Microsoft's Massive October Patch Tuesday Fixes 175 Flaws and 3 Zero-Days; F5 Discloses Nation-State Breach

Publication Date: October 14, 2025

Summary

This cybersecurity advisory for October 14, 2025, covers a record-breaking Microsoft Patch Tuesday addressing 175 vulnerabilities, including three actively exploited zero-days. Additionally, F5 disclosed a major breach by a nation-state actor, resulting in the theft of BIG-IP source code and a CISA emergency directive. Other significant events include new campaigns by Chinese APTs Flax Typhoon and Jewelbug, a novel phishing attack abusing NPM infrastructure, and ongoing ransomware activity from the Qilin group.

Today New Articles

F5 Breached by Nation-State Actor; BIG-IP Source Code Stolen, CISA Issues Emergency Directive

Application security vendor F5 has disclosed a major security breach attributed to a 'highly sophisticated nation-state threat actor.' The attackers maintained long-term access to F5's internal development environments, exfiltrating portions of the BIG-IP sour...

Chinese APT 'Jewelbug' Breaches Russian IT Firm in Supply Chain Threat

In a rare instance of Chinese cyber-espionage targeting a Russian entity, the APT group known as Jewelbug compromised a Russian IT service provider for five months in early 2025. According to Symantec, the attackers gained access to the firm's code repositorie...

Fashion Retailer MANGO Discloses Data Breach from Third-Party Vendor

Global fashion retailer MANGO has notified customers of a data breach that originated from a compromise at an external marketing service provider. The incident, disclosed on October 14, 2025, resulted in the unauthorized access of customer contact information,...

Adobe Patches 35+ Flaws, Including Critical RCE Bug in Connect

As part of its October 2025 security updates, Adobe has released patches for more than 35 vulnerabilities across a dozen products. The most severe of these is a critical cross-site scripting (XSS) vulnerability in Adobe Connect, tracked as CVE-2025-49553, whic...

Massive Botnet of 100k+ IPs Targets U.S. RDP Services

Security researchers at GreyNoise have identified a massive, coordinated botnet campaign targeting Remote Desktop Protocol (RDP) services across the United States. The operation, which began on October 8, 2025, involves over 100,000 unique IP addresses from mo...

'Mysterious Elephant' APT Evolves, Deploys Custom Tools in Espionage Campaign

The cyber-espionage group known as 'Mysterious Elephant' has demonstrated a significant evolution in its capabilities, moving away from recycled malware to deploying its own custom-developed tools. Since early 2025, the APT group has been targeting government...

Article Updates

Qilin Ransomware Hits Japanese Beer Giant Asahi, Steals 27GB of Data

Update:The Qilin ransomware group has added U.S.-based electrical equipment manufacturer Beta Dyne and Middlesex Appraisal Associates to its leak site, indicating continued active operations. Research from Resecurity highlights the group's resilience, attributing it...