In a recent development, Microsoft’s December 2025 security update has been reported to disrupt Message Queuing (MSMQ) on older Windows 10 and Server systems. However, the complications do not stop there. A subsequent update from November 2025 is causing RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices, particularly within Azure Virtual Desktop environments. RemoteApp, which allows users to stream individual Windows applications from the cloud, is facing challenges, although Microsoft has clarified that personal devices running Windows Home or Pro editions remain unaffected. Unfortunately, no timeline for a resolution has been provided.
Meanwhile, French authorities have made significant strides in cybersecurity enforcement by arresting two crew members aboard an Italian passenger ferry. The suspects are believed to have installed malware that could potentially allow remote control of the vessel. One suspect, a Bulgarian national, has been released, while a Latvian crew member remains in custody, facing charges of conspiring to infiltrate computer systems on behalf of a foreign entity. This malware was detected by the shipping company while the ferry was docked at the Mediterranean port of Sète.
Senate Intel Chair Calls for Action on Open-Source Software Risks
In a proactive move, Tom Cotton, Chairman of the Senate Intelligence Committee, has urged National Cyber Director Sean Cairncross to address the vulnerabilities associated with open-source software. Cotton expressed concerns that foreign adversaries could exploit the assumption of benevolence among contributors to insert malicious code into widely utilized open-source codebases. He cited specific examples, including a beta version of the compression utility XZ Utils and a Russia-based developer maintaining critical open-source software used within Defense Department packages.
On the cybersecurity front, a new zero-day exploit has emerged, targeting Cisco email security products. This vulnerability, identified as CVE-2025-20393, has a maximum severity score of 10 and affects appliances running the company’s AsyncOS Software for its Secure Email Gateway. Chinese hackers have reportedly been exploiting this flaw since late November, with attribution to a specific threat group based on the tools and infrastructure used during the attacks.
In the UK, DXS International, a technology provider for the National Health Service (NHS), has disclosed a cybersecurity incident involving unauthorized access to its internal servers. Detected on December 14, the breach has been contained, and clinical services remain operational. While it is still unclear if NHS patient data has been compromised, the incident has been reported to the Information Commissioner’s Office, and DXS is collaborating with NHS cybersecurity teams to investigate further.
Surge in Criminal Use of AI Tools
A recent report from Resecurity highlights a notable increase in the criminal use of DIG AI, a tool that empowers malicious actors to generate tips for illegal activities, including explosive device manufacturing. Hosted on the TOR network, DIG AI’s accessibility has contributed to a burgeoning underground market, particularly in light of recent global events such as the Holiday Season and upcoming major sporting events.
The Cybersecurity and Infrastructure Security Agency (CISA) has also issued warnings regarding a critical vulnerability in ASUS Live Update software. This flaw, now included in CISA’s Known Exploited Vulnerabilities (KEV) catalog, has been actively exploited and poses significant risks due to embedded malicious code introduced via a supply chain compromise.
Lastly, an automated campaign targeting multiple VPN platforms has been reported, with credential-based attacks observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN. These attacks, originating from over 10,000 unique IP addresses, have raised alarms about the reuse of common username and password combinations, indicating a centralized threat infrastructure.
