Major Incidents or Breaches

  • F5 disclosed a significant breach attributed to nation-state actors, resulting in the theft of BIG-IP source code, undisclosed security vulnerabilities, and some customer information. The attack profile suggests Chinese involvement. Patches for stolen vulnerabilities have been released, and CISA has issued an emergency directive regarding F5 devices.
  • Capita has been fined £14 million by the UK Information Commissioner’s Office for a 2023 data breach that exposed personal data of 6.6 million people.
  • Harvard University suffered a breach via an Oracle zero-day exploit, with the Clop ransomware group claiming responsibility as part of a broader campaign targeting Oracle customers.
  • Spanish retailer MANGO disclosed a data breach affecting customer information, resulting from a compromise at a marketing vendor.
  • A 19-year-old individual was sentenced to four years in prison for orchestrating a major cyberattack on PowerSchool in December 2024.
  • Over 100 Visual Studio Code (VS Code) extensions were found to have leaked access tokens, creating supply chain risks by allowing attackers to update extensions maliciously.
  • Discord named customer service firm 5CA as the third-party responsible for a data breach; 5CA denies involvement.
  • Scientists reported ongoing leakage of unencrypted voice calls and text messages from geostationary satellites, exposing sensitive personal and business data.

Newly Discovered Vulnerabilities

  • Microsoft released fixes for 183 security flaws, including two new zero-days actively exploited in the wild—one affecting every version of Windows ever shipped.
  • A critical vulnerability in Adobe Experience Manager, rated CVSS 10.0, is under active attack and has been added to CISA’s Known Exploited Vulnerabilities catalog.
  • F5 released security updates for BIG-IP vulnerabilities compromised during the recent breach.
  • High-severity vulnerabilities have been patched by Fortinet and Ivanti in their October 2025 Patch Tuesday updates.
  • Siemens, Schneider, Rockwell, ABB, and Phoenix Contact published over 20 advisories addressing vulnerabilities in their industrial control systems (ICS).
  • Microsoft confirmed that September 2025 Windows Server updates are causing Active Directory issues on Windows Server 2025 systems.

Notable Threat Actor Activity

  • The Mysterious Elephant APT group has intensified operations, targeting government and diplomatic entities in South Asia with custom tools such as BabShell and MemLoader HidenDesk, and exfiltrating WhatsApp-related data.
  • Chinese threat group ‘Jewelbug’ conducted a five-month-long intrusion into a Russian IT service provider, indicating geographic expansion beyond Southeast Asia.
  • Clop ransomware group claimed responsibility for the Harvard University breach as part of a campaign exploiting Oracle zero-day vulnerabilities.
  • A new banking trojan, Maverick, was distributed at scale in Brazil via malicious LNK files sent over WhatsApp. The malware shares code with Coyote.
  • Ongoing phishing campaigns are targeting LastPass and Bitwarden users with fake breach alerts, leading to PC compromise through malicious downloads. Similar phishing tactics are being used against Robinhood users.

Trends, Tools, or Tactics of Interest

  • Attackers are actively bypassing synced passkeys, highlighting inherent risks in cloud-based passkey deployments.
  • There is an increase in supply chain risks due to compromised VS Code extensions, with over 100 leaking tokens that could allow malicious updates.
  • Satellite communications remain insecure, with continued leakage of unencrypted sensitive data.
  • Dark web threats are increasingly hiding within normal network traffic, with network detection and response (NDR) platforms being promoted as effective countermeasures.
  • TikTok is being used as a platform for crypto-related scams, luring victims with fraudulent paywall schemes.

Regulatory or Policy Developments Affecting the Security Industry

  • The UK ICO imposed a £14 million fine on Capita for failing to protect personal data in a 2023 breach.
  • CISA issued an emergency directive mandating urgent remediation of critical vulnerabilities in F5 devices.
  • LevelBlue announced plans to acquire Cybereason, expanding its extended detection and response (XDR) and managed detection and response (MDR) portfolio.