Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More

The CISO Org Chart Playbook

This playbook provides security leaders with a structure for scaling CloudSec teams to keep pace with cloud complexity, including emerging roles and team models. It includes practical templates for headcount and responsibilities across cloud, AppSec, platform security, and more.

This week’s cybersecurity landscape is marked by actively exploited vulnerabilities in widely used software, highlighting the critical need for rapid patching and proactive security measures. Attackers are leveraging zero-day exploits and known flaws in software like Apple products, WinRAR, and .NET applications, demonstrating that even commonly used tools are potential attack vectors, with financial repercussions like the $1.6 million fine levied against LastPass.

Key Insights

• Apple and Google addressed actively exploited zero-days (CVE-2025-14174, CVE-2025-43529): Exploited in targeted attacks, potentially via commercial spyware.
• SOAPwn vulnerability in .NET: Allows remote code execution via unexpected handling of non-HTTP URLs, impacting many .NET applications.
• APT36 leveraging BYOVD technique: Demonstrates a shift towards advanced tactics by threat actors, increasing the sophistication of ransomware attacks.

Working Example

(No code example available in provided context)

Practical Applications

• Company/system: LastPass: Received a £1.2 million ($1.6 million) fine from the U.K. ICO for a 2022 data breach due to insufficient security measures.
• Pitfall: Reliance on outdated software: Using unpatched versions of software like WinRAR (CVE-2025-6218) leaves systems vulnerable to exploitation by multiple threat actors.

References:

• https://thehackernews.com/2025/12/weekly-recap-apple-0-days-winrar.html