Critical WSUS Zero-Day Exploited, Prosper Breach Hits 17.6M, and Iranian APT Deploys 'Phoenix' Backdoor
Summary
This reporting period, October 23-24, 2025, has been marked by significant and active threats. A critical, actively exploited zero-day vulnerability (CVE-2025-59287) in Microsoft's WSUS has prompted an emergency patch and a CISA KEV alert, posing a severe risk to enterprise networks. In the financial sector, a massive data breach at Prosper Marketplace has exposed the highly sensitive personal and financial data of 17.6 million users. Concurrently, nation-state activity surged with an Iranian-linked APT group targeting over 100 government institutions globally using a new 'Phoenix' backdoor. Other major incidents include Google patching its sixth actively exploited Chrome zero-day of the year and multiple high-impact ransomware attacks affecting manufacturing, education, and critical infrastructure sectors.
Today New Articles
Google Patches 6th Actively Exploited Chrome Zero-Day of 2025
Google has issued an emergency security update for its Chrome web browser to address CVE-2025-10585, a high-severity type confusion vulnerability in the V8 JavaScript engine. This marks the sixth time in 2025 that Google has patched a Chrome zero-day vulnerabi...
Agenda Ransomware Evolves, Hits Critical Infrastructure
The Agenda ransomware group, also known as Qilin, is escalating its attacks by targeting critical infrastructure sectors with evolved tactics. According to research from Trend Micro, the ransomware-as-a-service (RaaS) operation is using a cross-platform approa...
Tengu Ransomware Hits Brazilian Education Provider
The Tengu ransomware group has claimed responsibility for a cyberattack against UniCursos, a prominent education provider in Brazil. The attack, which was posted to the group's leak site on October 23, 2025, follows the common double-extortion model, where the...
Ransomware Hits Jewett-Cameron, Steals Financial Data
Jewett-Cameron, an Oregon-based manufacturing and distribution company, has confirmed in an SEC filing that it suffered a ransomware attack on October 15, 2025. The attack caused significant disruption to its business operations and resulted in the theft of se...
Lawsuit Hits SC School District After Ransomware Breach
South Carolina's Lexington-Richland School District 5 (LR5) is facing a class-action lawsuit following a ransomware attack in June 2025 that exposed the personally identifiable information (PII) of over 31,000 students, staff, and alumni. The lawsuit alleges t...
Lazarus Group's 'Operation DreamJob' Targets EU Drone-Makers
The notorious North Korea-linked APT group, Lazarus, is conducting a cyber-espionage campaign dubbed 'Operation DreamJob' targeting European defense and aerospace companies. The campaign specifically focuses on firms involved in Unmanned Aerial Vehicle (UAV) t...
Article Updates
Critical RCE Flaw in WSUS Allows Unauthenticated SYSTEM Takeover
Update:The critical WSUS RCE vulnerability, CVE-2025-59287, previously disclosed with a patch in October 2025, is now confirmed to be actively exploited in the wild. Microsoft has released an emergency out-of-band security update to address this. The U.S. CISA has ad...
Massive Prosper Data Breach Exposes Social Security Numbers of 17.6 Million Users
Update:New details confirm the Prosper data breach exposed additional sensitive PII, including government-issued IDs, dates of birth, employment status, and credit standing, beyond previously reported SSNs and addresses. The attack involved unauthorized parties gaini...
Iran's MuddyWater APT Targets 100+ Governments with Phoenix Backdoor
Update:New intelligence indicates the Iranian APT campaign, leveraging the Phoenix backdoor against over 100 government institutions, has expanded its targeting from primarily MENA to a worldwide scope. Initial access methods now include credential spraying (T1110.00...
Unit 42 Exposes 'Smishing Deluge' from China and 'Jingle Thief' Gift Card Fraud
Update:New intelligence reveals the 'Jingle Thief' group's advanced tactics. Beyond credential stuffing, they now gain initial access via phishing/smishing, then infiltrate corporate Microsoft 365 environments. Attackers move laterally within M365, abusing SharePoint...