The Cyber Week That Was (Dec 7–13, 2025)

The past week in cybersecurity was marked by major outages, targeted attacks on critical infrastructure, and fresh warnings about vulnerabilities. As we close out the year, the threat landscape continues to evolve rapidly.

Healthcare Breach: St Bart’s Hospital

• St Bart’s Hospital in London disclosed more details about a Cl0p ransomware attack earlier this year.

• Attackers exploited a vulnerability in Oracle E-Business Suite, stealing sensitive patient billing data including names and addresses.

• This highlights the ongoing risk of legacy ERP systems in healthcare.

Cloudflare Outage

• Cloudflare suffered another global outage due to a misconfiguration in its Web Application Firewall.

• The incident disrupted major platforms including Zoom and LinkedIn, lasting several hours.

• This was the second major crash in less than three weeks, raising questions about resiliency in internet infrastructure.

Nation-State Threats: MuddyWater’s Snake Game

• Iranian-aligned group MuddyWater deployed a malicious “Snake” game to target Israeli and Egyptian critical infrastructure.

• This marks a shift from noisy, easily detectable campaigns to stealthier, more sophisticated tactics.

• It underscores how gamified malware is being used to lure victims while delivering destructive payloads.

Academic & Research Breaches

• Dartmouth College confirmed data theft tied to Oracle EBS vulnerabilities.

• Over 17,000 secrets were exposed in public GitLab projects, including API keys and credentials.

• OpenAI customer data was also exposed via a Mixpanel analytics misconfiguration, showing how SaaS integrations can leak sensitive information.

Campus Phishing Wave

• Universities faced a months-long phishing campaign that bypassed MFA by replaying one-time codes.

• Attackers captured student and faculty logins, demonstrating how MFA fatigue and replay attacks remain effective.

🔧 Vulnerability Alerts

• The Australian Cyber Security Centre (ACSC) issued a critical alert for multiple Fortinet product vulnerabilities, urging immediate patching.

• CrowdStrike reported perfect detection results in the latest MITRE ATT&CK evaluation, showing how vendors are racing to prove effectiveness.

Key Takeaways

• Legacy systems (Oracle EBS, ERP platforms) remain prime targets.

• Internet infrastructure fragility (Cloudflare outages) shows how one misstep can ripple globally.

• Nation-state actors are innovating with stealth and social engineering.

• Academic institutions are increasingly exploited for credentials and research data.

• Patch management and vendor transparency are critical as vulnerabilities pile up.