CyberNews: 23/12/2025 Edition

Today’s roundup

Summary

A critical security vulnerability (CVE-2025-68613), with a CVSS score of 9.9, has been disclosed in the n8n workflow automation platform. This flaw, if exploited, could lead to arbitrary code execution across thousands of instances, impacting a package with approximately 57,000 weekly downloads.


New research reveals how the `List-Unsubscribe` SMTP header can be exploited for Cross-Site Scripting (XSS) and Server-Side Request Forgery (SSRF) attacks. A real-world example includes a Stored XSS vulnerability in Horde Webmail (CVE-2025-68673) and a potential Blind SSRF in Nextcloud Mail App, emphasizing the risks of overlooked old standards in modern applications.


CISA has added a command injection vulnerability (CVE-2023-52163, CVSS 8.8) affecting end-of-life Digiever DS-2105 Pro network video recorders to its Known Exploited Vulnerabilities catalog. Federal agencies are mandated to remediate the flaw by January 12, 2026, as no official patches are available for the unsupported devices.


The latest variant of the MacSync information stealer is actively evading macOS Gatekeeper checks. The malware is being delivered through digitally signed and notarized Swift applications, allowing it to bypass Apple's security mechanisms.


The Clop ransomware gang successfully breached the University of Phoenix's network in August, stealing sensitive data belonging to nearly 3.5 million students, staff, and suppliers. The incident represents a significant data compromise by a prominent ransomware group.


E-commerce giant Coupang has disclosed a data breach impacting 33.7 million customers. The unauthorized access to personal data went undetected for nearly five months, highlighting critical risks associated with insider credential abuse within organizations.


Romania's national water management authority, Romanian Waters, was subjected to a ransomware attack over the weekend, affecting approximately 1,000 IT systems across its central organization and ten regional offices. Authorities confirmed that critical operational technology (OT) systems managing water infrastructure were not impacted, and water operations continue normally, though Windows BitLocker was used for encryption.


France's national postal service, La Poste, and associated digital banking services experienced significant online disruptions due to a major network incident, later confirmed as a distributed denial-of-service (DDoS) attack. The incident impacted millions of users, affecting digital banking and other essential services.


Operation Sentinel, an Interpol-coordinated initiative, led to the arrest of 574 individuals and the recovery of $3 million in illicit funds across 19 African countries between October 27 and November 27, 2025. The operation focused on business email compromise, extortion, and ransomware incidents, also resulting in the decryption of six different ransomware strains.


A judge has issued a ruling preventing NSO Group from continuing to install spyware via WhatsApp, pending the company's appeal. The ongoing legal battle centers on allegations that NSO Group used its Pegasus zero-click spyware to target 1,400 WhatsApp users in 2019. This ruling has significant implications for state-sponsored surveillance and digital privacy.

Want to dig deeper?

Vulnerabilities