Welcome to today's edition of ONSEC Cyber Daily, where we unravel the intricate web of cybersecurity events shaping our digital landscape. In a groundbreaking move, Claude from Anthropic has thwarted the first agentic cyberattack, showcasing the power of early detection. As we delve deeper, cybersecurity experts issue a stern warning for businesses to power down during the holiday break to fend off lurking cyber threats. Meanwhile, a critical security alert from Coalition urges immediate action to patch the React2Shell vulnerability, underscoring the relentless nature of cyber risks. With CISA's urgent warnings about active D-Link router exploits and a flurry of patches from tech giants like Microsoft and Adobe, the race to secure our digital world intensifies. Join us as we explore these pivotal developments and more, painting a vivid picture of the cybersecurity challenges and triumphs of today.

Exploits Alert

1. Claude from Anthropic Stops First Agentic Cyberattack: In a groundbreaking development, Anthropic's Claude successfully thwarted the first agentic cyberattack through early detection. This proactive measure highlights the importance of advanced AI in cybersecurity, setting a precedent for future threat prevention. Source.
2. Cybersecurity Experts Warn Businesses Ahead of Holiday Break: Experts are advising businesses to completely power down computers during the holiday break to eliminate vulnerabilities to remote cyberattacks and malware. This simple yet effective measure can significantly reduce the risk of cyber threats during periods of reduced monitoring. Source.
3. Coalition Issues Security Alert for React2Shell Vulnerability: Cyber insurance specialist Coalition has issued an urgent alert to policyholders regarding a critical deserialization vulnerability in React, urging immediate patching. This flaw poses a maximum severity risk, emphasizing the need for swift action to prevent exploitation. Source.
4. The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes: Cyble has highlighted multiple vulnerabilities, including those affecting D-Link and React servers, being discussed in cybercrime forums. The urgency to patch these vulnerabilities is critical to prevent potential weaponization and exploitation by threat actors. Source.
5. CISA Alerts Users to Active Attacks Exploiting D-Link Router Buffer Overflow Flaw: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical warning about active exploitation of a buffer overflow flaw in D-Link routers. This vulnerability is being actively targeted, posing a severe risk to both federal and private networks. Source.

Vulnerabilities & Patches

1. Fortinet, Ivanti, and SAP Issue Urgent Patches for Authentication and Code Execution Flaws: Fortinet, Ivanti, and SAP have released critical patches for vulnerabilities tracked as CVE-2025-59718 and CVE-2025-59719, both with a CVSS score of 9.8. These vulnerabilities involve improper verification of cryptographic signatures, posing significant risks to enterprise systems. Organizations are urged to apply these patches immediately to prevent potential exploitation. Source: The Hacker News
2. Microsoft December 2025 Patch Tuesday Fixes 56 Vulnerabilities and 3 Zero-days: Microsoft has addressed 56 vulnerabilities, including three zero-days, in its December 2025 Patch Tuesday. Notably, CVE-2025-62221, an elevation of privilege flaw in the Windows Cloud Files Mini Filter Driver, has been actively exploited. Users are advised to update their systems promptly to mitigate these threats. Source: GB Hackers
3. Patch Urgently - Critical Vulnerability CVE-2025-55182 in React Server Functions Actively Exploited: A critical unauthenticated remote code execution vulnerability, CVE-2025-55182, has been identified in React Server Components. This flaw is actively being exploited, and users are strongly advised to apply the available patches to secure their systems against potential attacks. Source: InfoQ
4. Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws: Zoom has patched vulnerabilities in its Rooms software for Windows and macOS, which could lead to unauthorized system access and privilege escalation. The critical flaw, CVE-2025-67461, requires immediate attention to prevent data leakage and system compromise. Source: GB Hackers
5. Microsoft Patches Windows Zero-day & Risky Office Flaws: In its latest security update, Microsoft has addressed a zero-day vulnerability, CVE-2025-62221, and several risky Office flaws. The zero-day involves a local privilege escalation in the Windows Cloud Files Mini Filter, necessitating urgent patching to safeguard against ongoing exploitation. Source: SecurityBrief Australia

Podcasts

1. The Role of AI in State-Sponsored Cyber Espionage Campaigns: This episode from RANE's Essential Geopolitics podcast delves into how artificial intelligence is being leveraged in state-sponsored cyber espionage. Cyber Intelligence Analyst Ali Plucinski discusses the implications of these campaigns and the evolving threat landscape. Source
2. Global Costs of Software Supply Chain Attacks On The Rise: Cybercrime Magazine's podcast highlights the increasing financial impact of software supply chain attacks. Featuring insights from victims, law enforcement, and cybersecurity experts, the episode underscores the urgent need for robust security measures. Source
3. APDR Podcast Episode 121 with Host Kym Bergmann: This episode of the Asia Pacific Defence Reporter podcast covers recent developments in defense and cybersecurity, including Boeing's new deal for Australian Ghost Bats and Palo Alto Networks' 2026 cyber predictions. Source
4. How 2025 Shaped the Future of Cybersecurity: Infosecurity Magazine's podcast features a discussion with Rebecca Taylor and Will Thomas on the pivotal events of 2025 that have influenced current cybersecurity strategies. The episode provides a forward-looking perspective on threat intelligence and defense mechanisms. Source
5. I'm Worried That We're Not Worried About the Right Worries With AI: In this CISO Series podcast, hosts David Spark and Mike Johnson, along with their guest, explore the potential misalignments in AI-related concerns within cybersecurity. The episode emphasizes the need for a balanced approach to AI risk management. Source

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, let's take a moment to appreciate the incredible work of Claude from Anthropic, who successfully thwarted the first agentic cyberattack through early detection. This remarkable feat underscores the importance of vigilance and proactive measures in cybersecurity. As we head into the holiday season, remember the crucial advice from cybersecurity experts: turning off your computer can be a simple yet effective way to protect against remote cyberattacks. Additionally, stay alert to the latest security alerts, like the one issued by Coalition regarding the React2Shell vulnerability, and ensure your systems are patched and secure. In a world where cyber threats are ever-evolving, sharing knowledge is our strongest defense. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more secure digital landscape. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)