Featured image of post Cybersecurity Week in Review: December 2, 2025 – December 8, 2025
NEWS

Cybersecurity Week in Review: December 2, 2025 – December 8, 2025

Cyberattacks, data breaches, zero-days, and global responses—discover the biggest cybersecurity headlines of this week.

By Senthorus SOC

Major Data Breaches

Petco Data Breach Exposes Sensitive Customer Information

Petco, a leading U.S. pet retailer, disclosed a significant data breach affecting an undisclosed number of its customers. The breach, discovered internally, exposed sensitive data including names, dates of birth, Social Security numbers, driver’s license numbers, and financial details such as account and credit card numbers. Petco responded by immediately correcting the issue and removing the files from online access. The company has notified affected customers in multiple states and is offering free credit and identity theft monitoring. The breach was serious enough to trigger legal disclosure requirements in several states, indicating a substantial impact1.

  • Discovery Date: December 8, 2025
  • Data Exposed: SSNs, DOBs, driver’s license numbers, account and card numbers
  • Response: Issue corrected, notifications sent, monitoring offered

Inotiv Ransomware Attack and Data Breach

American pharmaceutical research company Inotiv confirmed a ransomware attack that occurred in August 2025, with the full impact disclosed this week. The Qilin ransomware gang claimed responsibility, stealing nearly 200 GB of data. The breach affected approximately 9,500 individuals, including employees, their families, and business partners. Inotiv took systems offline to remediate the breach and has since restored operations. Notifications are ongoing as the company continues to assess the operational and financial impact2.

  • Discovery Date: August 5–8, 2025 (disclosure ongoing)
  • Data Exposed: Employee, family, and partner data
  • Attack Vector: Qilin ransomware
  • Response: Systems taken offline, notifications in progress

Additional Breaches

Several other organizations reported breaches in early December, including Advantage 360, Asia Condominium Association, and others, with threat actors such as TridenLocker, Qilin, and Genesis involved. These incidents highlight the continued global threat landscape, with attacks targeting a range of industries and geographies3.

Significant Cyberattacks

Record-Breaking 29.7 Tbps DDoS Attack Linked to AISURU Botnet

Cloudflare reported the largest distributed denial-of-service (DDoS) attack ever recorded, peaking at 29.7 terabits per second. The attack, originating from the AISURU botnet, involved up to 4 million infected hosts and targeted a wide range of sectors, including telecommunications, gaming, hosting, and financial services. The attack lasted 69 seconds and used UDP carpet-bombing, hitting an average of 15,000 destination ports per second. Cloudflare successfully mitigated the attack, which is part of a broader trend of increasing DDoS activity in 20254.

  • Date: December 4, 2025
  • Botnet: AISURU (1–4 million hosts)
  • Attack Vector: UDP carpet-bombing
  • Target Sectors: Telecom, gaming, hosting, finance
  • Impact: Largest DDoS attack to date, mitigated by Cloudflare

Iranian ‘MuddyWater’ Group Targets Critical Infrastructure

The Iranian-aligned MuddyWater hacking group shifted tactics in recent attacks against Israeli and Egyptian critical infrastructure. The group deployed a new backdoor via the Fooder loader, marking a significant evolution in their approach. This campaign is part of a broader trend of state-aligned groups targeting critical sectors with increasingly sophisticated malware5.

  • Date: Early December 2025
  • Attack Vector: Custom backdoor via Fooder loader
  • Targets: Israeli and Egyptian infrastructure

Critical Vulnerabilities

Android Zero-Days Patched in December Security Update

Google released the December 2025 Android Security Bulletin, addressing 107 vulnerabilities, including two zero-day flaws actively exploited in the wild:

  • CVE-2025-48633: Information disclosure in the Android Framework (affecting Android 13–16)
  • CVE-2025-48572: Elevation of privilege in the Android Framework (affecting Android 13–16)

Both vulnerabilities are rated high severity and have been observed in limited, targeted exploitation. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added these CVEs to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by December 23, 20256789.

  • Patch Release: December 2, 2025
  • Severity: High
  • Action: Immediate patching recommended

Critical XXE Vulnerability in Apache Tika (CVE-2025-66516)

A critical XML external entity (XXE) injection vulnerability (CVE-2025-66516, CVSS 10.0) was disclosed in Apache Tika, affecting multiple modules and versions. The flaw allows attackers to exploit crafted XFA files inside PDFs, potentially leading to file system access or remote code execution. Users are urged to update to the latest patched versions immediately10.

  • Affected Versions: tika-core 1.13–3.2.1, tika-pdf-module 2.0.0–3.2.1, tika-parsers 1.13–1.28.5
  • Patched Version: 3.2.2 (core and pdf-module), 2.0.0 (parsers)
  • Severity: CVSS 10.0 (Critical)
  • Action: Urgent patching required

Government Responses

CISA Adds Android Zero-Days to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) responded to the Android zero-day vulnerabilities by adding CVE-2025-48633 and CVE-2025-48572 to its Known Exploited Vulnerabilities catalog. Federal agencies are required to patch these flaws by December 23, 2025, and all organizations are strongly urged to do the same to reduce exposure to cyberattacks8.

Miscellaneous

  • DDoS Trends: Cloudflare reported a 15% increase in DDoS attacks from the previous quarter and a 40% jump from last year, with 36.2 million attacks thwarted in 2025. The automotive and AI sectors saw the largest increases in attack volume4.
  • Global Breach Activity: The U.S. and France remain the most breached nations, with millions of accounts exposed in 2025. While breach numbers dipped in Q2, the threat landscape remains highly active11.

Conclusion

This week’s cybersecurity landscape was marked by record-breaking DDoS attacks, high-profile data breaches, and the urgent patching of critical vulnerabilities. Organizations are urged to remain vigilant, prioritize timely patching, and monitor for emerging threats as attackers continue to evolve their tactics and target a broad range of sectors.

Sources:

© 2025 Senthorus Blog