October 18, 2025

Hello all,

It was a busy week for cyber vulnerabilities. Microsoft and a host of others unleashed their Patch Tuesday lists, CISA alerted on Adobe and F5, and Fortinet plugged severe holes, as did Ivanti and Veeam.

Headline NEWS:

• Adobe AEM (Adobe Experience Manager) needs patching. The graphics giant wrote, “This update addresses critical vulnerabilities that could lead to arbitrary code execution and arbitrary file system read”. Their alert also mentioned that proof-of-concept code to exploit it already existed at time of them releasing the patch. Now CISA has added this defect to their Known Exploited Vulnerabilities (KEV) catalog. Patch quickly.
• F5 , Inc. has revealed that suspected Chinese cyber criminals have stolen the source code for their BIG-IP products and had access to their network for at least a year. CISA has ordered all agencies to update or unplug all of their F5OS, BIG-IP TMOS, BIG-IQ, and BNK/CNF devices by October 22. The criticality of this gargantuan breach cannot be overstated. If you have any of these products in use, patch immediately!
• Fortinet released their usual wave of massive vulnerability patches again this month. FortiOS, FortiPam, and FortiSwitch Manager all have critical defects that could allow a threat actor to bypass authentication and execute code on affected systems. And while not specifically called out in our linked articles, there’s a large swath of FortiProducts listed in their October 14 Product Security Incident Response Team (PSIRT) update list. Be sure to check your FortiStuff for updates.
• Ivanti patched 13 flaws in Endpoint Manager. Details from the vendor says that they released updated to fix “two high severity and eleven medium severity vulnerabilities in Ivanti EPM. Successful exploitation could lead to privilege escalation or remote code execution.” Ivanti is not aware of any current active exploitation.
• Microsoft graced us with a whopping 175 updates to fix security defects, product flaws, and stability issues. There were 6 zero-days addresses, which obviously should be considered a high priority to get patched in your enterprise since they are already under exploitation.
• Veeam has released an updated version of their Veeam Backup & Replication software for Windows due to a critical Remote Code Execution defect by a domain authenticated user. Why you’d join your backup server to your domain is beyond my comprehension, but that’s another concern. Update to the latest version to mitigate this flaw.

In Ransomware, Malware, and Vulnerabilities News:

• PowerSchool Hacker Sentenced to Four Years is at least a bit of justice for the thousands of lives this ignorant dirtbag upended. At a mere nineteen years old, his life will never be the same. In addition to prison time, he has been ordered to repay $14 million in restitution and $25,000 in fines. In reading the final judgement, $10 million of the restitution is to the insurance carrier. I guess we now know how much this cost them to mitigate.

In Other News Events of Note and Interest:

• Everything is Television is an excellent article that goes into depth on how we have been reprogrammed to only consume information in small bites. We are no longer capable of focused attention for extended periods of time. It is well worth the time it takes to read, even if it is more than the usual thirty-second sound bite.

Musings:

I attended a new cyber security conference this past week in Tampa Florida. It is named CyberBay and is the vision of Artie Bellini. The Bellini family is investing significant money and effort into the Tampa Bay area to transform it into a technology powerhouse. We are home to the Florida Cyber Center, ConnectWise, ConnectSecure, CyberFox, KnowBe4, Jabil, and the Bellini College of AI and Cybersecurity at the University of South Florida, to name just a few. I got to meet people from all walks of life, from all over the country, and was privileged to attend presentations from some of the smartest in the industry. It was an excellent few days. If you get a chance to attend a local conference, I encourage you to do so, it is worth your time.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• CISA Flags Adobe AEM Flaw with Perfect 10.0 Score
• CISA directs agencies to address ‘significant cyber threat’ in F5
• Cybersecurity order warns of “imminent risk” to federal agencies following possible breach
• Chinese Hackers Blamed for Severe Breach at US Cyber Firm F5
• Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks
• Over 266,000 F5 BIG-IP instances exposed to remote attacks
• FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands
• FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process
• Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution
• Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws
• Microsoft patches three zero-days actively exploited by attackers
• Critical Veeam Backup RCE Vulnerabilities Let Attackers Execute Malicious Code Remotely
• Critical Veeam Backup Flaws Allow Remote Code Execution
• KB4771: Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2.4165 Patch 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• Spanish Authorities Dismantle Advanced AI Phishing Operation GoogleXcoder
• PowerSchool hacker gets sentenced to four years in prison
• Bitcoin Worth $15 Billion Seized in DOJ Action Against ‘Fraud Empire’
• Cybercrime-as-a-service takedown: 7 arrested, operation SIMCARTEL
• Pro-Russian hackers tricked into attacking decoy target
• Microsoft disrupts ransomware attacks targeting Teams users
• Microsoft Disrupts Vanilla Tempest Ransomware Campaign
• Vulnerabilities and Exploits
• ConnectWise fixes Automate bug allowing AiTM update attacks
• Hackers Target ScreenConnect Features For Network Intrusions
• Hackers exploit Cisco SNMP flaw to deploy rootkit on switches
• Windows Remote Access Connection Manager 0-Day Vulnerability Exploited in Attacks
• Microsoft patches ASP.NET Core bug rated highly critical
• Microsoft IIS Vulnerability Allows Unauthorized Attacker To execute Malicious Code
• High-Severity Vulnerabilities Patched by Fortinet and Ivanti
• Cisco IOS and IOS XE Software Vulnerabilities Let Attackers Execute Remote Code
• Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code
• Satellites found exposing unencrypted data, including phone calls and some military comms
• 4,000,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Slider Revolution Plugin
• New SAP NetWeaver Bug Lets Attackers Take Over Servers Without Login
• Critical WordPress Plugin Vulnerability Allows Admin Account Takeover
• Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor
• New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability
• PoC Exploit Unveiled for Lenovo Code Execution Vulnerability Enabling Privilege Escalation
• Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops
• Security firms dispute credit for overlapping CVE reports
• Oracles silently fixes zero-day exploit leaked by ShinyHunters
• EDR-Freeze Tool Technical Workings Along With Forensic Artifacts Revealed
• How Attackers Bypass Synced Passkeys
• Fake LastPass, Bitwarden breach alerts lead to PC hijacks
• PoC Exploit for 7-Zip Vulnerabilities that Allows Remote Code Execution
• Researchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over Devices
• Phishing, Malware, and similar
• Android Pixnapping attack can capture app data like 2FA info
• Nation-state hackers deliver malware from “bulletproof” blockchains
• DPRK Adopts EtherHiding: Nation-State Malware Hiding on Blockchains
• Fake ‘Inflation Refund’ texts target New Yorkers in new scam
• This new cyberattack tricks you into hacking yourself. Here’s how to spot it
• WhatsApp Worm Targets Users with Banking Malware, Steals Login Information
• New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs
• Researchers Warn RondoDox Botnet is Weaponizing Over 50 Flaws Across 30+ Vendors
• Hackers are using a new phishing kit to steal Microsoft 365 credentials and MFA tokens – Whisper 2FA is evolving rapidly and has been used in nearly one million attacks since July
• New Phishing Attack Uses Basic Auth URLs to Trick Users and Steal Login Credentials
• AI makes phishing 4.5x more effective, Microsoft says
• Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords
• Microsoft Warns Rising ClickFix Attacks Are Fooling Users Into Running Malware
• New Cyberattack Leverages NPM Ecosystem to Infect Developers While Installing Packages
• North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware
• Breaches, Leaks, and Ransomware
• Harvard investigating breach linked to Oracle zero-day exploit
• Airport PA system hacked, political message played
• Discord blamed a vendor for its data breach — now the vendor says it was ‘not hacked’
• Google, Dior hit in massive Salesforce credential theft data attacks
• Auction giant Sotheby’s says data breach exposed customer information
• Qantas admits 5 million customers have data leaked following ransomware attack
• Prospect union tells members their data was breached in June
• Have I Been Pwned: Prosper data breach impacts 17.6 million accounts
• SimonMed Imaging: 1.27M Individuals Affected by January 2025 Cyberattack
• Salesforce bandits run into hiding amid arrests, seizures
• Crimson Collective: A New Threat Group Observed Operating in the Cloud
• Qantas says customer data released by cyber criminals months after cyber breach
• China is hacking America’s critical infrastructure, former NSA and retired Gen. Tim Haugh warns
• Chinese hackers abuse geo-mapping tool for year-long persistence
• Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
• Chinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for Months
• BlackSuit Ransomware Breaches Corporate Network Using Single Compromised VPN Credential 

Other News Events of Note and Interest

• Cool Tool: ValiDrive quickly verifies if your flash based storage is legit
• Layoffs, reassignments further deplete CISA
• Google pitches Workspace tools for ‘when, not if’ Microsoft 365 fails
• YouTube has a new video player
• Mozilla’s Firefox adds Perplexity’s AI answer engine as a new search option
• Everything Is Television
• A Computing Legend Speaks
• Software update bricks some Jeep 4xe hybrids over the weekend
• Your passwords don’t need so many fiddly characters, NIST says
• China’s ‘Darwin Monkey’ is the world’s largest brain-inspired supercomputer
• Dutch government takes control of Chinese-owned chipmaker Nexperia
• Scientists ‘reawaken’ ancient microbes from permafrost — and discover they start churning out CO2 soon after
• Nearly three decades after it started saving the web, Internet Archive just preserved its 1 trillionth page
• Windows 10/11 users have a reason to rejoice as Microsoft’s rival gains platform support
• AI, LLM’s, and Skynet
• Top US Army General Says He’s Letting ChatGPT Make Military Decisions
• OpenAI, Broadcom Forge Multibillion-Dollar Chip-Development Deal
• Gartner: Why Gen AI is Hitting a Disillusionment Phase
• Import AI 431: Technological Optimism and Appropriate Fear
• Dead celebrities are apparently fair game for Sora 2 video manipulation
• Oracle goes all-in on AI with an ‘open’ approach
• Microsoft: Russia, China increasingly using AI to escalate cyberattacks on the US
• Microsoft
• Microsoft Digital Defense Report 2025
• Goodbye Microsoft Word. China chooses WPS Office for official documents
• I don’t use the Microsoft Store or websites to install Windows apps anymore
• Claude now integrates directly with Microsoft 365
• Microsoft announces in-country data processing for Microsoft 365 Copilot in UAE
• Microsoft: Office 2016 and Office 2019 have reached end of support
• Microsoft warns of the dangers of Shadow AI
• Microsoft will help your boss see how much you’re using AI
• Microsoft Makes Every Windows 11 PC an AI Copilot Hub
• Microsoft identifies boardroom cyber awareness as a top priority
• Microsoft: Sept Windows Server updates cause Active Directory issues
• Microsoft Windows Security Updates for October 2025 are now available
• Microsoft update breaks localhost in Windows 11
• Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections
• Microsoft confirms Windows 11 October 2025 Update breaks WinRE (Recovery) input
• Final Windows 10 Patch Tuesday update rolls out as support ends
• Almost half of global endpoints still run Windows 10, despite reaching end-of-life
• Time to leave Windows 11 23H2 behind, warns Microsoft, as the end of support nears
• Windows 11 KB5066835 and KB5066793 updates released
• Windows 11 KB5066835 25H2 adds new features, direct download links