Summary
December closed out 2025 by exposing a hardened exploitation environment, where high-impact vulnerabilities were rapidly absorbed into active attack chains. During the month, 20 vulnerabilities were added to the CISA Known Exploited Vulnerabilities (KEV) catalog, spanning major vendors such as Microsoft, Google, Apple, Fortinet, and ASUS. The breadth of affected products highlighted sustained adversarial focus across both consumer and enterprise platforms that underpin global digital infrastructure.
A key standout was a Meta React Server Components vulnerability, which was actively exploited by multiple threat actors and assessed to pose a long-term risk due to its widespread adoption and deep integration within modern web applications.
Ransomware activity remained elevated, with Qilin, Akira, and Safepay driving a significant share of high-impact intrusions across the threat landscape. Adversaries continued to target critical sectors such as healthcare, education, and manufacturing, chaining both newly disclosed and long-standing vulnerabilities to obtain initial access, deploy encryption payloads, exfiltrate sensitive data, and cause widespread operational disruption.
Subscribe to our Newsletter
%20(1).png)
