Cybersecurity Weekly Update: 8-15 December 2025

1. Microsoft December Patch Tuesday — 57 Flaws including Actively Exploited Zero‑Days

Microsoft released its December 2025 Patch Tuesday update, addressing 57 security vulnerabilities, including three zero‑day flaws that are confirmed or believed to be actively exploited. The most critical is CVE‑2025‑62221, a privilege‑escalation bug in the Windows Cloud Files Mini Filter Driver, with others affecting PowerShell and GitHub Copilot via cross‑prompt injection. (tomsguide)

Why it matters: Windows environments are ubiquitous across enterprise sectors. Privilege escalation and RCE flaws in fundamental OS components can lead to full network compromise if not remediated. Action: Apply patches immediately, prioritise enterprise and server workloads, and monitor for escalation attempts in privileged contexts.

2. Barts Health NHS Ransomware Breach Highlights ERP Risk

Barts Health NHS Trust confirmed a Cl0p ransomware attack that leveraged vulnerabilities in its Oracle E‑Business Suite, resulting in the exfiltration of billing and personnel data, including names and addresses tied to finance and supply functions. (techradar)

Why it matters: ERP and finance systems are core to organisational operations in healthcare and beyond. Their compromise poses regulatory, compliance, and trust risks, even if clinical systems remain intact. Action: Audit ERP configurations, strengthen segmentation between business and operational systems, and test incident responses for backdoor and exfiltration scenarios.

3. Massive Multi‑Sector Data Breaches and Malware Distribution

A new Threat Intelligence Report outlines multiple impactful breaches and malware incidents:

• Universities of Pennsylvania & Phoenix breached via Oracle E‑Business Suite exploitation.

• Marquis Software Solutions breach affecting ~74 banks/credit unions.

• Coupang exposed personal data of ~34 million users.

• A malicious update spread via SmartTube YouTube app compromised Android TV devices.

• Freedom Mobile customer account platform breach stole personal customer records.

• Breach at Bpost exposed thousands of business and customer records. (checkpoint)

Why it matters: These incidents show attackers continue to exploit both enterprise software and third‑party platforms, with impacts spanning higher education, finance, retail, and telecom.

Action: Evaluate supply chain risk, enforce breach detection around third‑party integrations, and apply rigorous access controls around external interfaces.

4. CISA Updates: Sierra Wireless Router Exploited & Secure Boot Guidance

• CISA added a Sierra Wireless AirLink router flaw (CVE‑2018‑4063) to its Known Exploited Vulnerabilities catalogue, after active exploitation evidence against this legacy device was observed. Organisations are strongly urged to retire or replace affected hardware rather than patch, as vendors may no longer support it. (Cyber Daily)

• CISA and NSA issued guidance for managing UEFI Secure Boot configurations to mitigate bootkit and low‑level tampering risks. (Cyber Security News)

Why it matters: End‑of‑life networking devices often linger in industrial, retail, and branch environments, presenting persistent infiltration paths. Secure Boot misconfigurations expose systems to firmware‑level attacks.

Action: Decommission unsupported routers, validate UEFI Secure Boot across endpoints, and lock down firmware configurations with monitoring.

Key Recommendations

• Patch Critical Components: Prioritise Microsoft updates, React2Shell, and Android patches.

• Decommission Legacy Gear: Remove unsupported Sierra Wireless and similar networking devices from enterprise racks.

• Segment and Monitor: Enforce segmentation around ERP, finance, and identity stores — these remain favourite targets.

• Harden Mobile & Remote Access: Enforce MDM policies and strengthen VPN/remote access authentication.

• Prepare for AI‑Driven Threats: Incorporate AI risk assessments into security planning and tooling.