Major Incidents or Breaches

  • Jaguar Land Rover reported that the financial impact of a recent cyberattack reached £196 million ($220 million) for the July–September quarter.

Newly Discovered Vulnerabilities

  • FortiWeb CVE-2025-64446: Exploit attempts for this vulnerability have been detected in honeypots, indicating active targeting in the wild.
  • XWiki Critical Flaw: The RondoDox botnet is exploiting an unpatched critical vulnerability in XWiki instances, enabling arbitrary code execution and expanding its botnet footprint.

Notable Threat Actor Activity

  • RondoDox Botnet: Actively targeting unpatched XWiki servers to compromise additional devices through a critical security flaw.
  • ClickFix Malware: Threat actors are abusing the legacy “finger” protocol (finger.exe) to retrieve and execute remote commands on Windows devices.
  • North Korean IT Worker Operations: Five individuals in the U.S. pleaded guilty to facilitating North Korean IT workers’ infiltration of 136 companies, supporting illicit revenue generation and evasion of sanctions.
  • Chinese Hacking Contractor Leak: A significant leak has exposed tools and targeting information linked to a Chinese hacking contractor, providing insight into their operations and capabilities.

Trends, Tools, or Tactics of Interest

  • Revival of Legacy Protocols: The “finger” protocol, long considered obsolete, is being repurposed by malware such as ClickFix for command and control on modern Windows systems.
  • Botnet Expansion via Open Source Platforms: RondoDox’s focus on XWiki highlights ongoing botnet campaigns leveraging unpatched open-source software.

Regulatory or Policy Developments Affecting the Security Industry

  • U.S. Department of Justice Enforcement: The prosecution and guilty pleas of five U.S. individuals involved in supporting North Korean cyber operations underscore continued law enforcement focus on countering nation-state cybercrime and sanctions evasion.

Other Noteworthy Developments

  • Microsoft Windows 10 ESU Update Issue: Microsoft is investigating installation failures (error 0x800f0922) affecting the KB5068781 Extended Security Update on devices with corporate licensing.