top of page

Cybersecurity Weekly Update: 22-29 December 2025

  • Writer: SOC Team
    SOC Team
  • Dec 29, 2025
  • 2 min read

1. Chrome Browser Extensions Compromised at Scale


A large-scale supply chain attack saw dozens of Chrome browser extensions compromised, exposing credentials and sensitive user data across millions of installations. (TheHackerNews)


Why it matters: Browser extensions often have deep access to user sessions, credentials, and enterprise SaaS platforms, making them a high-value target for attackers.


Action: Audit all installed browser extensions, remove non-essential or unverified add-ons, enforce enterprise extension policies, and monitor endpoints for abnormal browser behaviour.


2. WatchGuard Firebox Zero-Day Actively Exploited (CVE-2025-14733)


A critical zero-day vulnerability in WatchGuard Firebox appliances allows unauthenticated remote code execution and is confirmed to be actively exploited. (TechRadar)


Why it matters: Firewalls are core security controls, and exploitation can give attackers direct access to internal networks and critical systems.


Action: Apply WatchGuard patches immediately, restrict firewall management interfaces to trusted IPs only, review firewall logs for indicators of compromise, and consider temporary isolation if patching is delayed.


3. Coupang Data Breach and Legal Fallout


A major data breach at Coupang exposed personal data of tens of millions of users, resulting in regulatory scrutiny and a U.S. securities class-action lawsuit. (Reuters)


Why it matters: Beyond data loss, breaches increasingly trigger legal, financial, and reputational consequences, particularly for regulated and customer-facing organisations.


Action: Review breach detection and disclosure procedures, ensure incident response plans are tested, and verify that data protection controls align with regulatory requirements such as GDPR and POPIA.


4. WebRAT Malware Distributed via GitHub Repositories


Malicious GitHub repositories posing as exploit proof-of-concepts were used to distribute WebRAT malware capable of stealing credentials and disabling security controls. (TechRadar)


Why it matters: Developers and IT teams often trust open-source platforms, making this an effective attack vector into enterprise environments.


Action: Enforce secure code review processes, restrict execution of unverified scripts, educate developers on repository trust risks, and deploy endpoint detection capable of identifying RAT behaviour.


5. MongoDB Unauthenticated Information Disclosure Vulnerability (CVE-2025-14847)


A high-severity MongoDB flaw allows attackers to extract sensitive memory data without authentication and is being exploited in the wild. (CyberRecaps)


Why it matters: Databases often store regulated and mission-critical data, making exploitation a direct path to data breaches.


Action: Patch affected MongoDB instances immediately, restrict database network access, enable authentication and encryption, and monitor for anomalous query or memory access patterns.


Key Recommendations

  • Patch Now: Prioritise WatchGuard, Microsoft, MongoDB, and browser/extension updates.

  • Harden Endpoints: Restrict and monitor browser extensions, enforce application whitelisting, and isolate legacy systems.

  • Audit Configurations: Validate identity and cloud-management interfaces to reduce unintended exposure.

  • Elevate AI Risk Controls: Consider AI-specific safeguards for code generation, automation, and threat modelling.

  • Phishing & Credential Protection: Emphasise multi-factor authentication (MFA) and user awareness training, as credential harvesting campaigns persist.


#CyberSecurity #ThreatIntelligence  #VulnerabilityManagement

 
 
bottom of page