-linked APT group UAT-9686, which deployed advanced persistence malware to maintain long-term access.

Beyond vulnerabilities, December highlighted a surge in mature and stealth-driven threat actor campaigns. Iran-aligned MuddyWater resurfaced with a refined cyberespionage operation targeting Israel and Egypt, using spear-phishing lures that directed victims to legitimate file-sharing services to deliver trojanized RMM installers and new tooling such as the Fooder loader and MuddyViper backdoor. In parallel, Russia-origin Operation MoneyMount-ISO continued to spread Phantom infostealer via multi-stage phishing chains abusing ISO files. Silver Fox’s impersonation of India’s Income Tax Department to deploy ValleyRAT further illustrated how trusted platforms and institutions are being weaponized at scale. Collectively, these developments reinforce a stark reality: the threat landscape is becoming faster, stealthier, demanding sustained vigilance and rapid defensive action from organizations worldwide.

Subscribe to receive our weekly threat digests and alerts directly in your inbox.

Recent Resources

Dive into our library of resources for expert insights, guides, and in-depth analysis on maximizing Uni5 Xposure’s capabilities

Zafran vs Hive Pro CTEM platform comparison dashboard
Reviews
Blog
Zafran vs Hive Pro: A Fair CTEM Comparison
Book a demo to compare Zafran vs Hive Pro for CTEM, including discovery, BAS validation, threat context, and remediation workflow fit.
Kubernetes security scanning across container workloads
Blog
Blog
Kubernetes Security Scanning: A DevSecOps Guide
Contact Hive Pro for kubernetes security scanning guidance across images, clusters, and runtime workloads, with risk-based container remediation.
Enterprise identity exposure management network map
Blog
Blog
Identity Exposure Management: Why It Matters
Book a demo to strengthen identity exposure management with CTEM, credential exposure insight, and validated remediation paths.
Security analyst assessing identity exposure management risk paths
Article
Blog
Identity Exposure Management: Risks and Response
Get identity exposure management guidance for reducing identity attack paths, prioritizing risk, validating controls, and strengthening CTEM action.
CrowdStrike vs Hive Pro vulnerability management comparison dashboard
Blog
Blog
CrowdStrike vs Hive Pro: VM Compared
Compare CrowdStrike Falcon Spotlight and Hive Pro for vulnerability management, CTEM, BAS validation, threat intelligence, and remediation.
NIST cybersecurity framework CTEM alignment across governance, discovery, prioritization, validation, and mobilization
Blog
Blog
NIST Cybersecurity Framework and CTEM Alignment
Map CTEM stages to NIST CSF 2.0 functions so exposure management moves from framework outcomes to measurable risk reduction.
Nucleus Security vs Hive Pro exposure management platform comparison
Blog
Blog
Nucleus Security vs Hive Pro: CTEM Comparison
Compare Nucleus Security vs Hive Pro for exposure management, including integrations, BAS, threat intelligence, CTEM coverage, and remediation.
Blog
Blog
The Machine Found It First. The Machine Will Exploit It Next.
For decades, the question behind every CVE has been “who found it, and how fast can attackers catch up?” As

Book a demo and find out more about how Hive Pro can double your operational efficiency

Book a Demo