Daily Security Briefing #106
- DjediTech
- Security , Newsletter
- December 17, 2025
Table of Contents
December 17, 2025 | Read Online
Fortinet exploited, Chrome zero-day espionage, Android TV botnet spans 1.8 million devices…
Executive Summary
Today’s cybersecurity landscape features a surge in highly targeted exploitation and emerging threats that impact both enterprise and consumer environments. Critical vulnerabilities in Fortinet and SonicWall devices underline the urgency in patch management to prevent remote administrative takeover and privilege escalation. Simultaneously, espionage-focused campaigns leveraging a persistent Chrome zero-day vulnerability highlight ongoing risks to media and government sectors. Meanwhile, the emergence of the Kimwolf botnet - hijacking millions of Android-based TVs and devices - exemplifies the increasing scale and sophistication of IoT threats. Attacks exploiting cloud account hijacking and weaponized QR codes show how threat actors continue to exploit diverse platforms and vectors.
Top Articles
Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719 exploited in the wild
Researchers confirmed active exploitation of two critical Fortinet vulnerabilities allowing unauthenticated attackers to bypass authentication via crafted SAML messages, resulting in administrative access. These flaws carry high severity scores and are a major concern for organizations using Fortinet products. Immediate patching is essential to prevent further compromise.
Rapid7
ForumTrol’s Latest Campaign Targets Chrome Users Through Zero-Day Abuse
Operation ForumTroll, tracked since March 2025, abuses a Google Chrome zero-day vulnerability (CVE-2025-2783) to deliver espionage malware without requiring user interaction. Primarily targeting Russian organizations and media outlets, this advanced campaign uses personalized phishing to compromise devices stealthily, emphasizing ongoing risks from browser zero-days.
CyberPress
Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks
A newly identified botnet named Kimwolf has infected approximately 1.8 million Android-based TVs, set-top boxes, and tablets to conduct large-scale distributed denial-of-service (DDoS) attacks. Possibly linked to the AISURU botnet, Kimwolf is compiled using Android’s native development kit, demonstrating the growing IoT attack surface exploited for massive botnet power.
TheHackerNews
Microsoft Desktop Window Manager Flaw Allows Privilege Escalation
A critical vulnerability (CVE-2025-55681) in Windows Desktop Window Manager’s dwmcore.dll allows local attackers to escalate privileges via a flaw in the AddEffectBrush function. Discovered at the TyphoonPWN Windows security competition, Microsoft has released patches to mitigate this high-severity issue. Users should apply updates promptly to secure their systems.
GBHackers | CyberPress
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
SonicWall released patches for a local privilege escalation vulnerability in SMA 100 series appliances (CVE-2025-40602). The flaw stems from insufficient authorization in the management console and has been actively exploited in the wild. Organizations using these appliances should urgently apply the fixes to prevent unauthorized access.
TheHackerNews
Amazon: Ongoing cryptomining campaign uses hacked AWS accounts
Amazon’s GuardDuty team warns about a cryptomining campaign exploiting compromised credentials to abuse AWS Elastic Compute Cloud (EC2) and Elastic Container Service (ECS). Threat actors use hijacked Identity and Access Management accounts to deploy unauthorized cryptomining workloads, highlighting risks in cloud credential security.
BleepingComputer
Kimsuky Hackers Use Weaponized QR Codes to Distribute Malicious Mobile Apps
North Korea-linked Kimsuky hackers are deploying mobile malware via malicious QR codes and fake delivery service impersonations. The sophisticated DOCSWAP malware campaign targets smartphone users, leveraging social engineering to install remote access trojans discreetly on victims’ devices.
GBHackers
Deliberate Internet Shutdowns in Afghanistan Severely Impact Emergency Services
Afghanistan experienced multi-day deliberate internet blackouts ordered by the Taliban regime, reportedly to curb “immoral activities.” These shutdowns disrupted earthquake emergency communications, grounded flights, and halted banking operations, illustrating the severe risks of government-mandated internet control.
Schneier
Dynamic EASM Discovery: Continuous Discovery for a Changing Attack Surface
Enterprises face expanding external attack surfaces as new domains, cloud workloads, and infrastructure dynamically evolve. This article highlights the importance of continuous External Attack Surface Management (EASM) to automatically discover and monitor exposures that manual inventories miss, helping CISOs stay ahead of emerging risks.
Rapid7
UNREDACTED Magazine 010 & More
Following a successful ad-free and donation-supported issue 009 with over 50,000 downloads, this update recaps the ongoing experiment in providing independent cybersecurity content through UNREDACTED Magazine’s latest edition.
Intel Techniques
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.