Daily Security Briefing #107
- DjediTech
- Security , Newsletter
- December 18, 2025
Table of Contents
December 18, 2025 | Read Online
Critical unauthenticated RCE in HPE OneView, Lazarus and Kimsuky infrastructure uncovered, and RansomHouse enhances double extortion tactics…
Executive Summary
Today’s cybersecurity landscape highlights persistent risks from state-sponsored threat actors and evolving ransomware capabilities, underscored by critical vulnerabilities in widely used enterprise software. The discovery of new Lazarus and Kimsuky infrastructure signals continued sophisticated espionage efforts leveraging advanced tunneling and credential theft mechanisms. Meanwhile, ransomware-as-a-service operations like RansomHouse are refining their double extortion strategies with enhanced encryption and data theft techniques. Organizations are urged to patch critical flaws such as the CVSS 10.0 remote code execution vulnerability in HPE OneView promptly. Additionally, evolving threats targeting software supply chains and compliance challenges call for reinforced security practices and awareness.
Top Articles
CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView
HPE disclosed a maximum severity (CVSS 10.0) remote code execution vulnerability in HPE OneView versions prior to 11.0. This unauthenticated flaw allows attackers to execute arbitrary code, potentially compromising IT infrastructure management systems. HPE recommends immediate upgrading to version 11.0 or applying emergency hotfixes to mitigate risk.
Rapid7 | TheHackerNews
New Lazarus and Kimsuky Infrastructure Discovered with Active Tools and Tunneling Nodes
A joint investigation by Hunt.io and Acronis TRU revealed previously undocumented North Korean state-linked infrastructure used by Lazarus and Kimsuky groups. The network includes active command-and-control servers, tunneling nodes, and credential-theft platforms, highlighting sophisticated cyber espionage operations against multiple regions.
GBHackers | CyberPress
RansomHouse RaaS Enhances Double Extortion with Data Theft and Encryption
RansomHouse, operated by Jolly Scorpius, significantly improved its ransomware capabilities by adopting multi-layered encryption and combining data theft with encryption for double extortion. This upgrade marks an alarming increase in technical sophistication, intensifying the threat ransomware poses to organizations worldwide.
GBHackers
Check Point Infinity Global Services Launches First AI Security Training Courses
Infinity Global Services announced the launch of dedicated AI security training courses, addressing risks associated with AI technology. The offerings will expand to cover AI red teaming, governance, and implementation consulting, supporting enterprises in securely integrating AI.
Checkpoint Blog
Malicious NuGet Package Masquerades as .NET Library to Steal Crypto Wallets and OAuth Tokens
ReversingLabs researchers found 14 malicious NuGet packages impersonating legitimate .NET crypto libraries, targeting cryptocurrency developers and users. One fake library, “Nethereum all,” mimics the popular Ethereum integration Nethereum to steal wallets and OAuth tokens, exposing supply chain risks in open-source ecosystems.
CyberPress
China-Aligned Threat Group Uses Windows Group Policy to Deploy Espionage Malware
The LongNosedGoblin threat cluster, active since at least September 2023, targets government entities in Southeast Asia and Japan using Windows Group Policy to deploy espionage malware. This China-aligned group focuses on long-term cyber espionage operations in the region.
TheHackerNews
University of Sydney Suffers Data Breach Exposing Student and Staff Info
Hackers accessed an online coding repository at the University of Sydney, stealing personal information of both students and staff. The breach raises concerns over security practices surrounding accessible code repositories containing sensitive data.
BleepingComputer
NIS2 Compliance: How to Get Passwords and MFA Right
NIS2 regulations emphasize strong identity and access management controls. Specops Software outlines strategies for aligning password policies and multifactor authentication setups to meet compliance requirements, reducing risk from weak authentication practices.
BleepingComputer
Someone Boarded a Plane at Heathrow Without a Ticket or Passport
A man bypassed Heathrow security and boarding checks by tailgating through security and impersonating a family member during inspection. The incident highlights vulnerabilities in physical security protocols at major transportation hubs.
Schneier on Security
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.