Daily Digest

Microsoft Patches Three Zero-Days, F5 Suffers Nation-State Breach, and Critical Adobe Flaw Actively Exploited

Microsoft Patches Three Zero-Days, F5 Suffers Nation-State Breach, and Critical Adobe Flaw Actively Exploited

October 17, 2025
8 articles (5 new, 3 updated)
24 min read

Summary

This cybersecurity brief for October 17, 2025, covers a massive Microsoft Patch Tuesday addressing over 172 vulnerabilities, including three actively exploited zero-days. In other major news, F5 Networks disclosed a significant breach by a nation-state actor resulting in source code theft, and CISA issued an urgent warning for a critical, actively exploited Adobe AEM vulnerability with a 10.0 CVSS score. Additional stories include a massive data breach at lending platform Prosper affecting 17.6 million users, a surge in AKIRA ransomware attacks targeting Swiss companies, and new regulatory pressures from a stricter data breach notification law in California.

Filter by Category

New Articles (5)

CISA Warns: Critical Adobe AEM Flaw (CVSS 10.0) Actively Exploited

CRITICAL

CISA Adds Critical Adobe Experience Manager RCE Flaw (CVE-2025-54253) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning for a critical remote code execution (RCE) vulnerability in Adobe Experience Manager (AEM) Forms, tracked as CVE-2025-54253. The flaw, which carries a perfect 10.0 CVSS score, allows for unauthenticated arbitrary code execution and is being actively exploited in the wild. CISA has added it to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch by November 5, 2025. The vulnerability stems from a misconfiguration in JEE versions of AEM that exposes a debug servlet, allowing attackers to achieve full system compromise.

October 17, 2025
4 min read
AdobeAEMRCECISAKEV +3 more
CISA Warns: Critical Adobe AEM Flaw (CVSS 10.0) Actively Exploited
Vulnerability
Patch Management
Cyberattack

Lending Platform Prosper Breached, 17.6 Million Accounts Exposed

HIGH

Prosper Confirms Massive Data Breach Affecting 17.6 Million Users; Data Added to 'Have I Been Pwned'

The peer-to-peer lending platform Prosper has confirmed a massive data breach that exposed the personal and sensitive information of approximately 17.6 million user accounts. The breach notification service 'Have I Been Pwned' has already incorporated the data set, which includes names, email addresses, and phone numbers. The incident places millions of users at a significantly higher risk of targeted phishing campaigns, identity theft, and other fraudulent activities. Affected users are strongly advised to change their passwords and enable multi-factor authentication immediately.

October 17, 2025
4 min read
Data BreachPIIProsperFinTechHave I Been Pwned +2 more
Lending Platform Prosper Breached, 17.6 Million Accounts Exposed
Data Breach
Phishing
Regulatory

UK Fines Capita £14M for "Preventable" 2023 Data Breach

MEDIUM

UK's ICO Fines Capita £14 Million for Failures in 2023 Data Breach Response

The UK's Information Commissioner's Office (ICO) has levied a £14 million fine against outsourcing giant Capita for significant data protection failures related to a March 2023 data breach that impacted 6.6 million people. The ICO's investigation concluded the breach was 'preventable' and heavily criticized Capita's slow incident response, noting that a compromised device remained active on the network for 58 hours after detection, allowing for further exploitation. The penalty highlights the increasing regulatory focus on the speed and efficacy of breach containment.

October 17, 2025
4 min read
ICOFineData BreachRegulatoryIncident Response +2 more
UK Fines Capita £14M for "Preventable" 2023 Data Breach
Regulatory
Policy and Compliance
Data Breach

CISA Issues 13 Advisories for Critical ICS/OT Vulnerabilities

HIGH

CISA Publishes 13 ICS Advisories for Flaws in Rockwell, Siemens, and Schneider Electric Products

On October 16, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a significant batch of thirteen advisories for vulnerabilities affecting Industrial Control Systems (ICS). These alerts impact widely used Operational Technology (OT) products from major vendors including Rockwell Automation, Siemens, Hitachi Energy, Schneider Electric, and Delta Electronics. The flaws pose a direct risk to critical infrastructure sectors such as manufacturing and energy. CISA is urging all asset owners and operators to review the advisories and implement the recommended mitigations immediately.

October 17, 2025
4 min read
ICSOTSCADACISAVulnerability +3 more
CISA Issues 13 Advisories for Critical ICS/OT Vulnerabilities
Industrial Control Systems
Vulnerability
Patch Management

California Enacts Stricter Data Breach Law with 30-Day Notification Deadline

MEDIUM

California's New Senate Bill 446 Mandates 30-Day Data Breach Notification

California has enacted Senate Bill 446, a new law that significantly shortens the data breach notification timeline for businesses. Organizations must now inform affected California residents of a data breach involving unencrypted personal information within 30 calendar days of its discovery. This amendment to the state's already stringent privacy laws places increased pressure on companies to have highly efficient incident detection and response processes in place to meet the accelerated deadline.

October 17, 2025
4 min read
CaliforniaData Breach NotificationPrivacy LawCCPACPRA +2 more
California Enacts Stricter Data Breach Law with 30-Day Notification Deadline
Regulatory
Policy and Compliance
Data Breach

Updated Articles (3)

Ransomware Attacks Surge by 46% as Threat Actors Target Construction and Manufacturing

INFORMATIONAL

Check Point Report Shows 46% Surge in Ransomware Activity, with Qilin Group Leading Attacks on Industrial Sectors

Update:

A BlackFog report for Q3 2025 reveals a 36% year-over-year increase in ransomware attacks, reaching record levels. Critically, data exfiltration is now a near-universal tactic, occurring in 96% of incidents, confirming the dominance of double-extortion. The Qilin group remains highly active. Healthcare was the most targeted public sector, while manufacturing was hardest hit in non-disclosed attacks. This update reinforces the escalating threat and the critical need for data exfiltration prevention, highlighting new mitigation strategies like DLP and network traffic analysis.

October 15, 2025
Updated: October 17, 2025
4 min read
RansomwareThreat IntelligenceCheck PointQilinManufacturing +1 more
Ransomware Attacks Surge by 46% as Threat Actors Target Construction and Manufacturing
Ransomware
Threat Intelligence

Akira Ransomware Gang Actively Exploiting SonicWall VPNs for Network Breaches

CRITICAL

Akira Ransomware Group Targets SonicWall SSL VPN Devices for Initial Access

Update:

Swiss federal authorities (NCSC, fedpol) have issued a joint warning regarding a significant escalation in AKIRA ransomware attacks, impacting approximately 200 Swiss companies. Damages are in the millions of Swiss francs, with attacks intensifying to four to five per week. The primary initial access vectors are insecure remote access methods, specifically VPNs and RDP, lacking multi-factor authentication. This update highlights a broader targeting strategy beyond specific VPN vulnerabilities, emphasizing the critical need for MFA on all remote services to counter the group's intensified campaign.

October 11, 2025
Updated: October 17, 2025
6 min read
AkiraransomwareSonicWallVPNinitial access +1 more
Akira Ransomware Gang Actively Exploiting SonicWall VPNs for Network Breaches
Ransomware
Cyberattack
Vulnerability

CISA Orders Urgent Patching After Chinese Hackers Steal F5 Source Code

CRITICAL

Nation-State Actor Breaches F5, Stealing BIG-IP Source Code and Undisclosed Vulnerabilities, CISA Issues Emergency Directive

Update:

New intelligence attributes the F5 breach to the Chinese espionage group UNC5221, known for using the BRICKSTORM backdoor to exfiltrate source code. This update also highlights the release of 44 new F5 vulnerability patches, including CVE-2025-53868, which customers must apply immediately. The Australian Cyber Security Centre (ACSC) has issued an urgent advisory, reinforcing the global impact and the need for heightened vigilance. While F5 found no evidence of supply chain compromise, the specific attribution and volume of patches underscore the increased and immediate threat to F5 users worldwide.

October 16, 2025
Updated: October 17, 2025
6 min read
F5BIG-IPCISAEmergency DirectiveSource Code +4 more
CISA Orders Urgent Patching After Chinese Hackers Steal F5 Source Code
Supply Chain Attack
Data Breach
Threat Actor

📢 Share This Publication

Help others stay informed about cybersecurity threats