Weekly Threat Digest : 15th DECEMBER to 21st DECEMBER 2025

For a detailed threat digest, download the PDF file here

HiveForce Labs has reported a sharp rise in cybersecurity threats, highlighting the increasing complexity and frequency of global cyber incidents. Over the past week, eighteen major attacks were detected, eight vulnerabilities were publicly disclosed, and six active threat actor group was monitored, signaling a concerning escalation in malicious activity.

Several high-impact vulnerabilities and zero-day exploits are driving this surge. Apple issued emergency security updates to patch two actively exploited WebKit zero-days, CVE-2025-43529 and CVE-2025-14174, which were leveraged in highly targeted attacks and could enable remote code execution. Additionally, SonicWall also addressed CVE-2025-40602, an actively exploited vulnerability affecting the SMA 1000 series Appliance Management Console. Adding to the urgency, Cisco disclosed CVE-2025-20393, a critical zero-day in Cisco AsyncOS that allows unauthenticated remote command execution with root privileges through the Spam Quarantine interface. The flaw has been exploited since late November 2025 by the China-linked APT group UAT-9686, and no official patch is currently available.

On the malware front, GhostPoster has emerged as a stealthy and large-scale campaign abusing trusted Firefox extensions to infect users, concealing malicious JavaScript within PNG logo files using steganography. Moreover, Operation MoneyMount-ISO continues to target victims through phishing emails carrying fake payment confirmations, ultimately deploying the Phantom information stealer via ZIP archives containing malicious ISO files. Together, these developments highlight the urgent need for timely patching, continuous monitoring, and layered security controls to keep pace with an increasingly aggressive and fast-moving threat landscape.

Subscribe to receive our weekly threat digests and alerts directly in your inbox.