Daily Digest

Ransomware Surges, JLR Hack Costs UK £1.9B, and 'GlassWorm' Hits Developers in Widespread Attacks

Ransomware Surges, JLR Hack Costs UK £1.9B, and 'GlassWorm' Hits Developers in Widespread Attacks

October 22, 2025
4 articles (4 new)
12 min read

Summary

This cybersecurity advisory for October 21-22, 2025, covers a dramatic 34% surge in ransomware attacks against global critical infrastructure, with the U.S. being the top target. A separate analysis reveals the staggering economic fallout of a cyberattack on Jaguar Land Rover, costing the UK economy an estimated £1.9 billion. A sophisticated new worm, 'GlassWorm', is spreading through the VS Code ecosystem using invisible code to infect developers. Additionally, critical vulnerabilities have been disclosed in the Netty Java library and Oracle's E-Business Suite, while the UK government issues an urgent call for businesses to bolster defenses.

Filter by Category

New Articles (4)

Critical Netty Zero-Day Bypasses All Major Email Authentication

CRITICAL

CVE-2025-59419: Critical SMTP Injection Flaw in Netty Library Allows Full Bypass of SPF, DKIM, and DMARC

A critical zero-day vulnerability, CVE-2025-59419, has been discovered in the widely used Netty Java library, affecting countless applications that handle email. The flaw allows an unauthenticated attacker to perform SMTP injection by embedding carriage return and line feed characters into email commands. This enables them to bypass standard email authentication defenses like SPF, DKIM, and DMARC, making it possible to send highly convincing spoofed emails that appear to originate from trusted domains. A patch is available and should be applied immediately.

October 22, 2025
6 min read
CVE-2025-59419NettyJavazero-dayvulnerability +3 more
Critical Netty Zero-Day Bypasses All Major Email Authentication

Iran's MuddyWater APT Targets 100+ Governments with Phoenix Backdoor

HIGH

MuddyWater Cyber-Espionage Campaign Uses Compromised Mailbox and Macros to Deploy Phoenix v4 Backdoor

The Iranian state-sponsored threat group MuddyWater is conducting a large-scale cyber-espionage campaign targeting over 100 government entities, primarily in the Middle East and North Africa (MENA). According to Group-IB, the attackers are using phishing emails sent from a compromised mailbox, leveraging the NordVPN service for anonymity. The emails contain malicious Word documents that use macros to deploy version 4 of the 'Phoenix' backdoor, a payload designed for foreign intelligence gathering. The campaign highlights the group's return to classic macro-based attack vectors.

October 22, 2025
6 min read
MuddyWaterAPTIranPhoenixcyber-espionage +3 more
Iran's MuddyWater APT Targets 100+ Governments with Phoenix Backdoor

Patch Now: Critical RCE Flaws in Oracle E-Business Suite Marketing Module

CRITICAL

Oracle Patches Two Critical 9.8 CVSS RCE Flaws (CVE-2025-53072, CVE-2025-62481) in E-Business Suite

Oracle has issued urgent patches for two critical, unauthenticated remote code execution (RCE) vulnerabilities in its E-Business Suite. The flaws, CVE-2025-53072 and CVE-2025-62481, both carry a CVSS score of 9.8 and affect the Oracle Marketing module. An attacker with network access can exploit these vulnerabilities via a simple HTTP request, without any user interaction, to achieve a full takeover of the marketing component. Oracle urges customers using affected versions (12.2.3 through 12.2.14) to apply the October 2025 Critical Patch Update immediately.

October 22, 2025
5 min read
CVE-2025-53072CVE-2025-62481OracleE-Business SuiteRCE +2 more
Patch Now: Critical RCE Flaws in Oracle E-Business Suite Marketing Module

Pwn2Own Day 1: Hackers Net $522K for 34 Zero-Days in SOHO Devices

HIGH

Pwn2Own Ireland 2025 Day 1 Sees Researchers Earn $522,500 for 34 Zero-Days Across Printers, NAS, and Routers

The first day of Trend Micro's Pwn2Own Ireland 2025 competition was a resounding success for security researchers, who earned a total of $522,500 for demonstrating 34 unique zero-day vulnerabilities. In a stunning display, every single one of the 17 scheduled attempts against popular SOHO devices—including printers, NAS devices, and smart home products from brands like QNAP, Synology, Canon, and HP—was successful. The highlight was a complex 'SOHO Smashup' that chained eight bugs to compromise a router and a NAS device.

October 22, 2025
5 min read
Pwn2Ownzero-dayvulnerabilityhackingIoT +2 more
Pwn2Own Day 1: Hackers Net $522K for 34 Zero-Days in SOHO Devices

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.