A critical path-traversal vulnerability in WinRAR is being actively exploited by nation-state groups. The vulnerability, disclosed and patched six months ago, continues to be a target for espionage and financially motivated attacks.

A significant identity-theft campaign is actively targeting Okta Single Sign-On (SSO) accounts across over 100 high-value enterprises. The campaign is orchestrated by the SLSH cybercriminal group.

An XSS vulnerability was discovered in CISA's "Software Acquisition Guide: Supplier Response Web Tool." This vulnerability allowed attackers to inject malicious JavaScript into the web page, potentially affecting other users and defacing the website.

Microsoft, in collaboration with international law enforcement, dismantled the RedVDS cybercrime marketplace. This operation has disrupted a significant source of cybercriminal activity, which facilitated widespread fraud and cyberattacks.

The DHS is in the final stages of establishing a new council, the Alliance of National Councils for Homeland Operational Resilience (ANCHOR), to replace the disbanded Critical Infrastructure Partnership Advisory Council (CIPAC).

Kimwolf has launched numerous DDoS attacks, frequently targeting Minecraft servers with short bursts lasting one to two minutes, though some attacks have extended for hours, causing widespread service disruption.

The NIST and The MITRE Corporation have announced a $20 million initiative to establish two new research centers focused on artificial intelligence (AI) and its impact on cybersecurity for U.S. critical infrastructure.

The DOJ has announced the takedown of E-Note, an alleged money laundering platform used by cybercriminal groups. This operation marks a significant step in disrupting the financial networks supporting cybercrime activities.

Google's December security update for Android addresses 107 vulnerabilities, including two high-severity zero-day vulnerabilities, CVE-2025-48633 and CVE-2025-48572. This update marks the second-highest number of vulnerabilities patched this year.

A high-severity remote code execution vulnerability, CVE-2025-62518 (CVSS 8.1), has been discovered in the async-tar Rust library and its numerous forks, including tokio-tar, uv, testcontainers, wasmCloud, astral-tokio-tar, and krata-tokio-tar.