Microsoft Patches Three Zero-Days, F5 Suffers Nation-State Breach, and Critical Adobe Flaw Actively Exploited

Publication Date: October 17, 2025

Summary

This cybersecurity brief for October 17, 2025, covers a massive Microsoft Patch Tuesday addressing over 172 vulnerabilities, including three actively exploited zero-days. In other major news, F5 Networks disclosed a significant breach by a nation-state actor resulting in source code theft, and CISA issued an urgent warning for a critical, actively exploited Adobe AEM vulnerability with a 10.0 CVSS score. Additional stories include a massive data breach at lending platform Prosper affecting 17.6 million users, a surge in AKIRA ransomware attacks targeting Swiss companies, and new regulatory pressures from a stricter data breach notification law in California.

Today New Articles

CISA Warns: Critical Adobe AEM Flaw (CVSS 10.0) Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning for a critical remote code execution (RCE) vulnerability in Adobe Experience Manager (AEM) Forms, tracked as CVE-2025-54253. The flaw, which carries a perfect 10.0 CV...

Lending Platform Prosper Breached, 17.6 Million Accounts Exposed

The peer-to-peer lending platform Prosper has confirmed a massive data breach that exposed the personal and sensitive information of approximately 17.6 million user accounts. The breach notification service 'Have I Been Pwned' has already incorporated the data...

UK Fines Capita £14M for "Preventable" 2023 Data Breach

The UK's Information Commissioner's Office (ICO) has levied a £14 million fine against outsourcing giant Capita for significant data protection failures related to a March 2023 data breach that impacted 6.6 million people. The ICO's investigation concluded the...

CISA Issues 13 Advisories for Critical ICS/OT Vulnerabilities

On October 16, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a significant batch of thirteen advisories for vulnerabilities affecting Industrial Control Systems (ICS). These alerts impact widely used Operational Technology (OT...

California Enacts Stricter Data Breach Law with 30-Day Notification Deadline

California has enacted Senate Bill 446, a new law that significantly shortens the data breach notification timeline for businesses. Organizations must now inform affected California residents of a data breach involving unencrypted personal information within 3...

Article Updates

Akira Ransomware Gang Actively Exploiting SonicWall VPNs for Network Breaches

Update:Swiss federal authorities (NCSC, fedpol) have issued a joint warning regarding a significant escalation in AKIRA ransomware attacks, impacting approximately 200 Swiss companies. Damages are in the millions of Swiss francs, with attacks intensifying to four to...

Ransomware Attacks Surge by 46% as Threat Actors Target Construction and Manufacturing

Update:A BlackFog report for Q3 2025 reveals a 36% year-over-year increase in ransomware attacks, reaching record levels. Critically, data exfiltration is now a near-universal tactic, occurring in 96% of incidents, confirming the dominance of double-extortion. The Qi...

CISA Orders Urgent Patching After Chinese Hackers Steal F5 Source Code

Update:New intelligence attributes the F5 breach to the Chinese espionage group UNC5221, known for using the BRICKSTORM backdoor to exfiltrate source code. This update also highlights the release of 44 new F5 vulnerability patches, including CVE-2025-53868, which cus...