Featured image of post Cybersecurity Week in Review: December 17–23, 2025
NEWS

Cybersecurity Week in Review: December 17–23, 2025

Cyberattacks, data breaches, zero-days, and global responses—discover the biggest cybersecurity headlines of this week.

By Senthorus SOC

Major Data Breaches

France’s Ministry of the Interior Cyberattack

A significant cyberattack targeted France’s Ministry of the Interior, with hackers claiming to have accessed sensitive data on up to 16.4 million French citizens. The Ministry confirmed a “very serious attack” but disputes the attackers’ claims, stating that only a limited number of files were confirmed removed. The breach reportedly involved access to professional email accounts, potentially exposing criminal records and personal identifiable information. The attackers, believed to be retaliating for the arrest of cybergang members, posted their claims on Breachforums. French authorities are still investigating the full scope and nature of the compromised data, and have implemented heightened security measures across ministry systems1.

700Credit Data Breach

700Credit, a provider of credit checks and identity verification for auto dealerships, disclosed a breach involving the theft of personal data collected from dealers between May and October 2025. Exposed information may include names, addresses, dates of birth, and Social Security numbers. The breach was announced this week, and affected individuals are being notified2.

Blytheco, Inc. Incident

Blytheco, a California-based consulting and software services provider, confirmed unauthorized access to parts of its network. The breach involved sensitive data used in employment, payroll, and client-support functions, such as names, Social Security numbers, identification numbers, and financial account details. The company is working with authorities and affected clients to mitigate the impact2.

Additional Breaches

Several other organizations reported breaches discovered this week, including Associated Thermoforming, Behr Enterprises, Best Hotels Spain, and Kirloskar Oil Engines. These incidents, attributed to various threat actors, involved the compromise of business and customer data, with some cases linked to ransomware groups such as Akira, Sinobi, Qilin, and CL0P3.

Significant Cyberattacks

BeyondTrust December Attack Spree

BeyondTrust, a security software provider, revealed that 17 customers were impacted by a December cyberattack spree. The attacks, attributed to a state-linked threat actor, included the compromise of several U.S. Treasury Department offices, resulting in the theft of unclassified data. The attackers exploited a Remote Support SaaS API key, and BeyondTrust disclosed that critical and medium-severity command injection vulnerabilities (CVE-2024-12356 and CVE-2024-12686) were involved. The company has since patched affected systems and is cooperating with law enforcement4.

French Ministry of the Interior Email Server Compromise

In addition to the data breach, the French Ministry of the Interior confirmed a cyberattack that compromised its email servers. The breach, detected between December 11 and 12, allowed threat actors to access some document files stored on the ministry’s email systems. The ministry has tightened security protocols and strengthened access controls in response5.

Apple and Google Spyware Alerts

Apple and Google issued global threat notifications to users regarding unprecedented activity by state-linked mercenary spyware groups. Google specifically warned about continued activity from the sanctioned spyware vendor Intellexa. Both companies have increased their efforts to protect users from highly targeted digital surveillance5.

Critical Vulnerabilities

Fortinet FortiGate SAML SSO Authentication Bypass

Threat actors began exploiting two newly disclosed critical authentication bypass vulnerabilities in Fortinet FortiGate devices (CVE-2025-59718 and CVE-2025-59719, CVSS 9.8). These flaws allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled. Fortinet released patches for FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-59718 to its Known Exploited Vulnerabilities catalog, requiring federal agencies to apply fixes by December 23, 2025. Organizations are urged to patch immediately and disable FortiCloud SSO until updated6.

Government Responses

CISA and Federal Mandates

CISA’s addition of CVE-2025-59718 to its Known Exploited Vulnerabilities catalog triggered a federal mandate for agencies to patch affected Fortinet devices by December 23, 2025. This rapid response underscores the criticality of the vulnerability and the ongoing threat to government infrastructure6.

U.S. Executive Order on Cybersecurity

In response to recent attacks, the Biden administration issued an executive order to strengthen federal security protocols and grant additional authorities to act against malicious actors targeting the U.S. The order follows the Treasury Department compromise and aims to bolster defenses across federal agencies4.

Miscellaneous

Ransomware and Supply Chain Threats

The week also saw continued ransomware activity and supply chain attacks, with notable incidents affecting organizations in manufacturing, hospitality, and education. The emergence of AI-driven cyberattacks was highlighted as a growing concern, signaling a shift in the speed and sophistication of future threats7.

Conclusion

This week’s cybersecurity landscape was marked by high-profile government breaches, critical vulnerabilities in widely used security appliances, and a surge in sophisticated cyberattacks. The rapid response from government agencies and vendors highlights the urgency of patching and proactive defense. Organizations are reminded to review their security postures, apply updates promptly, and remain vigilant against evolving threats.

© 2025 Senthorus Blog