Daily Digest

Ransomware Automation Slashes Attack Times to Minutes; Supply Chain Overconfidence Creates Massive Risk

Ransomware Automation Slashes Attack Times to Minutes; Supply Chain Overconfidence Creates Massive Risk

October 23, 2025
7 articles (5 new, 2 updated)
21 min read

Summary

In cybersecurity news for October 23, 2025, the threat landscape is defined by escalating speed and systemic risk. A new report reveals ransomware groups are using automation to compress attack timelines to just 18 minutes from initial access to lateral movement. Simultaneously, another study highlights a dangerous overconfidence in supply chain security, with 94% of firms feeling prepared despite a third failing to conduct basic supplier risk assessments. This is underscored by the staggering £1.9 billion economic cost of the Jaguar Land Rover hack, which cascaded through 5,000 supply chain organizations. Regulators are responding, with New York's DFS issuing new guidance on third-party risk. Meanwhile, CISA has added another actively exploited vulnerability to its KEV catalog, demanding immediate action from federal agencies.

Filter by Category

New Articles (5)

NY Regulator Puts Financial Firms on Notice: You Are Accountable for Your Vendors' Security

MEDIUM

New York DFS Issues Formal Guidance on Managing Third-Party Cybersecurity Risk

The New York State Department of Financial Services (DFS) has issued new guidance for financial institutions, emphasizing their ultimate accountability for managing cybersecurity risks originating from third-party service providers (TPSPs). The regulator warned that as firms increasingly rely on cloud computing, AI, and fintech solutions from vendors, their exposure to threats grows. The guidance explicitly states that boards of directors and senior officers must possess sufficient cybersecurity knowledge to oversee and challenge management's third-party risk strategies. DFS Acting Superintendent Kaitlin Asrow stressed that regulated entities cannot outsource their responsibility for protecting consumer data and ensuring operational security.

October 23, 2025
5 min read
NYDFSRegulationComplianceThird-Party Risk ManagementFinancial Services +1 more
NY Regulator Puts Financial Firms on Notice: You Are Accountable for Your Vendors' Security
Regulatory
Policy and Compliance
Supply Chain Attack

Unit 42 Exposes 'Smishing Deluge' from China and 'Jingle Thief' Gift Card Fraud

MEDIUM

Palo Alto Networks' Unit 42 Details Global Smishing Campaign and Cloud-Based Gift Card Fraud

Researchers at Palo Alto Networks' Unit 42 have detailed two distinct and significant cybercrime operations. The first, a massive smishing campaign dubbed 'The Smishing Deluge,' is attributed to a China-based threat actor and is flooding mobile users globally with malicious SMS messages. The second campaign, named 'Jingle Thief,' is a sophisticated cloud-based operation focused on automating the theft and monetization of gift cards. These findings, highlighted in Unit 42's October Threat Bulletin, showcase the diverse tactics of modern criminals, from large-scale social engineering to highly targeted financial fraud.

October 23, 2025
5 min read
SmishingPhishingFraudGift CardUnit 42 +2 more
Unit 42 Exposes 'Smishing Deluge' from China and 'Jingle Thief' Gift Card Fraud
Phishing
Threat Intelligence
Cloud Security

Healthcare Breaches Seem to Drop, But Government Shutdown Hides True Numbers

MEDIUM

September Healthcare Data Breach Numbers Artificially Low Due to HHS Shutdown, HIPAA Journal Warns

Official data for September 2025 shows only 26 major healthcare data breaches, the lowest monthly total since 2018. However, The HIPAA Journal cautions that this apparent decline is misleading. A US government shutdown has largely halted the HHS's Office for Civil Rights (OCR) from processing and updating its public breach portal. The 26 reported breaches affected over 1.29 million individuals, with hacking incidents accounting for 98.8% of the exposed records. Experts believe the true number of breaches for September is significantly higher and will be reflected in a surge of reports once the OCR resumes normal operations.

October 23, 2025
5 min read
HIPAAHealthcareData BreachHHSOCR +2 more
Healthcare Breaches Seem to Drop, But Government Shutdown Hides True Numbers
Data Breach
Regulatory
Policy and Compliance

Palomar Health Breach Exposes Highly Sensitive Patient Data, Including Biometrics

HIGH

Palomar Health Medical Group Discloses Data Breach Exposing Patient Biometric and Financial Data

Palomar Health Medical Group (PHMG), a California-based healthcare provider, has announced it was the victim of a cybersecurity incident that exposed sensitive patient data. The compromised information includes not only names and personal identifiers but also highly sensitive data types such as biometric data, U.S. alien registration numbers, and financial account information. The full scope of the breach, including the number of affected patients, has not yet been disclosed. The national class action law firm Lynch Carpenter is now investigating claims against PHMG, signaling significant legal and financial fallout for the provider.

October 23, 2025
5 min read
Data BreachHealthcareBiometric DataHIPAAPalomar Health +1 more
Palomar Health Breach Exposes Highly Sensitive Patient Data, Including Biometrics
Data Breach
Regulatory

CISA Orders Federal Agencies to Patch New Actively Exploited Vulnerability

HIGH

CISA Adds New Vulnerability to Known Exploited Vulnerabilities (KEV) Catalog, Mandating Federal Patching

On October 22, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a new, unspecified vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. This action confirms that the flaw is being actively exploited in the wild by malicious actors. Under Binding Operational Directive (BOD) 22-01, all Federal Civilian Executive Branch (FCEB) agencies are now required to remediate this vulnerability by a specific deadline to protect federal networks. While the CVE identifier was not immediately released, the alert serves as a critical warning to all organizations to prioritize its patching.

October 23, 2025
5 min read
CISAKEVVulnerabilityPatch ManagementBOD 22-01 +1 more
CISA Orders Federal Agencies to Patch New Actively Exploited Vulnerability
Vulnerability
Patch Management
Regulatory

Updated Articles (2)

CrowdStrike: 76% of Organizations Can't Keep Pace with AI-Powered Ransomware

INFORMATIONAL

AI-Powered Ransomware Outpacing Defenses, CrowdStrike's 2025 State of Ransomware Survey Warns

Update:

A new ReliaQuest report reveals ransomware 'breakout time' (initial access to lateral movement) has plummeted to just 18 minutes, down from 48 minutes in 2024. This dramatic acceleration is driven by 80% of Ransomware-as-a-Service groups leveraging automation and AI, exemplified by groups like Qilin and LockBit 5.0. This shrinking window renders human-speed incident response obsolete, demanding automated detection and response capabilities to counter the hyper-efficient, automated attack chains.

October 21, 2025
Updated: October 23, 2025
5 min read
AIRansomwareCrowdStrikeCybersecuritySurveyThreatIntelligence +1 more
CrowdStrike: 76% of Organizations Can't Keep Pace with AI-Powered Ransomware
Threat Intelligence
Ransomware
Other

UK's NCSC Warns of Doubling 'Nationally Significant' Cyberattacks, Cites Supply Chain Risk

HIGH

UK NCSC Sounds Alarm as Significant Cyber Incidents Double, Highlighting Supply Chain Vulnerabilities

Update:

A new NCC Group report, 'The State of Supply Chain Security,' highlights a dangerous paradox: 94% of cybersecurity decision-makers are confident in their ability to respond to supply chain attacks, but 34% fail to conduct regular supplier risk assessments. This widespread overconfidence creates significant vulnerabilities, as threat actors increasingly exploit less secure third-party vendors. The report details specific MITRE ATT&CK TTPs like T1195.002 (Compromise Software Supply Chain) and T1133 (External Remote Services), alongside D3FEND techniques for detection and mitigation. It also provides cyber observables for proactive threat hunting, emphasizing the critical need for robust Third-Party Risk Management (TPRM) programs and mandatory MFA to counter this escalating threat.

October 18, 2025
Updated: October 23, 2025
4 min read
NCSCUKSupply Chain AttackCybersecurityThreat Intelligence +1 more
UK's NCSC Warns of Doubling 'Nationally Significant' Cyberattacks, Cites Supply Chain Risk
Supply Chain Attack
Policy and Compliance
Cyberattack

📢 Share This Publication

Help others stay informed about cybersecurity threats