Weekly threat intelligence digest: December 15 - 21, 2025

Executive summary

This week tracked 2 curated intelligence items and 0 newly published CVEs. The risk profile remained elevated, with 0 critical and 0 high severity disclosures in public reporting. Priority themes were campaign, policy and active exploitation pressure around internet-exposed enterprise software.

Critical & high priority

1. Major Cloud Provider Suffers Multi-Region Outage Due to Configuration Error

• What happened: A major cloud service provider experienced a multi-region outage lasting over 12 hours that was ultimately traced to a misconfigured identity and access management (IAM) update. The faulty configuration was pushed globally, causing authentication failures that prevented users, applications, and internal services from authenticating. The cascading effect disrupted compute, storage, database, and network services across multiple geographic regions simultaneously. Thousands of businesses, including major SaaS providers, were affected.
• Who's affected: Thousands of businesses relying on the cloud provider's infrastructure, including SaaS companies whose applications became unavailable to their own customers, creating a multiplier effect. Financial services, healthcare, e-commerce, and media organizations reported significant business disruptions. The outage highlighted the interconnected nature of modern internet infrastructure, where a single cloud provider failure can cascade to affect seemingly unrelated services.
• What to do: Hunt for related indicators, tighten identity controls, and validate incident response playbooks for lateral movement and data theft scenarios.

Notable developments

1. NIST Publishes Final Post-Quantum Cryptography Migration Guidelines

• NIST released final guidelines for organizations to transition from classical to post-quantum cryptographic algorithms, establishing timelines and priorities for migration across different use cases.

Vulnerability landscape

This week saw 0 newly published CVEs in NVD-aligned tracking for the reporting window.

• Critical: 0
• High: 0
• Medium: 0
• Low: 0

Recommended actions

1. Prioritize internet-facing patching: Resolve critical and high-severity items first, with strict SLA enforcement for edge systems.
2. Harden identity and admin pathways: Require phishing-resistant MFA, reduce standing privileges, and audit privileged sessions.
3. Operationalize detections: Convert this week's CVEs and campaign behaviors into SIEM/SOAR detections and threat hunts.
4. Protect recovery paths: Isolate and test backups, then validate restoration workflows against ransomware and destructive attack scenarios.

Looking ahead

For December 22 - 28, 2025, expect continued exploitation attempts against newly disclosed enterprise software flaws, plus copycat scanning after proof-of-concept publication. Teams should maintain elevated monitoring for externally exposed assets and review compensating controls where patch windows are delayed.