Daily Digest

CISA Issues Emergency Directive for Actively Exploited Microsoft WSUS Flaw; Ransomware Surges 50% in 2025

CISA Issues Emergency Directive for Actively Exploited Microsoft WSUS Flaw; Ransomware Surges 50% in 2025

October 25, 2025
8 articles (5 new, 3 updated)
24 min read

Summary

This cybersecurity brief for October 25, 2025, covers critical developments, led by an emergency CISA directive for an actively exploited remote code execution vulnerability (CVE-2025-59287) in Microsoft's Windows Server Update Service (WSUS). Other major stories include Microsoft's massive October Patch Tuesday fixing 193 flaws and six zero-days, a reported 50% surge in ransomware attacks in 2025 driven by new groups like Qilin, the resurgence of the LockBit ransomware gang with a new 'LockBit 5.0' variant, and a massive 'Smishing Triad' campaign using over 194,000 malicious domains. Global policy shifts are also noted, with the UK and Singapore launching a supply chain security initiative and the UN finalizing its Convention against Cybercrime.

Filter by Category

New Articles (5)

Google Issues Emergency Patch for Critical Chrome RCE Flaw Found by AI

CRITICAL

Google Patches Critical Remote Code Execution Vulnerability (CVE-2025-12036) in Chrome's V8 Engine

Google has released an emergency security update for the Chrome browser, addressing a critical remote code execution (RCE) vulnerability in its V8 JavaScript engine. The flaw, tracked as CVE-2025-12036, was discovered by Google's internal AI-driven research project, 'Big Sleep.' Successful exploitation could allow an attacker to execute arbitrary code on a user's system by tricking them into visiting a malicious website. The patch has been rolled out for Windows, macOS, and Linux users, who are urged to update their browsers immediately to mitigate the high-severity threat.

October 25, 2025
4 min read
Google ChromeV8RCECVE-2025-12036Vulnerability +2 more
Google Issues Emergency Patch for Critical Chrome RCE Flaw Found by AI
Vulnerability
Patch Management

Nation-State and Financial Cybercrime Blur as Industrial Sector Becomes Top Target

HIGH

Trellix Report: Nation-State Espionage and Financial Cybercrime Converge, with Industrial Sector as Primary Target

A new report from Trellix reveals a significant convergence between the tactics of nation-state actors and financially motivated cybercriminals, with both increasingly leveraging AI-powered tools. The industrial sector has emerged as the most targeted industry, accounting for over 36% of attacks analyzed between April and September 2025. The research highlights the dominance of PowerShell as a key attack tool, used in nearly 78% of ransomware campaigns. The United States remains the most targeted nation, and the ransomware landscape is highly fragmented, with the top five groups accounting for less than 40% of all incidents.

October 25, 2025
5 min read
Threat IntelligenceTrellixAPTCybercrimeIndustrial Sector +2 more
Nation-State and Financial Cybercrime Blur as Industrial Sector Becomes Top Target
Threat Intelligence
Threat Actor
Industrial Control Systems

India Enacts New Telecom Cybersecurity Rules for IMEI and Mobile Number Validation

INFORMATIONAL

India Implements Telecommunications (Telecom Cyber Security) Amendment Rules, 2025

India's Ministry of Communications has enacted new cybersecurity regulations for its telecommunications sector, effective October 22, 2025. The 'Telecommunications (Telecom Cyber Security) Amendment Rules, 2025' introduce two key measures: the establishment of a centralized Mobile Number Validation (MNV) platform to secure digital communications, and stricter controls on International Mobile Equipment Identity (IMEI) numbers. The new IMEI rules prohibit the assignment of already-used IMEIs to new devices and mandate that sellers and buyers of used devices verify the IMEI against a national database to combat theft and tampering.

October 25, 2025
4 min read
IndiaRegulationPolicyCybersecurityIMEI +1 more
India Enacts New Telecom Cybersecurity Rules for IMEI and Mobile Number Validation
Regulatory
Policy and Compliance
Mobile Security

UN Convention Against Cybercrime Signed in Hanoi Amid Global Endorsement and Controversy

INFORMATIONAL

Nearly 100 Nations Sign UN Convention against Cybercrime in Hanoi

In a landmark event in Hanoi, Vietnam, representatives from nearly 100 UN member states have signed the United Nations Convention against Cybercrime. Adopted by the UN General Assembly in December 2024, this treaty, also known as the Hanoi Convention, establishes the first global legal framework for international cooperation in combating a wide array of online crimes, including fraud, child exploitation, and money laundering. While hailed as a milestone by the UN Secretary-General, the event drew criticism from rights groups over the choice of Vietnam as the host, and a major tech industry group, the Cybersecurity Tech Accord, declined to attend.

October 25, 2025
4 min read
United NationsCybercrimePolicyLawInternational Cooperation +1 more
UN Convention Against Cybercrime Signed in Hanoi Amid Global Endorsement and Controversy
Policy and Compliance
Regulatory

EU Accuses Meta and TikTok of Breaching Digital Services Act Transparency Rules

INFORMATIONAL

European Commission Finds Meta and TikTok in Preliminary Breach of Digital Services Act (DSA)

The European Commission has issued preliminary findings that Meta's platforms (Facebook and Instagram) and TikTok have breached their obligations under the Digital Services Act (DSA). The Commission alleges the companies failed to provide adequate access to public data for researchers, hindering independent scrutiny of their platforms. Furthermore, Meta is accused of using 'dark patterns' and creating a burdensome process for users to report illegal content. These are initial findings, and both companies will have the opportunity to respond and propose remedies before any final decision or penalties are imposed.

October 25, 2025
4 min read
EUDigital Services ActDSAMetaTikTok +3 more
EU Accuses Meta and TikTok of Breaching Digital Services Act Transparency Rules
Regulatory
Policy and Compliance

Updated Articles (3)

Patch Now: Microsoft Fixes 170+ Flaws, Including Four Actively Exploited Zero-Days

CRITICAL

Microsoft's October 2025 Patch Tuesday Addresses Over 170 Vulnerabilities, Including Four Zero-Days Under Active Exploitation

Update:

Microsoft's October 2025 Patch Tuesday has been updated to address a total of 193 vulnerabilities, an increase from the initial report, and now includes fixes for six zero-day vulnerabilities, with four still actively exploited. New CVEs mentioned include CVE-2025-55680 (Cloud Files Mini Filter EoP) and CVE-2025-55692/55694 (Windows Error Reporting EoP). A critical development is the clarification that CVE-2025-59287 (WSUS RCE) received an urgent out-of-band fix that superseded the initial October patch. Most notably, this update marks the end of the support lifecycle for Windows 10, posing a significant security risk for unmigrated devices. Additionally, Adobe released patches for 36 vulnerabilities across its product line.

October 16, 2025
Updated: October 25, 2025
5 min read
Patch TuesdayMicrosoftZero-DayVulnerabilityCVE-2025-24990 +5 more
Patch Now: Microsoft Fixes 170+ Flaws, Including Four Actively Exploited Zero-Days
Patch Management
Vulnerability

Ransomware Attacks on Critical Industries Skyrocket by 34%, KELA Reports

HIGH

KELA Report Finds Ransomware Attacks on Critical Infrastructure Surged 34% in 2025, with U.S. as Top Target

Update:

New data from Cyble indicates a 50% year-over-year increase in ransomware attacks in 2025, with over 5,000 incidents recorded by late October. This is an escalation from the previously reported 34% increase. The Qilin group has solidified its position as the market leader, responsible for a significant portion of recent attacks. A key development in attacker tactics is the widespread adoption of PowerShell, used in nearly 78% of observed campaigns for payload execution. Other prevalent tools include PsExec for lateral movement and SoftPerfect Network Scanner for reconnaissance, indicating a strong 'Living off the Land' approach by threat actors.

October 21, 2025
Updated: October 25, 2025
5 min read
RansomwareKELACriticalInfrastructureQilinClop +2 more
Ransomware Attacks on Critical Industries Skyrocket by 34%, KELA Reports
Ransomware
Threat Intelligence
Cyberattack

UK Gov & NCSC Issue Urgent Warning to FTSE 350 Boards on Cyber Resilience

INFORMATIONAL

NCSC and UK Government Urge FTSE 350 to Make Cyber Resilience a Board-Level Priority Amid 50% Rise in Major Incidents

Update:

The UK, alongside Singapore, has unveiled a new international framework to combat supply chain ransomware, endorsed by 67 Counter Ransomware Initiative members. This guidance provides actionable steps for organizations globally to assess supplier security, implement contractual obligations, monitor continuously, and plan for incident response. This expands on previous UK domestic warnings, emphasizing a collective, global approach to a critical and escalating threat, as highlighted by incidents like the Synnovis attack, and provides a more detailed framework for action.

October 22, 2025
Updated: October 25, 2025
5 min read
NCSCUKcyber resiliencegovernanceboard responsibility +2 more
UK Gov & NCSC Issue Urgent Warning to FTSE 350 Boards on Cyber Resilience
Policy and Compliance
Regulatory
Security Operations

📢 Share This Publication

Help others stay informed about cybersecurity threats