Nation-State Actors Breach F5 Networks Stealing BIG-IP Source Code; AI Phishing Effectiveness Skyrockets

Publication Date: October 18, 2025

Summary

This cybersecurity brief for October 18, 2025, covers a critical supply chain attack against F5 Networks by a nation-state actor, resulting in the theft of BIG-IP source code and unpatched vulnerability data. Other major developments include a Microsoft report revealing AI-powered phishing is 4.5 times more effective, active exploitation of a Cisco zero-day to deploy rootkits, and the Clop ransomware group breaching an American Airlines subsidiary via Oracle EBS flaws. The period also saw rising ransomware attacks targeting healthcare and increased warnings about supply chain security from the UK's NCSC.

Today New Articles

Microsoft Report: AI-Generated Phishing Now 4.5x More Effective, Bypassing Traditional Defenses

According to the Microsoft 2025 Digital Defense Report, the effectiveness of phishing attacks has surged with the adoption of artificial intelligence. AI-generated emails now achieve a 54% click-through rate, 4.5 times higher than traditional methods. The repo...

Cisco Zero-Day Flaw Actively Exploited to Implant Linux Rootkits on Network Switches

A critical zero-day vulnerability in Cisco IOS and IOS XE software, tracked as CVE-2025-20352, has been actively exploited in the wild to install Linux rootkits on network devices. The campaign, dubbed 'ZeroDisco' by Trend Micro, targeted Cisco 9400, 9300, and...

Deloitte to Pay $6.3M in Settlement for Rhode Island Data Breach Affecting 640,000

Deloitte has agreed to a proposed $6.3 million class-action settlement related to a 2024 cyberattack that compromised the personal data of 640,000 Rhode Island residents—nearly half the state's population. The breach affected the state's 'RIBridges' social ser...

New 'CAPI Backdoor' Malware Targets Russian Auto and E-Commerce Firms

A new cyberespionage campaign is targeting the Russian automobile and e-commerce sectors using a previously undocumented .NET malware known as 'CAPI Backdoor'. According to researchers at Seqrite Labs, the attack is initiated through phishing emails containing...

Everest Ransomware Claims Collins Aerospace Hack; Leak Site Mysteriously Goes Offline

The Everest ransomware group has claimed responsibility for the September 2025 cyberattack on Collins Aerospace, a major aviation and defense contractor. The attack caused widespread disruption, affecting check-in and boarding systems at major European airport...

Massive Supply Chain Risk Found in VSCode Marketplace; 100+ Extensions Leaked Access Tokens

Researchers at Wiz have discovered a significant supply chain risk in the popular VSCode and OpenVSX extension marketplaces. They found that publishers of over 100 extensions had inadvertently leaked their access tokens, which could have allowed attackers to h...

Article Updates

UK's NCSC Warns of 'Alarming' Rise in Cyberattacks, Doubling in Past Year

Update:Further analysis of the NCSC's report emphasizes that supply chain vulnerabilities are a critical factor behind the doubling of nationally significant cyberattacks. Experts, including Simon Colvin of Pinsent Masons, point to third-party service providers like...

Clop Ransomware Claims Harvard University Breach, Threatens Data Leak

Update:Clop ransomware has claimed Envoy Air, an American Airlines subsidiary, as a new victim in its ongoing campaign targeting Oracle E-Business Suite (EBS) vulnerabilities. The attack, likely exploiting flaws like CVE-2023-21931, resulted in the exfiltration of bu...

Ransomware Attacks Surge 36% in Q3 2025, Data Stolen in 96% of Cases

Update:The Black Fog Q3 2025 report update reveals an estimated 1,510 unreported ransomware attacks, significantly expanding the known scope of the threat. It highlights that manufacturing and services are the most impacted overall when considering these non-disclose...