News

Critical Vulnerabilities Target FortiGate, Cisco, and SonicWall Devices - December 2025

Luciano Ferrari

25 Dec 2025 — 2 min read

Thursday, December 25, 2025

Top 5 Cybersecurity Stories You Should Know

Critical Vulnerabilities Target FortiGate, Cisco, and SonicWall Devices - December 2025 — tl;dr: Maritime IT managers face urgent threats from multiple critical vulnerabilities affecting FortiGate, Cisco, and SonicWall devices. Notably, CVE-2025-59718 and CVE-2025-59719 allow unauthenticated access to FortiOS, while Cisco's CVE-2025-20393 permits remote command execution on Secure Email products. Additionally, SonicWall's CVE-2025-40602 enables unauthorized root access. These vulnerabilities have been actively exploited, necessitating immediate patching and security audits. Organizations should prioritize updates and consider rotating credentials to mitigate risks associated with these severe threats.
↪ https://cydome.io/maritime-cybersecurity-bulletin-december-25-2025/
NIST and MITRE Launch $20 Million AI Cybersecurity Research Initiative — tl;dr: The NIST and MITRE Corporation have announced a $20 million initiative aimed at establishing two new research centers focused on the intersection of artificial intelligence and cybersecurity, particularly for U.S. critical infrastructure. This effort is designed to enhance the security posture of vital systems against emerging threats posed by AI technologies. Stakeholders in critical infrastructure sectors are encouraged to stay informed about developments from these research centers and to consider integrating AI-driven security measures into their operations.
↪ https://social.cyware.com/cyber-security-news-articles
Fortinet Warns of Active Exploitation of CVE-2020-12812 in FortiOS SSL VPN — tl;dr: Fortinet has reported active exploitation of a five-year-old vulnerability, CVE-2020-12812, in FortiOS SSL VPN, which allows unauthorized login without two-factor authentication under specific configurations. This flaw affects users with local user settings and remote authentication methods like LDAP. Organizations using FortiOS should urgently review their configurations and apply patches to mitigate this risk, as the vulnerability has been linked to recent attacks. Cybersecurity teams are advised to monitor for unauthorized access attempts and ensure robust authentication practices.
↪ https://thehackernews.com/
Cybersecurity in 2025: Analyzing Threats and Solutions from Cyble — tl;dr: In 2025, cybersecurity faces significant challenges as cyberattacks evolve, impacting sectors like manufacturing and finance. A notable incident involved a Midwest manufacturing plant paralyzed by a data breach, highlighting vulnerabilities in critical infrastructure. Cyble, recognized for its advanced threat intelligence solutions, emphasizes the need for organizations to adopt AI-driven cybersecurity measures to enhance resilience. Companies are urged to prioritize real-time threat detection and response strategies to mitigate risks and safeguard sensitive data against increasingly sophisticated cyber threats.
↪ https://cyble.com/knowledge-hub/cybersecurity-good-bad-agentic-reality/
2025 Cybersecurity Landscape: Key Attack Trends and Evolving Threats — tl;dr: The cybersecurity landscape in 2025 has seen significant evolution in attack strategies, with a marked rise in AI-driven threats and sophisticated ransomware tactics. Organizations across various sectors, including healthcare and finance, are increasingly vulnerable to these advanced cyberattacks. The report emphasizes the importance of robust third-party risk management and the integration of AI in security operations to mitigate these risks. As cybercriminals adapt to new technologies, businesses must prioritize employee training and implement comprehensive security frameworks to safeguard sensitive data and maintain operational resilience.
↪ https://www.cuinfosecurity.com/blogs/cyber-year-in-review-evolution-attacks-in-2025-p-3998