Daily Digest

Microsoft Patches 172 Flaws and Six Zero-Days; F5 Discloses Nation-State Breach Stealing BIG-IP Source Code

Microsoft Patches 172 Flaws and Six Zero-Days; F5 Discloses Nation-State Breach Stealing BIG-IP Source Code

October 15, 2025
6 articles (5 new, 1 updated)
18 min read

Summary

This intelligence briefing for October 15, 2025, covers a massive Microsoft Patch Tuesday addressing 172 vulnerabilities, including three actively exploited zero-days. A critical supply chain threat emerges as F5 discloses a long-term breach by a nation-state actor who stole BIG-IP source code, prompting a CISA emergency directive. Other major developments include the return of the LockBit ransomware group with an upgraded version, a surge in overall ransomware attacks, and multiple data breach and vulnerability disclosures affecting companies like Canadian Tire and Fortinet.

Filter by Category

New Articles (5)

Canadian Tire Reveals E-Commerce Data Breach Affecting Multiple Retail Brands

MEDIUM

Canadian Tire Corp. Discloses Data Breach Impacting Online Customers of Canadian Tire, SportChek, and Mark's

Canadian Tire Corp., a major Canadian retail conglomerate, has reported a data breach affecting its e-commerce customers. Discovered on October 2, 2025, the incident involved unauthorized access to a single database serving multiple brands, including Canadian Tire, SportChek, Mark's/L'Équipeur, and Party City. The exposed data includes customer names, addresses, email addresses, and years of birth. The company stated that financial data and its Triangle Rewards loyalty program were not impacted. For a subset of fewer than 150,000 customers whose full birth dates were exposed, Canadian Tire is offering complimentary credit monitoring services.

October 15, 2025
4 min read
Data BreachRetailPIICanadian TireCanada +1 more
Canadian Tire Reveals E-Commerce Data Breach Affecting Multiple Retail Brands

LockBit Ransomware Returns from Hiatus with Upgraded 'Version 5.0'

HIGH

Notorious LockBit Ransomware Group Resurfaces with Upgraded LockBit 5.0 Malware Featuring Anti-Analysis Capabilities

After a two-month hiatus following law enforcement disruption, the prolific LockBit ransomware group has returned, announcing the release of LockBit 5.0. This new version of the ransomware-as-a-service (RaaS) malware incorporates significant technical upgrades designed to evade detection and analysis. According to researchers, a key new feature is the ability to patch Event Tracing for Windows (ETW), a technique that blinds security monitoring tools by altering in-memory logging. The upgraded malware is designed for cross-platform attacks, targeting Windows, Linux, and VMware ESXi environments, signaling LockBit's intent to reclaim its dominant position in the cybercrime ecosystem.

October 15, 2025
5 min read
LockBitRansomwareRaaSMalwareETW +2 more
LockBit Ransomware Returns from Hiatus with Upgraded 'Version 5.0'

Ransomware Attacks Surge by 46% as Threat Actors Target Construction and Manufacturing

INFORMATIONAL

Check Point Report Shows 46% Surge in Ransomware Activity, with Qilin Group Leading Attacks on Industrial Sectors

Despite a slight decrease in overall weekly cyber attacks, ransomware activity has surged by 46%, according to a new report from Check Point Research. This indicates a strategic shift by threat actors towards more focused and impactful ransomware campaigns. The construction, business services, and industrial manufacturing sectors have been the most victimized, bearing the brunt of this new wave. The report identifies the Qilin ransomware-as-a-service (RaaS) group as one of the most prominent actors, responsible for 14.1% of publicly disclosed victims. The findings highlight an urgent need for organizations, especially in the industrial and business services sectors, to bolster their defenses against an increasingly targeted ransomware threat.

October 15, 2025
4 min read
RansomwareThreat IntelligenceCheck PointQilinManufacturing +1 more
Ransomware Attacks Surge by 46% as Threat Actors Target Construction and Manufacturing

Israeli Defense R&D Firm 'MAYA' Targeted in Pro-Resistance Hacktivist Attack

HIGH

Hacktivist Group 'Cyber Support Front' Claims Cyberattack on Israeli Defense R&D Firm MAYA

A hacktivist group calling itself the 'Cyber Support Front' has claimed responsibility for a cyberattack against MAYA, an Israeli research and development firm with close ties to the country's Ministry of Defense and major defense contractors like Elbit Systems and Rafael. In a public statement on October 14, the group alleged it had disrupted MAYA's systems and exfiltrated sensitive data, including designs for current and future military equipment. The claims have not been officially confirmed by Israeli authorities, but the incident highlights the ongoing threat of politically motivated cyberattacks against the defense industrial base.

October 15, 2025
4 min read
HacktivismCyberattackIsraelDefenseData Breach +1 more
Israeli Defense R&D Firm 'MAYA' Targeted in Pro-Resistance Hacktivist Attack

Fortinet Discloses High-Severity Authenticated RCE Flaw in FortiOS CLI

HIGH

Fortinet Reveals High-Severity Authenticated Command Execution Vulnerability in FortiOS Command Line Interface

Fortinet has disclosed a high-severity vulnerability in the command line interface (CLI) of its FortiOS operating system. The flaw could allow an authenticated attacker to execute arbitrary commands on the underlying system. While a CVE identifier has not yet been assigned and specific affected versions are not detailed, the vulnerability poses a significant risk. An attacker with valid CLI credentials could leverage this flaw to gain full control of a Fortinet appliance, bypass security controls, and use the device as a pivot point for further network intrusion. Administrators are urged to monitor for an official security advisory and apply patches as soon as they are available.

October 15, 2025
4 min read
FortinetFortiOSVulnerabilityCLIAuthenticated +1 more
Fortinet Discloses High-Severity Authenticated RCE Flaw in FortiOS CLI

Updated Articles (1)

F5 Breached by Nation-State Actor; BIG-IP Source Code Stolen, CISA Issues Emergency Directive

CRITICAL

F5 Discloses Major Breach by Nation-State Actor; CISA Issues Emergency Directive After BIG-IP Source Code and Vulnerability Data Exfiltrated

Update:

The F5 breach, previously attributed to an unnamed nation-state actor, is now linked to the China-nexus group UNC5221. This sophisticated threat actor maintained persistent access for over a year, exfiltrating BIG-IP source code and internal vulnerability data. The group reportedly utilized BRICKSTORM malware during the intrusion. F5 has engaged Mandiant and CrowdStrike to assist with the incident response. This attribution provides critical context, confirming the advanced nature of the threat and offering potential insights into the adversary's capabilities and motives. The CISA Emergency Directive 26-01 remains in effect, urging federal agencies to patch F5 devices.

October 14, 2025
Updated: October 15, 2025
5 min read
Nation-StateAPTSource Code LeakCISAEmergency Directive +1 more
F5 Breached by Nation-State Actor; BIG-IP Source Code Stolen, CISA Issues Emergency Directive

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.