In partnership with

THIS WEEK IN CYBER MONDAY 🔒

Dec 15 - Dec 22, 2025 | Top 5 Weekly Highlights

1. 🎵 SoundCloud Hacked: 28 Million Users Exposed

SoundCloud confirmed on December 18 that hackers broke into their systems and stole data from 28 million accounts—roughly 20% of their entire user base.

The attackers got in through an internal service dashboard (think: the admin panel your IT team uses). They grabbed email addresses, usernames, and profile data. Good news? Passwords and payment info weren't taken. Bad news? Your email is now in the hands of ShinyHunters, a notorious data extortion gang.

Here's what makes this serious: ShinyHunters doesn't just leak data for fun. They weaponize it. Expect a wave of phishing emails pretending to be SoundCloud, Spotify, or your favorite artist asking you to "verify your account."

Why you care: If you've ever used SoundCloud, your email is now in the hands of threat actors building targeted phishing campaigns. This is how large-scale attacks begin.

Fix: Change your SoundCloud password. Enable 2FA if you haven't. And for the love of security, don't click links in emails claiming to be from SoundCloud—go directly to the site instead.

READ MORE →

⚡What Do Engineers at Google, Meta & Apple Know That You Don't?

Find out why 100K+ engineers read The Code twice a week

Staying behind on tech trends can be a career killer.

But let’s face it, no one has hours to spare every week trying to stay updated.

That’s why over 100,000 engineers at companies like Google, Meta, and Apple read The Code twice a week.

Here’s why it works:

• No fluff, just signal – Learn the most important tech news delivered in just two short emails.

• Supercharge your skills – Get access to top research papers and resources that give you an edge in the industry.

• See the future first – Discover what’s next before it hits the mainstream, so you can lead, not follow.

Join 100,000+ engineers who read The Code to stay ahead of the curve.

2. 🚨 Cisco's Perfect 10: Maximum Severity Zero-Day Under Active Attack

On December 18, Cisco dropped an emergency alert: Chinese state hackers are actively exploiting a CVSS 10.0 vulnerability in their email security appliances.

Let that sink in. CVSS 10.0—the highest possible severity rating. This means unauthenticated remote code execution with root privileges. Translation? Attackers can take complete control of your email security system without needing a password.

The APT group UAT-9686 has been exploiting CVE-2025-20393 since at least late November. They deployed custom backdoors with names straight out of a spy movie: AquaShell, AquaPurge (for deleting logs), and AquaTunnel (for sneaking data out).

At least 120 devices are confirmed compromised. Over 650 Cisco email appliances are exposed online and vulnerable.

Why you care: These aren't just email servers—they're your first line of defense against phishing and malware. When your security appliance gets compromised, every email becomes a potential threat. Nation-state actors just turned your protection into an attack vector.

Fix: Cisco released patches on December 18. If you're running Secure Email Gateway or Secure Email and Web Manager, patch immediately. CISA gave federal agencies until December 24 to fix this. You should move faster.

READ MORE →

3. 🔓 WatchGuard Firewalls: The Front Door Just Got Kicked In

Your firewall is supposed to keep hackers out. But what if the firewall itself is the entry point?

On December 18, WatchGuard disclosed CVE-2025-14733, a critical remote code execution vulnerability in their Firebox firewalls. CVSS score: 9.3. No authentication required.

Hackers are actively exploiting it in the wild right now. They're targeting VPN configurations—both mobile user VPN (IKEv2) and branch office VPNs. Once they're in, they own your perimeter. Game over.

Here's the kicker: One of the attacking IPs (199.247.7.82) was also linked to recent Fortinet exploits. Same infrastructure, same playbook, different vendor.

Why you care: Firewalls are supposed to protect your perimeter. When attackers can execute code on your firewall without authentication, they have direct access to your internal network. They can steal credentials and move laterally to everything behind your security boundary.

Fix: WatchGuard released patches—apply them now. CISA added this to their Known Exploited Vulnerabilities list with a December 26 deadline for federal agencies. If you're running Fireware OS, don't wait for Christmas to patch.

READ MORE →

4. 🇫🇷 French Government Hacked: Interior Ministry Breach Leads to Arrest

France's Interior Ministry—the agency responsible for law enforcement, immigration, and national security—got hacked.

On December 17, French authorities arrested a 22-year-old suspected of compromising the Ministry's internal email and document servers. The breach was detected between December 11-12, and the attacker had access to sensitive government files including criminal records.

This isn't a ransomware gang looking for a payday. This is unauthorized access to one of France's most sensitive government systems. Criminal records, internal law enforcement communications, police files—all potentially exposed.

The investigation is ongoing, but here's what we know: this was a direct hit on critical government infrastructure.

Why you care: When a nation's law enforcement agency gets breached, the implications extend beyond stolen emails. Compromised investigations, exposed informants, and national security risks can take years to fully assess.

Takeaway: Even governments with massive cybersecurity budgets aren't immune. If France's Interior Ministry can get hacked, so can you.

READ MORE →

5. 🏢 Askul's Nightmare Week: Ransomware Gang Takes 700K Records Hostage

Japanese e-commerce and logistics giant Askul got absolutely demolished by RansomHouse ransomware on December 16.

The attackers encrypted critical systems, shut down ordering and shipping operations, and stole data on over 700,000 customers, employees, and business partners. Then they deleted the backups. Because why not twist the knife?

How'd they get in? Stolen third-party credentials without MFA. Classic. Once inside, they moved laterally across the network and nuked everything in sight.

RansomHouse has already leaked multiple "evidence packs" to prove they have the data. This is one of Japan's worst ransomware incidents in recent memory—operational chaos plus massive data theft.

Why you care: This is a textbook example of security fundamentals gone wrong. No MFA on third-party access, inadequate network segmentation, and backups accessible to attackers. The result? Complete operational shutdown and 700K+ records now circulating in underground forums.

Fix: If you work with third-party vendors, enforce MFA on every account. Segment your network so attackers can't pivot from vendor access to critical systems. And keep your backups offline where ransomware can't reach them.

READ MORE →

🎯 The Big Picture

December's lessons are crystal clear: Your defenses are only as strong as your weakest link.

SoundCloud's internal dashboard became an entry point. Cisco's email security appliances got weaponized by nation-states. WatchGuard's firewalls—the literal gatekeepers—got exploited for remote code execution. France's Interior Ministry learned even governments aren't safe. And Askul discovered that missing MFA on third-party access can shut down your entire business.

The pattern? Attackers are targeting the things you trust most: your security appliances, your firewalls, your admin tools, your vendor access.

Your move:

✅ Patch your infrastructure devices NOW. Cisco and WatchGuard aren't suggestions—they're emergencies.

✅ Force MFA everywhere. Third-party vendors, admin panels, VPNs—no exceptions.

✅ Assume breach. If you run Cisco email security or WatchGuard Firebox, scan for compromise immediately.

✅ Protect your backups. Keep them offline, immutable, and out of reach from ransomware.

✅ Monitor your perimeter. Nation-state attackers don't trip alarms—they blend in and wait.

The attackers are patient, sophisticated, and targeting the tools designed to protect you. Don't let your security stack become their entry point.

Stay paranoid. Stay patched. Stay safe. 🛡️

Got questions? Found something we missed? Drop feedback in the comments.