Cybersecurity Week in Review: December 9

Major Data Breaches

Inotiv Ransomware Breach Exposes Sensitive Data of Over 9,000 Individuals

Inotiv, a prominent US-based pharmaceutical contract research organization, confirmed a significant data breach following a ransomware attack attributed to the Qilin group. The attack, which occurred in August but was publicly detailed this week, resulted in the exposure of personal, financial, and health information for 9,542 individuals. The compromised data includes names, addresses, Social Security numbers, driver’s license numbers, financial account details, and medical and health insurance information. The breach affected current and former employees, their family members, and others associated with Inotiv or its acquired companies. Qilin claimed to have exfiltrated 176 GB of data, including financial records and research contracts. Inotiv has since restored its systems and is offering 24 months of credit monitoring to those affected, while continuing to assess the full financial impact. This incident underscores the growing threat of supply chain attacks in the pharmaceutical and healthcare sectors, where contract research organizations hold vast amounts of sensitive data for multiple clients1.

University of Phoenix Oracle EBS Breach

The University of Phoenix disclosed a breach involving its Oracle E-Business Suite (EBS) financial environment. Attackers exploited CVE-2025-61882, an unauthenticated remote code execution flaw, via an internet-exposed endpoint. The attackers ran large export jobs against HR, student, and supplier tables, staged data on EBS file shares, and used encoded PowerShell scripts to exfiltrate datasets over HTTPS. The breach impacts students, staff, and suppliers, with compromised data including names, addresses, dates of birth, contact details, Social Security or taxpayer IDs, and bank/financial account information. Sector summaries estimate approximately 618,000 records exposed, though the university has not confirmed a final count. The presence of exfiltrated data on extortion infrastructure significantly increases fraud and identity-theft risk2.

Significant Cyberattacks

Hamas-Linked Hackers Target Middle Eastern Diplomats

A campaign attributed to Hamas-linked threat actors targeted Middle Eastern diplomats, as reported on December 12, 2025. The attackers used spear-phishing and custom malware to gain access to sensitive diplomatic communications. The campaign highlights the ongoing geopolitical risks and the use of advanced persistent threat (APT) tactics in regional cyber espionage3.

Japanese Firms Suffer Long-Tail Ransomware Damage

Japanese companies continued to experience the aftermath of ransomware attacks, with new reports detailing the extended operational and financial impacts. The attacks, which began earlier in the year, have led to prolonged recovery periods, data loss, and reputational damage for several major firms. The incidents underscore the persistent threat of ransomware and the challenges of full recovery3.

Critical Vulnerabilities

Apple and Google Patch Actively Exploited Zero-Days

Apple released urgent security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and Safari to address two zero-day vulnerabilities (CVE-2025-14174 and CVE-2025-43529) exploited in highly targeted attacks. CVE-2025-14174 is a memory corruption issue, while CVE-2025-43529 is a use-after-free bug. Both can be exploited via malicious web content to execute arbitrary code. Google also addressed CVE-2025-14174 in its Chrome browser, as the flaw resides in the open-source ANGLE library. Evidence suggests these vulnerabilities may have been weaponized by commercial spyware vendors4.

Microsoft December 2025 Patch Tuesday

Microsoft’s December Patch Tuesday addressed 57 vulnerabilities, including three zero-days—one actively exploited and two publicly disclosed. The update covered a range of products and included fixes for remote code execution, privilege escalation, and information disclosure flaws. Security teams are urged to prioritize these patches to mitigate ongoing exploitation risks5.

SOAPwn: .NET HTTP Client Proxy RCE

Researchers uncovered a critical vulnerability in .NET applications, codenamed SOAPwn, which allows remote code execution via HTTP client proxies. The flaw arises from .NET’s acceptance of non-HTTP URLs, enabling attackers to trigger arbitrary file writes and execute malicious PowerShell scripts. The issue can be exploited through SOAP API endpoints and WSDL imports, potentially affecting a wide range of commercial products4.

Government Responses

US Treasury Tracks $4.5B in Ransom Payments Since 2013

A new report from the US Treasury, published December 8, 2025, revealed that $4.5 billion in ransom payments have been tracked since 2013. The report highlights the scale of the ransomware economy and the ongoing challenges faced by law enforcement in disrupting these criminal networks3.

CISA Alerts and Advisories

The Cybersecurity and Infrastructure Security Agency (CISA) issued multiple alerts this week, including warnings about ongoing exploitation of critical vulnerabilities and guidance for organizations to bolster their defenses against ransomware and supply chain attacks. These advisories emphasize the need for timely patching and robust incident response planning3.

Miscellaneous

Industry Analysis: Supply Chain Risks in Healthcare

The Inotiv breach and other recent incidents have prompted renewed industry focus on supply chain risks, particularly in sectors handling sensitive data such as healthcare and pharmaceuticals. Experts recommend enhanced third-party risk management, regular security assessments, and improved incident response coordination to mitigate these evolving threats1.

Sources:

This week’s roundup demonstrates the persistent and evolving nature of cyber threats, the critical importance of timely patching, and the need for comprehensive risk management across all sectors.