Patch Tuesday notes.

Summary

By the CyberWire staff

Patch Tuesday notes.

Microsoft yesterday issued patches for 57 vulnerabilities, including three zero-days, SecurityWeek reports. One of the zero-days (CVE-2025-62221) is under active exploitation, while the other two were publicly disclosed before patches were released. The exploited zero-day is a use-after-free flaw in the Windows Cloud Files Mini Filter Driver, which has been assigned a CVSS score of 7.8.

Adobe issued fixes for nearly 140 vulnerabilities, most of which are cross-site scripting bugs affecting Experience Manager.

Fortinet fixed two critical authentication bypass flaws affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager.

Ivanti patched a critical vulnerability (CVE-2025-10573) in Ivanti Endpoint Manager that can allow a remote unauthenticated attacker to execute arbitrary JavaScript.

SAP addressed three critical flaws, including a code injection vulnerability (CVE-2025-42880) in Solution Manager with a CVSS score of 9.9.

SecurityWeek also has a roundup of patches released by ICS vendors, including Siemens, Rockwell Automation, Schneider Electric, and Phoenix Contact.

Control what runs in your environment. Reduce your attack surface.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.

Spiderman phishing kit impersonates European banks.

Varonis has published a report on a new phishing kit called "Spiderman" that targets customers of European banks. The kit impersonates dozens of banks across Germany, Austria, Switzerland, Belgium, and Spain. The researchers explain, "While single-bank phishing kits are widely available for purchase, Spiderman consolidates multiple European financial brands into one kit for cross-country targeting at scale. It includes modules for banks such as Deutsche Bank, Commerzbank, ING (Germany & Belgium), CaixaBank, and several crypto wallet providers."

Humans Are Not the Weakest Link. Guess who FAIls?

Humans have been labeled the weakest link for ages. But this year showed how easily both humans and AI can be manipulated. In this session, Cato CTRL experts reveal real attacks from the wild where adversaries steered people and AI systems into harmful actions using simple prompts and inputs. The session reframes how you should think about AI risk and what to do when machines start making the mistakes, so register to join us.

Houston man charged with smuggling Nvidia chips to China.

The US Justice Department says a Houston business owner, Alan Hao Hsu, attempted to smuggle $160 million worth of export-controlled Nvidia H100 and H200 Tensor Core GPUs to China. Justice stated, "Hsu and others falsified shipping paperwork, misclassifying the true nature of the goods and their recipients to conceal the ultimate destination of the GPUs. Hsu and Hao Global received more than $50 million in wire transfers that originated from the People’s Republic of China (PRC) to help fund the scheme. The GPUs were ultimately shipped to the PRC, Hong Kong, and other destinations in violation of U.S. export laws."

Hsu and his company, Hao Global LLC, both pleaded guilty to smuggling and unlawful export activities in October 2025. The Justice Department also charged two PRC nationals as part of the scheme, one of whom is the CEO of an IT services company based in Sterling, Virginia.

Notes.

Today's issue includes events affecting Austria, Belgium, China, Germany, Spain, Switzerland, and the United States.

Attacks, Threats, and Vulnerabilities

Hospice Firm, Eye Care Practice Notifying 520,000 of Hacks (BankInfoSecurity) Two specialty healthcare providers - a Florida-based firm that provides hospice services in several states and a Pennsylvania-based eye care practice - are

Cybersecurity in power: supply chain most vulnerable, varying confidence (Power Technology) Power professionals believe the supply chain presents the biggest risk, while AI-driven attacks are emerging as a new threat.

Litigation, Investigation, and Law Enforcement

Ukrainian hacker charged with helping Russian hacktivist groups (BleepingComputer) U.S. prosecutors have charged a Ukrainian national for her role in cyberattacks targeting critical infrastructure worldwide, including U.S. water systems, election systems, and nuclear facilities, on behalf of Russian state-backed hacktivist groups.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

CyberMarketingCon 2025 (Austin, TX, USA, Dec 7 - 10, 2025) CyberMarketingCon will be held December 7-10 in bustling downtown Austin, Texas. Come to learn, network, and enjoy what this beautiful, unique city and your amazing fellow attendees have to offer.

Gartner Identity & Access Management Summit 2025 (Grapevine, Texas, USA, Dec 8 - 10, 2025) Join us at the premier conference for IAM leaders and architects to tackle priorities like IAM program management, automation, identity threat detection and response (ITDR), cybersecurity and privacy, and identity governance and administration (IGA) in an increasingly complex environment.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 12.10.25

Top stories.

Patch Tuesday notes.

Spiderman phishing kit impersonates European banks.

Houston man charged with smuggling Nvidia chips to China.

Notes.

Attacks, Threats, and Vulnerabilities

Litigation, Investigation, and Law Enforcement

Events