Back to Threat Intelligence

Threat Intelligence Report – December 2025

30 days of threat data. 9 critical CVEs. 40,000+ threat events from 65 countries. This is what our sensors picked up across enterprise infrastructure worldwide.

40,173 threat events
8,669 unique attacker IPs
96 confirmed exploit attempts
65 countries
33,816 credential stuffing attacks

What we observed

  • Exploitation of Fortinet FortiGate, Ivanti Connect Secure, Citrix NetScaler, and React/Next.js platforms
  • Targeted CVEs: CVE-2025-64446, CVE-2024-55591, CVE-2024-21762, CVE-2025-22457, CVE-2025-0282, CVE-2023-3519, CVE-2025-5777, CVE-2025-7775, CVE-2025-55182
  • High-confidence TTPs: Iranian Go Bot credential stuffing, path traversal attacks, authentication bypass attempts
  • 3 botnets identified including Iranian State-Sponsored campaigns (suspected APT35/Charming Kitten)
  • Threat infrastructure primarily from Microsoft Corporation and DigitalOcean networks
  • 100 ransomware victims across 21 groups, with Qilin leading (21 victims)
  • MITRE ATT&CK mapping confirms exploit tactics aligned with real-world attacker playbooks
Loading PDF viewer...