Sans 33

Hello folks, welcome to sans, episode 33. This is going to cover the newsletter for December 19th, which means we’re pretty much caught up. Yeah!

would you like to view the newsletter to see what might be of interest to you? Here’s the newsletter for December 19, 2025.

Here is what is in the top of the news and we’ve got to start with yet another maximum severity flaw.

• Cisco AsyncOS Unpatched Maximum-Severity Flaw Exploited 
• SonicWall Addresses Actively Exploited Vulnerability in SMA 100 Series Appliances; CISA Adds Flaw to KEV with a One-Week Mitigation Deadline
• Known Critical Flaws in Fortinet Products are Being Actively Exploited

Are you surprised about the fortinet stuff? Seems like they’re in Sans practicly every newsletter it seems, even though we missed time due to illness.

Here is what is in the rest of the week’s news and we start again with a maximum severity bug but this time with an RCE.

• Patch HPE OneView to Fix Maximum-Severity RCE Flaw 
• ASUS Live Update Vulnerability Added to KEV
• RAT Allegedly Discovered on Mediterranean Ferry 
• NHS Technology Supplier Discloses Cybersecurity Incident
• Virginia Mental Health Authority Breach
• Follow-Up: French Ministry of the Interior Cyberattack 
• Law Enforcement Dismantles Infrastructure for Alleged Ransomware Money Laundering Service

I can’t wait to see what the update on the French Ministry is. It sounded like the beginning of a particular investigation which was just getting started last podcast and newsletter for December 16.

Please contact me through my web site or listen to the podcast to learn how to contact me. Thanks so much for listening, and make it a happy holiday season!