Key Takeaways
- The Indian government confirmed cyber incidents involving GPS spoofing at seven major airports, affecting aircraft using GPS-based landing procedures.
- TriZetto Provider Solutions, a US-based healthcare technology provider, notified healthcare clients of a long-running unauthorized access to a customer web portal, exposing protected health information (PHI).
- 700Credit, a US-based credit check and identity verification provider, suffered a data breach affecting at least 5.6 million people, exposing private information.
- Google, Apple, and SAP released urgent updates to address high-severity flaws, including CVE-2025-14174, CVE-2025-43529, and CVE-2025-42880.
- Check Point Research reports a global rise in cyber attacks, with education being the most targeted sector, and exposed ValleyRAT’s modular system, including a kernel-mode rootkit.
Introduction to Cyber Attacks
The week of 15th December has seen a significant number of cyber attacks and breaches, affecting various industries and organizations worldwide. The Indian government confirmed cyber incidents involving GPS spoofing at seven major airports, including Delhi, Mumbai, Kolkata, and Bengaluru. The attack affected aircraft using GPS-based landing procedures, but authorities stated that no flights were cancelled or diverted, thanks to contingency measures and Air Traffic Control safeguards. This incident highlights the importance of having robust security measures in place to prevent and mitigate the impact of cyber attacks.
Recent Breaches and Incidents
In addition to the GPS spoofing incident, several other breaches and incidents have been reported. TriZetto Provider Solutions, a US-based healthcare technology provider, notified healthcare clients of a long-running unauthorized access to a customer web portal, exposing protected health information (PHI). The incident affected historical eligibility transaction reports, containing patient and insured personally identifiable information (PII). 700Credit, a US-based credit check and identity verification provider, suffered a data breach affecting at least 5.6 million people, exposing private information after an unidentified attacker accessed dealer-collected data between May and October 2025. The company is notifying impacted individuals and offering credit monitoring, while Michigan’s attorney general urged affected users to enable credit freezes or monitoring to mitigate fraud risk.
Vulnerabilities and Patches
Several vulnerabilities and patches have been reported, including a high-severity flaw (CVE-2025-14174) in Google Chrome, actively exploited in the wild and linked to the ANGLE graphics library used for WebGL. Apple released emergency security updates to patch two actively exploited zero-day vulnerabilities, CVE-2025-43529 and CVE-2025-14174, which affect WebKit and enable remote code execution or memory corruption via malicious web content. SAP released details and patches for three vulnerabilities, including CVE-2025-42880 (code injection in Solution Manager, CVSS 9.9), CVE-2025-55754 (Commerce Cloud Tomcat flaws, CVSS 9.6), and CVE-2025-42928 (jConnect deserialization, CVSS 9.1). These vulnerabilities highlight the importance of keeping software up to date and patched to prevent exploitation by attackers.
Threat Intelligence Reports
Check Point Research reports a global rise in cyber attacks, with education being the most targeted sector, and exposed ValleyRAT’s modular system, including a kernel-mode rootkit that can remain loadable on fully updated Windows 11 despite built-in protections. The research linked leaked builder artifacts to plugins and identified about 6,000 samples, with roughly 85 percent emerging in the last six months after the builder’s public release. Check Point researchers also revealed a phishing campaign where attackers impersonate file-sharing and e-signature services to deliver finance-themed lures that look like legitimate notifications. The attackers sent over 40,000 phishing emails targeting roughly 6,100 customers over the past two weeks, abusing Mimecast’s secure-link rewriting feature as a smokescreen to make their links appear safe and authenticated.
New Threats and Techniques
Researchers have analyzed the STAC6565 campaign, which with high confidence is associated with the GOLD BLADE threat group (aka RedCurl, RedWolf, and Earth Kapre). The campaign is mostly targeting Canadian organizations, blending data theft with selective QWCrypt ransomware. The threat actor uses multi-stage infection chains that include payloads downloaded via WebDAV, DLL side-loading using legitimate Adobe components, and BYOVD abuse to evade detection. Additionally, researchers uncovered a new phishing technique called ConsentFix, which tricks people into giving attackers access to their Microsoft accounts. The method uses a browser-native prompt that persuades victims to copy and paste a link, allowing attackers to access their accounts without needing a password or multi-factor authentication. These new threats and techniques highlight the importance of staying vigilant and adapting to the evolving cyber threat landscape.