Exploited Vulns, HybridPetya Ransomware & Spyware – 09/12/2025

Today’s security landscape is marked by several actively exploited vulnerabilities, including a critical RCE flaw in Dassault Systèmes software added to CISA’s KEV catalog and a zero-day in Samsung Android devices. Threat intelligence reveals the emergence of HybridPetya, a sophisticated ransomware that can bypass UEFI Secure Boot. Additionally, a China-linked espionage campaign targeting the Philippines and another spyware attack aimed at Apple users in France highlight the persistent nation-state threat.

Top 5 Critical Security Alerts

• CISA warns of actively exploited Dassault RCE vulnerability; CISA has added a critical remote code execution flaw (CVE-2025-5086) in Dassault Systèmes’ DELMIA Apriso software to its KEV catalog due to active exploitation. Read more
• Samsung patches actively exploited zero-day reported by WhatsApp; Samsung has patched a critical remote code execution zero-day vulnerability (CVE-2025-21043) in Android devices that was actively exploited in targeted attacks. Read more
• New HybridPetya ransomware can bypass UEFI Secure Boot: A new ransomware strain, HybridPetya, has been discovered that can bypass UEFI Secure Boot protections to install a malicious boot application, similar to NotPetya. Read more
• Philippine military company spied upon with new China-linked malware: Researchers have uncovered a sophisticated, China-linked malware toolset used in an espionage campaign targeting a Philippine military company. Read more
• Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms: Apple and France’s CERT-FR have confirmed a fourth spyware campaign in 2025, with notifications sent to targeted iPhone users in France. Read more

Threat Intelligence

• Attackers Adopting Novel LOTL Techniques to Evade Detection: Threat actors are increasingly using uncommon living-off-the-land binaries (LOTL) and legitimate image files in recent campaigns to evade standard detection methods. Read more

Security Breaches & Incidents

• Vietnam, Panama governments suffer incidents leaking citizen data: Government entities in Vietnam and Panama are investigating data breaches claimed by cybercrime groups, potentially exposing sensitive citizen information. Read more
• Hacker convicted of extorting 20,000 psychotherapy victims walks free during appeal: The hacker convicted for the Vastaamo psychotherapy center data breach and extortion of 20,000 victims has been released from custody pending his appeal. Read more
• ICO Warns of Student-Led Data Breaches in UK Schools: The UK’s Information Commissioner’s Office (ICO) is warning about a rise in data breaches caused by students hacking into school computer systems. Read more

Security Tools & Best Practices

• The first three things you’ll want during a cyberattack: A new guide outlines the three essentials for effective incident response: clarity to understand the attack, control to contain it, and a reliable recovery plan. Read more
• A Cyberattack Victim Notification Framework: A new report analyzes challenges in victim notification and proposes a framework for cloud providers to improve the process, ensuring victims receive and trust alerts. Read more
• Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories: A vulnerability in the Cursor AI code editor could allow arbitrary code execution if a user opens a malicious repository, due to an insecure default setting. Read more

Cloud & Network Security

• Cloud-Native Security in 2025: Why Runtime Visibility Must Take Center Stage: As cloud-native adoption grows, runtime visibility is becoming essential for security teams to monitor complex, hybrid environments and counter expanding attack surfaces. Read more

Security Standards & Frameworks

• CISA official calls on lawmakers to extend cyber info-sharing law: A CISA official is urging Congress to renew the 2015 Cybersecurity Information Sharing Act (CISA 2015) before it expires to maintain public-private threat intelligence sharing. Read more
• DHS inspector general: CISA mismanaged multimillion-dollar employee incentives program: An audit by the DHS Inspector General found that CISA mismanaged its Cybersecurity Retention Incentive program, failing to comply with established requirements. Read more