Nation-State Actors Breach F5 Networks Stealing BIG-IP Source Code; AI Phishing Effectiveness Skyrockets

AI-Powered Phishing Emails Achieve 54% Click-Through Rate, Microsoft's 2025 Digital Defense Report Reveals

According to the Microsoft 2025 Digital Defense Report, the effectiveness of phishing attacks has surged with the adoption of artificial intelligence. AI-generated emails now achieve a 54% click-through rate, 4.5 times higher than traditional methods. The report, covering July 2024 to June 2025, also highlights a 32% increase in identity-based attacks and the growing use of AI by nation-state actors for disinformation. Microsoft stresses that phishing-resistant MFA remains the most effective defense, blocking over 99% of identity attacks.

AIPhishingMicrosoftThreat IntelligenceMFA +3 more

5 min read

Phishing

Threat Intelligence

Malware

Cisco Zero-Day Flaw Actively Exploited to Implant Linux Rootkits on Network Switches

CRITICAL

Cisco Zero-Day (CVE-2025-20352) Exploited in 'ZeroDisco' Operation to Deploy Linux Rootkits on Network Switches

A critical zero-day vulnerability in Cisco IOS and IOS XE software, tracked as CVE-2025-20352, has been actively exploited in the wild to install Linux rootkits on network devices. The campaign, dubbed 'ZeroDisco' by Trend Micro, targeted Cisco 9400, 9300, and 3750G series switches. The attackers leveraged the SNMP stack overflow flaw for remote code execution after obtaining high-privilege credentials, implanting a fileless rootkit that could evade detection by disappearing after a reboot. Cisco has released patches and urges customers to update affected devices immediately.

CiscoZero-DayCVE-2025-20352RootkitLinux +5 more

5 min read

Cisco Zero-Day Flaw Actively Exploited to Implant Linux Rootkits on Network Switches

Vulnerability

Cyberattack

Malware

Deloitte to Pay $6.3M in Settlement for Rhode Island Data Breach Affecting 640,000

Deloitte Reaches $6.3 Million Proposed Settlement in Class-Action Lawsuit Over Rhode Island Data Breach

Deloitte has agreed to a proposed $6.3 million class-action settlement related to a 2024 cyberattack that compromised the personal data of 640,000 Rhode Island residents—nearly half the state's population. The breach affected the state's 'RIBridges' social services system, which was managed by Deloitte. The incident resulted in significant disruption to state government services and the eventual leak of some compromised data on the dark web. This settlement is in addition to a previous $5 million payment Deloitte made to the state to cover breach-related expenses.

Data BreachDeloitteRhode IslandSettlementClass Action +3 more

Data Breach

Regulatory

Policy and Compliance

New 'CAPI Backdoor' Malware Targets Russian Auto and E-Commerce Firms

MEDIUM

New CAPI Backdoor Phishing Campaign Targets Russian Automobile and E-Commerce Industries

A new cyberespionage campaign is targeting the Russian automobile and e-commerce sectors using a previously undocumented .NET malware known as 'CAPI Backdoor'. According to researchers at Seqrite Labs, the attack is initiated through phishing emails containing a ZIP archive with a malicious LNK file. The malware uses a living-off-the-land technique, executing via 'rundll32.exe', and establishes persistence through scheduled tasks and startup folder entries. CAPI Backdoor is designed to gather system information, check for antivirus products, and exfiltrate data to a C2 server.

CAPI BackdoorMalware.NETPhishingCyber Espionage +3 more

Malware

Phishing

Threat Actor

Everest Ransomware Claims Collins Aerospace Hack; Leak Site Mysteriously Goes Offline

Everest Ransomware Group Takes Credit for Collins Aerospace Breach, Then Its Data Leak Site Goes Offline

The Everest ransomware group has claimed responsibility for the September 2025 cyberattack on Collins Aerospace, a major aviation and defense contractor. The attack caused widespread disruption, affecting check-in and boarding systems at major European airports like Heathrow and Brussels. Shortly after posting the claim on its dark web data leak site, the site became inaccessible, displaying a "Fatal error" message. This has fueled speculation about a potential law enforcement takedown or internal disruption within the ransomware group.

EverestRansomwareCollins AerospaceAviationSupply Chain Attack +2 more

Ransomware

Cyberattack

Supply Chain Attack

Massive Supply Chain Risk Found in VSCode Marketplace; 100+ Extensions Leaked Access Tokens

CRITICAL

Critical Supply Chain Risk Uncovered in VSCode Extension Marketplaces, Potentially Affecting 150,000 Users

Researchers at Wiz have discovered a significant supply chain risk in the popular VSCode and OpenVSX extension marketplaces. They found that publishers of over 100 extensions had inadvertently leaked their access tokens, which could have allowed attackers to hijack the extensions and distribute malware to more than 150,000 users. The research also uncovered over 550 exposed secrets within 500+ extensions, providing access to developer accounts on services like AWS, GitHub, and OpenAI, further highlighting the pervasive security risks in the software development ecosystem.

VSCodeSupply Chain AttackWizSecrets ManagementDevSecOps +2 more

Massive Supply Chain Risk Found in VSCode Marketplace; 100+ Extensions Leaked Access Tokens

Supply Chain Attack

Vulnerability

Cloud Security

Updated Articles (3)

UK's NCSC Warns of 'Alarming' Rise in Cyberattacks, Doubling in Past Year

INFORMATIONAL

UK's National Cyber Security Centre Reports "Nationally Significant" Cyberattacks More Than Doubled

Update:

Further analysis of the NCSC's report emphasizes that supply chain vulnerabilities are a critical factor behind the doubling of nationally significant cyberattacks. Experts, including Simon Colvin of Pinsent Masons, point to third-party service providers like IT helpdesks and MSPs as common gateways for attackers to breach core business systems. A September 2025 survey by Cips supports this, revealing that 29% of procurement managers reported a supply chain partner had been attacked recently. This highlights a systemic risk, expanding the attack surface and necessitating enhanced vendor risk management, principle of least privilege, and network segmentation for mitigation.

October 6, 2025

Updated: October 18, 2025

NCSCUKThreat ReportState-Sponsored HackingRansomware +1 more

UK's NCSC Warns of 'Alarming' Rise in Cyberattacks, Doubling in Past Year

Policy and Compliance

Regulatory

Threat Intelligence

Ransomware Attacks Surge 36% in Q3 2025, Data Stolen in 96% of Cases

Updated: October 18, 2025

BlackFog Report: Ransomware Attacks Rose 36% in Q3 2025, Qilin Most Active Group

Update:

The Black Fog Q3 2025 report update reveals an estimated 1,510 unreported ransomware attacks, significantly expanding the known scope of the threat. It highlights that manufacturing and services are the most impacted overall when considering these non-disclosed incidents. Additionally, the report details that ransomware gangs stole an average of 527.65 GB of data per victim and listed 449 victims on data leak sites. A concerning lack of transparency is noted, with 71% of victim notifications failing to specify the incident's root cause, complicating threat intelligence efforts. The update also provides specific D3FEND mappings for detection and mitigation strategies.

October 17, 2025

RansomwareThreat IntelligenceQ3 2025BlackFogQilin +2 more

Ransomware

Threat Intelligence

Threat Actor

Clop Ransomware Claims Harvard University Breach, Threatens Data Leak