Daily Digest

Microsoft's Massive October Patch Tuesday Fixes 175 Flaws and 3 Zero-Days; F5 Discloses Nation-State Breach

Microsoft's Massive October Patch Tuesday Fixes 175 Flaws and 3 Zero-Days; F5 Discloses Nation-State Breach

October 14, 2025
7 articles (6 new, 1 updated)
21 min read

Summary

This cybersecurity advisory for October 14, 2025, covers a record-breaking Microsoft Patch Tuesday addressing 175 vulnerabilities, including three actively exploited zero-days. Additionally, F5 disclosed a major breach by a nation-state actor, resulting in the theft of BIG-IP source code and a CISA emergency directive. Other significant events include new campaigns by Chinese APTs Flax Typhoon and Jewelbug, a novel phishing attack abusing NPM infrastructure, and ongoing ransomware activity from the Qilin group.

Filter by Category

New Articles (6)

F5 Breached by Nation-State Actor; BIG-IP Source Code Stolen, CISA Issues Emergency Directive

CRITICAL

F5 Discloses Major Breach by Nation-State Actor; CISA Issues Emergency Directive After BIG-IP Source Code and Vulnerability Data Exfiltrated

Application security vendor F5 has disclosed a major security breach attributed to a 'highly sophisticated nation-state threat actor.' The attackers maintained long-term access to F5's internal development environments, exfiltrating portions of the BIG-IP source code, information on undisclosed vulnerabilities, and some customer configuration data. While F5 states there is no evidence of software supply chain modification, the incident poses a significant future risk. In response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 26-01, mandating all federal civilian agencies to immediately patch F5 products, inventory devices, and remove end-of-life systems from their networks.

October 14, 2025
5 min read
Nation-StateAPTSource Code LeakCISAEmergency Directive +1 more
F5 Breached by Nation-State Actor; BIG-IP Source Code Stolen, CISA Issues Emergency Directive
Supply Chain Attack
Data Breach
Threat Actor

Chinese APT 'Jewelbug' Breaches Russian IT Firm in Supply Chain Threat

HIGH

Chinese APT Jewelbug Targets Russian IT Provider in Five-Month Espionage Campaign, Raising Supply Chain Attack Concerns

In a rare instance of Chinese cyber-espionage targeting a Russian entity, the APT group known as Jewelbug compromised a Russian IT service provider for five months in early 2025. According to Symantec, the attackers gained access to the firm's code repositories and software build systems, creating a significant risk of a software supply chain attack. The group used the powerful ShadowPad backdoor and exfiltrated data to Yandex Cloud to evade detection. This campaign highlights the expanding target scope of Chinese APTs and their focus on compromising trusted providers to enable downstream attacks.

October 14, 2025
5 min read
APTJewelbugCyber-espionageSupply Chain AttackShadowPad +2 more
Chinese APT 'Jewelbug' Breaches Russian IT Firm in Supply Chain Threat
Threat Actor
Supply Chain Attack
Cyberattack

Fashion Retailer MANGO Discloses Data Breach from Third-Party Vendor

MEDIUM

Spanish Retailer MANGO Confirms Data Breach via Compromised Third-Party Marketing Vendor

Global fashion retailer MANGO has notified customers of a data breach that originated from a compromise at an external marketing service provider. The incident, disclosed on October 14, 2025, resulted in the unauthorized access of customer contact information, including names, country, postal codes, email addresses, and phone numbers. MANGO has confirmed that its internal systems were not affected and that no sensitive financial data or account credentials were exposed. The company has reported the breach to the Spanish Data Protection Agency (AEPD) and is advising customers to be wary of potential phishing attacks.

October 14, 2025
4 min read
Data BreachThird-Party BreachSupply Chain AttackRetailPII +1 more
Fashion Retailer MANGO Discloses Data Breach from Third-Party Vendor
Data Breach
Supply Chain Attack

Adobe Patches 35+ Flaws, Including Critical RCE Bug in Connect

HIGH

Adobe's October 2025 Security Updates Address Over 35 Vulnerabilities, Including Critical Code Execution Flaw in Adobe Connect

As part of its October 2025 security updates, Adobe has released patches for more than 35 vulnerabilities across a dozen products. The most severe of these is a critical cross-site scripting (XSS) vulnerability in Adobe Connect, tracked as CVE-2025-49553, which could lead to arbitrary code execution. The flaw holds a CVSS score of 9.3. Other high-severity flaws were addressed in Adobe Commerce and Magento Open Source. Adobe has assigned a lower priority rating to most updates but recommends that users of Commerce and Magento patch promptly due to a historically elevated risk of attack.

October 14, 2025
4 min read
AdobePatch TuesdayVulnerabilityRCEXSS +1 more
Adobe Patches 35+ Flaws, Including Critical RCE Bug in Connect
Patch Management
Vulnerability

Massive Botnet of 100k+ IPs Targets U.S. RDP Services

HIGH

Coordinated Botnet with Over 100,000 IPs Targets U.S. Remote Desktop Protocol (RDP) Services

Security researchers at GreyNoise have identified a massive, coordinated botnet campaign targeting Remote Desktop Protocol (RDP) services across the United States. The operation, which began on October 8, 2025, involves over 100,000 unique IP addresses from more than 100 countries. The botnet is using enumeration and timing attacks against RD Web Access and RDP web clients to identify valid user credentials. The widespread and centrally controlled nature of the campaign poses a significant threat to any organization exposing RDP to the internet, as a successful compromise can quickly lead to ransomware deployment or data theft.

October 14, 2025
5 min read
BotnetRDPBrute ForceCredential StuffingCyberattack
Massive Botnet of 100k+ IPs Targets U.S. RDP Services
Cyberattack
Threat Intelligence

'Mysterious Elephant' APT Evolves, Deploys Custom Tools in Espionage Campaign

MEDIUM

'Mysterious Elephant' APT Shifts to Custom Malware in Cyber-Espionage Campaign Targeting South Asian Governments

The cyber-espionage group known as 'Mysterious Elephant' has demonstrated a significant evolution in its capabilities, moving away from recycled malware to deploying its own custom-developed tools. Since early 2025, the APT group has been targeting government and diplomatic entities in South Asia. This strategic shift indicates an increased level of sophistication and investment, allowing the group to create more effective and evasive malware for its intelligence-gathering operations. The campaign poses a notable threat to the targeted governments and may have indirect implications for European nations with interests in the region.

October 14, 2025
5 min read
APTMysterious ElephantCyber-espionageCustom MalwareSouth Asia +1 more
'Mysterious Elephant' APT Evolves, Deploys Custom Tools in Espionage Campaign
Threat Actor
Threat Intelligence

Updated Articles (1)

Qilin Ransomware Hits Japanese Beer Giant Asahi, Steals 27GB of Data

HIGH

Qilin Ransomware Group Claims Responsibility for Cyberattack on Asahi Group Holdings

Update:

The Qilin ransomware group has added U.S.-based electrical equipment manufacturer Beta Dyne and Middlesex Appraisal Associates to its leak site, indicating continued active operations. Research from Resecurity highlights the group's resilience, attributing it to the use of a global network of bulletproof hosting providers, which complicates disruption efforts. This update confirms Qilin's ongoing double-extortion campaign, posing a persistent threat across various sectors. New detection and mitigation strategies include monitoring for reconnaissance tools and credential dumping, and emphasizing robust backup and network segmentation.

October 9, 2025
Updated: October 14, 2025
4 min read
QilinRansomwareDouble ExtortionManufacturingSupply Chain +1 more
Qilin Ransomware Hits Japanese Beer Giant Asahi, Steals 27GB of Data
Ransomware
Cyberattack
Data Breach

📢 Share This Publication

Help others stay informed about cybersecurity threats