CyberNews: 15/12/2025 Edition

Published by Dunateo on 2025-12-15

Today’s roundup

  • Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika
  • FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
  • Google links more Chinese hacking groups to React2Shell attacks
  • Token Leak via Open Redirection and CSRF in the Callback Handler of cloudflare/workers-oauth-provider
  • 700Credit data breach impacts 5.8 million vehicle dealership customers
  • French Interior Ministry confirms cyberattack on email servers
  • Jaguar Land Rover confirms staff data stolen in cyberattack
  • A Browser Extension Risk Guide After the ShadyPanda Campaign
  • VolkLocker Ransomware Exposed by Hard-Coded Master Key Allowing Free Decryption
  • Top 25 Most Dangerous Software Weaknesses of 2025 Revealed

    • Summary

    Atlassian released security updates addressing dozens of flaws, including a maximum-severity XML External Entity (XXE) injection vulnerability, CVE-2025-66516 (CVSS 10.0), in Apache Tika. This critical flaw affects Tika core and parser modules, allowing attackers to exploit crafted PDF files for sensitive internal resource access.

    Multiple critical vulnerabilities, including SQL injection, file-upload flaws, and an authentication bypass (CVE-2025-61675), have been patched in the open-source FreePBX platform. These shortcomings, discovered by Horizon3.ai, could facilitate remote code execution under specific configurations.

    Google's threat intelligence team has attributed the exploitation of the maximum-severity "React2Shell" remote code execution vulnerability to five additional Chinese hacking groups. This indicates a broadening landscape of nation-state actors leveraging this critical flaw.

    A medium-severity token leak vulnerability was disclosed in `cloudflare/workers-oauth-provider`, impacting Cloudflare's OAuth callback handler. The flaw involves open redirection and CSRF, allowing attackers to redirect a user's Cloudflare MCP OAuth token to arbitrary endpoints. The issue was fixed by October 20, 2025.

    700Credit, a U.S. financial services company for vehicle dealerships, is notifying over 5.8 million customers about a data breach exposing their personal information. The extent of compromised data is under investigation.

    The French Ministry of the Interior confirmed a cyberattack compromised its email servers. Investigations are ongoing to determine the full impact and identify the responsible parties.

    Jaguar Land Rover confirmed that staff data, including that of current and former employees and contractors, was stolen during a cyberattack in August. This is the first detailed disclosure from the automaker regarding the incident's impact on personnel.

    The "ShadyPanda" cybercrime campaign, which hijacked popular Chrome and Edge browser extensions for seven years, has been exposed. The group cultivated trust with millions of installs before weaponizing the extensions, highlighting long-term risks.

    VolkLocker, a new ransomware-as-a-service from the pro-Russian group CyberVolk, contains a critical implementation flaw: a hard-coded master key. This allows victims to decrypt their files without paying the ransom.

    MITRE has released its 2025 Top 25 Common Weakness Enumeration (CWE) list, identifying the most dangerous software weaknesses based on nearly 40,000 CVEs. This serves as a vital resource for cybersecurity professionals in risk management and secure development.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-66516 Critical
    CVE-2025-61675 High