Executive Summary In December 2025, Fortinet, Ivanti, and SAP released urgent security patches addressing critical vulnerabilities that could allow authentication bypass and remote code execution (RCE). These flaws are being actively discussed in the security community due to their high severity and exploitation potential. This report provides a detailed analysis, including technical details, exploitation evidence, IOCs, and references. 1. Fortinet Vulnerabilities Vulnerabili

Executive Summary In the first half of 2025, Japanese organizations experienced a significant escalation in ransomware attacks, with confirmed incidents rising by approximately 1.4 times compared to the previous year. Sixty-eight cases were reported between January and June 2025, averaging 11 incidents per month. The manufacturing sector was the most affected, accounting for 18.2% of incidents, followed by automotive, trading, construction, and transportation industries. Smal

Executive Summary A critical XML External Entity (XXE) injection vulnerability, CVE-2025-66516 , has been identified in Apache Tika , carrying a maximum CVSS score of 10.0. This vulnerability is the result of a patch miss, where the initial remediation failed to address the root cause in all relevant modules, leaving many deployments exposed even after partial upgrades. Attackers can exploit this flaw by submitting specially crafted PDF files containing malicious XML Forms Ar

Executive Summary Recent cybersecurity research has revealed over 30 critical vulnerabilities in leading AI coding tools and inference engines, including Meta Llama LLM , vLLM , NVIDIA TensorRT-LLM , Modular Max Server , Microsoft Sarathi-Serve , and SGLang . These flaws, collectively identified as the "ShadowMQ" pattern, enable remote code execution (RCE) and data theft, representing a significant threat to organizations deploying AI infrastructure. The vulnerabilities prima

Executive Summary A critical XML External Entity (XXE) injection vulnerability, CVE-2025-66516 (CVSS 10.0), has been identified in Apache Tika , a widely used content analysis toolkit. This vulnerability enables unauthenticated attackers to exploit the PDF parsing functionality, leading to arbitrary file disclosure, Server-Side Request Forgery (SSRF), and, under certain conditions, remote code execution. The flaw is present in multiple Apache Tika modules, including tika-co

Executive Summary A critical zero-click vulnerability has been identified in agentic browsers, most notably the Perplexity Comet Browser , which enables attackers to delete the entire contents of a victim’s Google Drive using only a carefully crafted email. This attack leverages the natural language processing capabilities of AI-powered browser agents, which, when granted OAuth access to Gmail and Google Drive , can autonomously interpret and execute instructions embedded i

Executive Summary Barts Health NHS Trust has disclosed a significant data breach following the exploitation of a zero-day vulnerability in Oracle E-Business Suite by the Cl0p ransomware group. The breach resulted in the theft and subsequent dark web exposure of files containing personal and financial information of patients, former staff, and suppliers. The attack was limited to business systems, specifically those handling invoicing and accounting, and did not impact elect

Executive Summary The React2Shell vulnerability, tracked as CVE-2025-55182, represents a critical unauthenticated remote code execution (RCE) flaw in React Server Components and frameworks such as Next.js . This vulnerability is being actively exploited in the wild, with over 77,000 Internet-exposed IP addresses confirmed as vulnerable and at least 30 organizations already breached. The exploitation campaign is notable for its rapid weaponization by advanced persistent thre

Executive Summary On December 3, 2025, Leroy Merlin , a leading French home improvement and gardening retailer, disclosed a data breach affecting its customers in France. The breach resulted in the exposure of personal information, including full names, phone numbers, email addresses, postal addresses, dates of birth, and loyalty program-related data. No financial information or account passwords were compromised. The company responded by blocking unauthorized access, notifyi

Executive Summary A critical vulnerability, codenamed React2shell , has been identified in React Server Components (RSC) and Next.js , tracked as CVE-2025-55182 for React and CVE-2025-66478 for Next.js. This flaw enables unauthenticated remote code execution (RCE) on affected servers, allowing attackers to execute arbitrary code without any authentication or prior access. The vulnerability is rated with a maximum CVSS score of 10.0, reflecting its severity and the ease wit

Executive Summary The ShadyPanda threat actor has orchestrated one of the most significant browser-based supply chain attacks in recent years, weaponizing millions of browsers through malicious extensions on both Google Chrome and Microsoft Edge . This campaign, active since at least 2018, has resulted in the compromise of over 4.3 million users worldwide. By leveraging the trust associated with “verified” and “featured” browser extensions, ShadyPanda was able to deliver

Executive Summary A highly sophisticated supply chain attack has been uncovered targeting the Web3 development ecosystem through the deployment of a malicious Rust crate, evm-units , on the official crates.io repository. This crate, along with a secondary package, uniswap-utils , was designed to masquerade as a legitimate Ethereum Virtual Machine (EVM) utility, enticing unsuspecting developers to incorporate it into their projects. Once integrated, the crate delivered OS-spe

Executive Summary Marquis Software Solutions, a Texas-based provider of data analytics, compliance, and marketing services to the financial sector, experienced a significant data breach following a ransomware attack on August 14, 2025. The incident, attributed to exploitation of a vulnerability in the SonicWall firewall, resulted in unauthorized access to sensitive personal information belonging to customers of over 74 US banks and credit unions. More than 400,000 individual

Executive Summary A critical security vulnerability, CVE-2025-55182 , has been identified in React Server Components (RSC), a core technology underpinning modern web frameworks such as Next.js , React Router , Waku , Parcel RSC plugin , and Vite RSC plugin . This vulnerability, rated CVSS 10.0 (Critical), enables unauthenticated remote code execution (RCE) on affected servers by exploiting unsafe deserialization in the RSC protocol. The flaw allows attackers to execute arbit

Executive Summary A critical vulnerability has been identified and patched in the OpenAI Codex CLI , a widely adopted command-line interface that enables developers to automate coding tasks using artificial intelligence. This flaw, discovered by Check Point Research and remediated in version 0.23.0, allowed adversaries to execute arbitrary code on developer endpoints by manipulating project-specific configuration files. The vulnerability, classified as command injection via

Executive Summary A coordinated campaign, identified as Operation RedDirection , has compromised over 2.3 million users through 18 malicious browser extensions distributed via the official Google Chrome and Microsoft Edge web stores. These extensions, initially benign and widely trusted due to positive reviews and verified badges, were later weaponized through malicious updates. Once activated, the extensions tracked users’ browsing activity, communicated with attacker-cont

Executive Summary The December 2025 Android security update, released by Google , addresses a total of 107 vulnerabilities, among which two critical zero-day flaws— CVE-2025-48633 and CVE-2025-48572 —stand out due to their confirmed exploitation in the wild. These vulnerabilities impact the Android Framework on versions 13, 14, 15, and 16, and have been leveraged in highly targeted surveillance and espionage campaigns. The exploitation of these flaws is consistent with the

Executive Summary The University of Pennsylvania has confirmed a significant data breach following the exploitation of a zero-day vulnerability in the Oracle E-Business Suite (EBS) , in conjunction with a sophisticated social engineering attack. The incident, discovered on October 31, 2025, resulted in unauthorized access to systems related to the university’s development and alumni activities. Attackers obtained sensitive personal information, including names and other perso

Executive Summary The emergence of the Albiriox Malware-as-a-Service ( MaaS ) platform marks a significant escalation in the threat landscape for mobile banking, fintech, and cryptocurrency applications. First observed in September 2025, Albiriox is a rapidly evolving Android malware family engineered for On-Device Fraud ( ODF ), enabling attackers to take full control of infected devices, perform real-time fraudulent transactions, and harvest credentials from over 400 targ

Executive Summary The U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) has issued a critical advisory regarding a newly exploited vulnerability in ScadaBR , an open-source Supervisory Control and Data Acquisition (SCADA) platform widely used in industrial control systems (ICS) and operational technology (OT) environments. The vulnerability, tracked as CVE-2021-26829 , is a stored cross-site scripting (XSS) flaw that allows authenticated attackers to inject arbit