Welcome to your daily cybersecurity briefing.
The Australian Cyber Security Centre has released new guidance for critical infrastructure regarding the secure integration of Artificial Intelligence into Operational Technology environments. This strategic framework aims to help organizations anticipate physical safety risks caused by algorithmic automation in industrial systems.
CERT-FR (ANSSI) has issued a series of security advisories (AVI-1062 to 1067) flagging multiple critical vulnerabilities requiring immediate attention. System administrators are urged to consult the official feed to identify affected products within their fleets and apply corrective measures without delay.
Barts Health NHS Trust has confirmed a leak of administrative data following the exploitation of an Oracle E-Business Suite zero-day flaw by the Clop ransomware gang. While patient medical records remain unaffected, this incident highlights the persistent threat targeting vital ERP components in the healthcare sector.
A maximum severity vulnerability (CVSS 10.0) has been discovered in Apache Tika, a content analysis tool ubiquitous in solutions like Solr and Elasticsearch. This XXE flaw allows attackers to execute code via malicious PDF files, necessitating an emergency update of the “tika-core” library.
Asus has admitted that a cyberattack against one of its third-party suppliers exposed source code for its smartphone camera modules. The Everest group claims to have stolen one terabyte of data, illustrating once again how the supply chain remains a prime vector for accessing the intellectual property of tech giants.
Don’t Think – Patch Now!
Sources:
Australian Cyber Security Centre: https://www.cyber.gov.au/about-us/view-all-content/news/new-guidance-for-critical-infrastructure-on-integrating-ai-securely-into-operational-technology-environments
CERT-FR (Advisory 1062): https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1062/
CERT-FR (Advisory 1063): https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1063/
CERT-FR (Advisory 1064): https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1064/
CERT-FR (Advisory 1067): https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1067/
BleepingComputer: https://www.bleepingcomputer.com/news/security/barts-health-nhs-discloses-data-breach-after-oracle-zero-day-hack/
Security Affairs: https://securityaffairs.com/185363/security/maximum-severity-xxe-vulnerability-discovered-in-apache-tika.html
The Register: https://www.theregister.com/2025/12/05/asus_supplier_hack/
Your feedback is welcome.
Email: radiocsirt@gmail.com
Website:https://www.radiocsirt.com
Weekly Newsletter:https://radiocsirtintl.substack.com