Microsoft Patches 3 Zero-Days Under Active Attack; Cl0p, Qilin, and Flax Typhoon Launch Major Campaigns
Summary
In the period of October 5-6, 2025, the cybersecurity landscape was dominated by Microsoft's massive October Patch Tuesday, which addressed 175 vulnerabilities including three actively exploited zero-days. Concurrently, major threat actors launched significant campaigns: the Cl0p ransomware group exploited a zero-day in Oracle E-Business Suite for mass extortion, the Qilin gang crippled Asahi Breweries demanding a $10M ransom, and the Chinese APT Flax Typhoon was found using a novel ArcGIS server backdoor for long-term espionage. Other key events include a major escalation in the SonicWall data breach, a novel phishing technique abusing the NPM registry, and new warnings from CISA regarding widespread ICS vulnerabilities.
Today New Articles
Microsoft Patches 3 Zero-Days Under Active Attack in Massive October Update
Microsoft has released its October 2025 Patch Tuesday update, a colossal release addressing 175 security flaws across its product suite. The update is highlighted by emergency patches for three zero-day vulnerabilities confirmed to be actively exploited in the...
Chinese APT Flax Typhoon Weaponizes ArcGIS Server as Persistent Backdoor in Year-Long Spy Campaign
The China-linked threat group Flax Typhoon (also known as Ethereal Panda) conducted a sophisticated, year-long espionage campaign against a government agency by compromising an Esri ArcGIS server. According to researchers at ReliaQuest, the attackers modified...
Qilin Ransomware Cripples Asahi Breweries, Demands $10 Million Ransom
The Qilin ransomware group has claimed responsibility for a devastating cyberattack against Asahi Group Holdings, one of Japan's largest beverage companies. The attack, which occurred in late September, forced the company to halt production at 30 factories and...
CISA Warns of Widespread Flaws in Industrial Control Systems from Major Vendors
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a series of advisories warning of numerous vulnerabilities in Industrial Control Systems (ICS) from prominent vendors, including Rockwell Automation, Hitachi Energy, Mitsubishi Elect...
Phishing Campaign Abuses NPM and UNPKG CDN to Steal Credentials
A sophisticated phishing campaign, dubbed "Beamglea," is abusing the public NPM registry and the trusted unpkg.com CDN to host and deliver credential-stealing malware. Researchers at Socket discovered over 175 malicious, disposable NPM packages created solely...
UK's NCSC Warns of 'Alarming' Rise in Cyberattacks, Doubling in Past Year
The UK's National Cyber Security Centre (NCSC) revealed in its 2025 annual review that it managed 204 "nationally significant" cyberattacks over the past year, more than double the 89 incidents from the previous year. The agency attributed the alarming surge t...
G7 Cyber Experts Issue Statement on Managing AI Risks in Financial Sector
The G7 Cyber Expert Group (CEG) has issued a formal statement on the cybersecurity implications of Artificial Intelligence (AI) within the financial sector. Released on October 6, 2025, the document highlights the dual nature of AI, acknowledging its potential...
Cl0p Ransomware Exploits Oracle E-Business Suite Zero-Day in Mass Attack
The notorious Cl0p ransomware gang is conducting a widespread extortion campaign by exploiting a critical, unauthenticated remote code execution (RCE) zero-day vulnerability (CVE-2025-61882) in Oracle E-Business Suite. The campaign, active since at least Augus...
SonicWall Breach Escalates: 100% of Cloud Backups Confirmed Stolen
Firewall vendor SonicWall has dramatically escalated the severity of a recent data breach, confirming that an investigation found that 100% of customers using its cloud backup service had their firewall configuration files stolen. This admission, made on Octob...
"Maverick": New Banking Trojan Spreads via WhatsApp in Brazil
A new and sophisticated fileless banking Trojan named "Maverick" is spreading rapidly in Brazil through a large-scale WhatsApp campaign. According to Kaspersky researchers, the malware is delivered via ZIP archives containing malicious LNK files, a method that...