top of page

Cybersecurity Weekly Update: 15-22 December 2025

  • Writer: SOC Team
    SOC Team
  • 11 minutes ago
  • 2 min read

1. Gladinet CentreStack & Triofox Hard‑Coded Key Flaw (CVE‑2025‑14611)


A vulnerability in Gladinet’s CentreStack and Triofox exposes hard‑coded cryptographic keys. Attackers can forge access tokens and potentially execute code remotely. Several organisations have reportedly been targeted. (Huntress)


Why it matters: These platforms are used for enterprise file sharing and remote access. Exploitation can lead to system compromise and data theft.


Action: Update to the latest version, restrict external exposure, audit access logs, and monitor for unusual activity.


2. SoundCloud Data Breach — User Data Exfiltrated


SoundCloud confirmed a security compromise that resulted in the unauthorised access and exfiltration of user account data, affecting roughly 20 % of its user base. Hackers gained access to email addresses and public profile information — not financial data but still sensitive enough to fuel phishing attacks and identity abuse. (Cyber Security News)


Why it matters: Even non‑financial data breaches can jeopardise organisations through credential stuffing, targeted phishing campaigns, or lateral attacks against associated enterprise accounts.


Action: Advise users and staff to enable MFA, rotate credentials tied to breached accounts, and be alert for phishing tied to SoundCloud data.


3. Windows Admin Center Privilege Escalation Flaw


A new local privilege escalation vulnerability (CVE‑2025‑64669) impacting Microsoft’s Windows Admin Center up to version 2.4.2.1 was disclosed this week. Attackers leveraging this flaw could escalate rights on systems where WAC is used to administer servers and clusters. (Cyber Security News)


Why it matters: Windows Admin Center is widely used in enterprise environments for server management. A local escalation can quickly turn a foothold into full system control.


Action: Patch affected Windows Admin Center instances and validate privilege boundaries on administrative hosts.


4. WatchGuard Firebox RCE Under Active Attack


A remote code execution vulnerability (CVE‑2025‑14733) impacting WatchGuard Firebox firewalls has been observed under active scanning and exploitation attempts. Over 100,000 internet‑facing appliances could be exposed, making urgent patching and firewall hardening a priority for network defenders. (Help Net Security)


Why it matters: Firebox appliances are commonly used in mid‑sized enterprise and branch office environments. Exploitation could lead to full-network compromise.


Action: Apply the latest WatchGuard firmware immediately, restrict administrative access to trusted networks, and monitor for unusual traffic patterns to detect exploitation attempts.


Key Recommendations:


  • Prioritise Patching and Asset Inventory: React2Shell and Windows Admin Center flaws require rapid sign‑off from IT/security leaders. Maintain a strict patch cadence.

  • Protect Against Social Engineering: Phishing and scam techniques are increasingly sophisticated — reinforce user training and deploy advanced email filtering.

  • Strengthen Web Stack Defences: Modern app frameworks can hide exploitable flaws; use automated dependency scanners and WAF protections.


 
 
bottom of page