Weekend Recap, Dec 22
With the holidays upon us, it’s been fairly quiet on my feeds. But there is some news to report on from over the weekend. And with Christmas rapidly approaching, this will be my only report this week.
Cisco has published an advisory affecting the Cisco AsyncOS software used on Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, according to Arctic Wolf. This vulnerability is on an unpatched zero-day vulnerability, which only affects deployments with the Spam Quarantine feature enabled. It allows arbitrary commands with root privileges on affected devices, but is not active by default.
The Register reports that the Venezuelan gang, Tren de Aragua (TdA), is collectively charged by the US Department of Justice with 54 counts of ATM hijacking across the country, targeting certain banks and credit unions.
Helpnetsecurity reports over 115,000 internet-facing WatchGuard Firebox firewalls may be vulnerable to compromise via CVE-2025-14733, a remote code execution vulnerability actively targeted by attackers. This vulnerability is an Out-of-bounds Write and can be exploited without user action. It affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer.
Currently only observed in Uzbekistan, Android APK droppers – malware disguises as legitimate apps – are deploying Wonderland (formerly known as WretchedCat) across mobile platforms. It’s being executed through fake Google Play Store web pages, ad campaigns on Facebook, bogus accounts on dating apps, and messaging apps like Telegram, according to The Hacker News. This campaign is combining droppers, SMS theft, and RAT capabilities.
And finally, in good news, Docker has released hardened open source images for every developer and organization, according to Bleeping Computer. These images include a software bill of materials (SBOM), public Common Vulnerabilities and Exposures (CVE) data, provenance met at Software Supply Chain Levels for Software Artifacts (SLSA) Build Level 3, and cryptographic evidence of authenticity.
I wish all my readers a happy and healthy holiday season. I’ll be back next Monday for another weekend (and week) recap in time for New Years.
Posted on LinkedIn, 12/22/25










