AI Upgrades, Critical Flaws, and Breaches Shape Year-End Security
Coverage: 29 Dec 2025 (UTC)
< view all daily briefs >Security teams closed the year balancing fresh platform upgrades with urgent remediation. Microsoft advanced its AI stack by bringing GPT‑5.2 into Copilot as a free "Smart Plus" option, with early benchmarks signaling stronger reasoning and developer assistance, per BleepingComputer. In parallel, CrowdStrike expanded turnkey automations in Falcon for IT to enforce configurations, maintain application health, and remediate at scale through the existing agent, detailed by CrowdStrike. Across the threat landscape, high‑severity framework and infrastructure flaws kept pressure on patch cycles and detection workflows.
AI and operations upgrades roll out
Microsoft’s Copilot now offers a Smart Plus mode powered by GPT‑5.2, while preserving GPT‑5.1 for continuity, according to BleepingComputer. The company positions the "Thinking" variant of GPT‑5.2 for complex, multi‑step knowledge work and developer workflows, citing gains on coding and reasoning benchmarks. The dual‑model approach gives organizations a choice between stability and higher capability, but it also foregrounds governance needs around accuracy, oversight, and deployment controls as access to more capable models broadens.
CrowdStrike introduced general‑availability content packs for Falcon for IT that automate routine IT and SecOps tasks—application resilience checks and auto‑repair, file indexing for cross‑platform search, Linux device control, and recurring configuration audits—executed via the existing sensor, per CrowdStrike. Built‑in dashboards close the loop by surfacing enforcement and remediation outcomes, and a growing library adds partner‑contributed packs. The aim is to reduce scripting overhead and agent sprawl while improving consistency at scale.
On the cloud analytics front, AWS added business‑dimension filtering to Amazon Connect dashboards to segment KPIs by organizational or customer attributes, improving time‑to‑insight for supervisors and analysts, according to AWS. In addition, OpenSearch UI now supports customer managed keys and larger saved‑object metadata, enabling customer‑controlled encryption and richer visualizations across regions where the service is offered, per AWS. These updates reflect steady platform hardening and operational tuning across contact center and analytics workflows.
Critical web and infrastructure flaws
A deep dive into React2Shell details how unsafe deserialization in the React Server Components pipeline enabled unauthenticated code execution in default React and Next.js deployments, with exploit activity observed within minutes of disclosure, reported by CSO. Researchers documented rapid weaponization and subsequent backdoor, tunneling, and cryptomining campaigns, underscoring that framework‑level updates can create immediate attack surfaces at scale. The takeaway: treat core framework updates as critical security events and fold faster patching and runtime detection into supply‑chain workflows.
CISA added CVE‑2025‑14847—a MongoDB issue described as improper handling of length inconsistencies—to the Known Exploited Vulnerabilities Catalog after confirming in‑the‑wild exploitation, elevating the urgency for remediation under BOD 22‑01 timelines for federal agencies and recommended prioritization for others, per CISA. Researchers previously highlighted pre‑auth reachability, memory disclosure risk, and broad cloud exposure; vendor fixes and mitigations are available, making swift inventory and patching essential.
Fortinet warned that a five‑year‑old FortiOS authentication flaw, CVE‑2020‑12812, remains under active exploitation in configurations with specific LDAP mappings and fallback groups. The issue allows bypassing 2FA prompts by altering username case due to inconsistent matching between local and remote auth methods, according to BleepingComputer. Recommended actions include removing unnecessary secondary LDAP groups, auditing mappings, and applying vendor updates. Why it matters: long‑patched defects continue to enable intrusions when misconfigurations persist.
Major breaches and ransomware disruptions
Coupang said it will distribute ₩1.685 trillion (about $1.17 billion) in vouchers to 33.7 million customers impacted by a June data breach, with payments starting January 15, 2026, as authorities investigate suspected insider access, per BleepingComputer. The company reports detailed records from around 3,000 accounts were retained by the suspect, while a broader set was accessed. The scope and compensation scale make this one of South Korea’s largest breach responses. Separately, Korean Air disclosed that names and bank account numbers of employees were exposed after a hack at former subsidiary KC&D; the Clop group claimed the attack, and the airline is investigating potential misuse, according to BleepingComputer.
In the crypto ecosystem, Trust Wallet reported about $7 million stolen from 2,596 browser‑extension wallets after a malicious Chrome Web Store release (v2.68.0) exfiltrated sensitive data; the company revoked API keys, moved to v2.69, and began reimbursing verified victims while warning of follow‑on phishing, per BleepingComputer. In Romania, the Oltenia Energy Complex faced a Gentlemen ransomware attack that encrypted files and disrupted ERP, email, and website operations; backups are being used to rebuild while authorities assess possible data theft, reported by BleepingComputer. Together these incidents reinforce the need for tighter release‑key hygiene, rapid update validation, and tested recovery plans across critical operations.
Agentic AI risks and governance
OWASP published the Agentic Applications Top 10 for 2026, mapping threats such as Agent Goal Hijack, Tool Misuse, and Memory Poisoning and grounding them in 2025 case studies that included poisoned assistants, malicious MCP servers, and command‑injection RCEs in official connectors that were patched by the vendor, summarized by BleepingComputer. Recommended practices stress inventorying MCP servers and tools, signed provenance, least‑privilege credentials, runtime monitoring, and rapid containment mechanisms. In a complementary perspective, an essay by Bruce Schneier and Nathan E. Sanders argues AI is incrementally reshaping executive, judicial, and legislative processes and calls for deployments that prioritize decentralization, transparency, and human agency to avoid power concentration, as discussed on Schneier. The common thread: autonomy amplifies both capability and risk, making governance and controls inseparable from adoption.