As the year winds down, I’ve been thinking about how much cybersecurity resembles a well-officiated soccer match. When the fundamentals are solid, the rules are clear, and everyone understands their role, the game flows the way it should. When the basics slip, everything gets louder, messier, and harder to control. Good security programs aren’t flashy — they’re disciplined, consistent, and built to hold up under pressure.
As we close out 2025, I want to pause and say thank you. It’s been a strong year for our clients, our partners, and our team at Pinpoint Security. We’ve seen organizations make meaningful progress by focusing on what matters most, validating assumptions, and resisting the urge to overcomplicate things.
With the holidays upon us, I hope you’re able to slow down a bit and enjoy time with the people who matter most. From all of us at Pinpoint Security, happy holidays, Merry Christmas, and best wishes for a healthy, successful New Year.
🔒 Security Tip of the Week:
As you plan for 2026, pick one foundational control — identity, patching, backups, logging — and pressure-test it. Don’t assume it works because it always has. Trust your program, but verify it regularly. The strongest security postures are built on fundamentals that are continuously checked, not blindly trusted.
Here’s to closing out the year strong and stepping into 2026 with clarity, confidence, and momentum and to have Pinpoint Security be a valued part of your program.
-Stephen Nelson, CEO
📰 Weekly News Roundup:
Here is the most recent Cybersecurity news for the past week:
🎓 University of Phoenix Breach Affects 3.5 Million
The University of Phoenix has confirmed a massive data breach impacting nearly 3.5 million individuals, stemming from the Cl0p ransomware group’s exploitation of zero-day vulnerabilities in the Oracle E-Business Suite (EBS). The compromised data includes names, Social Security numbers, and financial details, with the university offering credit monitoring to those affected as the investigation continues.
The University of Phoenix has confirmed a massive data breach impacting nearly 3.5 million individuals, stemming from the Cl0p ransomware group’s exploitation of zero-day vulnerabilities in the Oracle E-Business Suite (EBS). The compromised data includes names, Social Security numbers, and financial details, with the university offering credit monitoring to those affected as the investigation continues.
🔥 Critical WatchGuard and Cisco Flaws Under Attack
Federal agencies have issued urgent warnings regarding actively exploited vulnerabilities in network security products, specifically WatchGuard Firebox (CVE-2025-14733) and Cisco AsyncOS (CVE-2025-20393). These critical flaws allow unauthenticated remote code execution, prompting CISA to add them to its Known Exploited Vulnerabilities (KEV) catalog and mandating immediate patching for federal networks.
Federal agencies have issued urgent warnings regarding actively exploited vulnerabilities in network security products, specifically WatchGuard Firebox (CVE-2025-14733) and Cisco AsyncOS (CVE-2025-20393). These critical flaws allow unauthenticated remote code execution, prompting CISA to add them to its Known Exploited Vulnerabilities (KEV) catalog and mandating immediate patching for federal networks.
🍏 Apple Patches WebKit Zero-Day Exploited in Spyware Campaigns
Apple has released emergency security updates for iOS and macOS to address a critical WebKit zero-day vulnerability (CVE-2025-14174) that was being actively exploited in the wild. The flaw allowed attackers to execute arbitrary code via malicious web content and was reportedly used in targeted spyware attacks against high-risk individuals.
Apple has released emergency security updates for iOS and macOS to address a critical WebKit zero-day vulnerability (CVE-2025-14174) that was being actively exploited in the wild. The flaw allowed attackers to execute arbitrary code via malicious web content and was reportedly used in targeted spyware attacks against high-risk individuals.
🔓 Massive Data Leak Exposes 200 Million User Records
A significant data breach involving third-party analytics provider Mixpanel has exposed over 200 million records from the adult content platform Pornhub. The leaked database contained email addresses, geographic locations, and search histories, highlighting the growing supply chain risks associated with third-party data processors.
A significant data breach involving third-party analytics provider Mixpanel has exposed over 200 million records from the adult content platform Pornhub. The leaked database contained email addresses, geographic locations, and search histories, highlighting the growing supply chain risks associated with third-party data processors.
🕵️ Urban VPN Extension Caught Harvesting AI Chat Logs
Security researchers have discovered that the popular “Urban VPN Proxy” browser extension, with millions of installs, was secretly harvesting user prompts entered into AI chatbots like ChatGPT and Claude. This privacy violation has raised serious concerns about browser extension permissions and the confidentiality of sensitive interactions with AI tools.
Security researchers have discovered that the popular “Urban VPN Proxy” browser extension, with millions of installs, was secretly harvesting user prompts entered into AI chatbots like ChatGPT and Claude. This privacy violation has raised serious concerns about browser extension permissions and the confidentiality of sensitive interactions with AI tools.