CISA Issues Emergency Directive for Actively Exploited Microsoft WSUS Flaw; Ransomware Surges 50% in 2025

Publication Date: October 25, 2025

Summary

This cybersecurity brief for October 25, 2025, covers critical developments, led by an emergency CISA directive for an actively exploited remote code execution vulnerability (CVE-2025-59287) in Microsoft's Windows Server Update Service (WSUS). Other major stories include Microsoft's massive October Patch Tuesday fixing 193 flaws and six zero-days, a reported 50% surge in ransomware attacks in 2025 driven by new groups like Qilin, the resurgence of the LockBit ransomware gang with a new 'LockBit 5.0' variant, and a massive 'Smishing Triad' campaign using over 194,000 malicious domains. Global policy shifts are also noted, with the UK and Singapore launching a supply chain security initiative and the UN finalizing its Convention against Cybercrime.

Today New Articles

Google Issues Emergency Patch for Critical Chrome RCE Flaw Found by AI

Google has released an emergency security update for the Chrome browser, addressing a critical remote code execution (RCE) vulnerability in its V8 JavaScript engine. The flaw, tracked as CVE-2025-12036, was discovered by Google's internal AI-driven research pr...

Nation-State and Financial Cybercrime Blur as Industrial Sector Becomes Top Target

A new report from Trellix reveals a significant convergence between the tactics of nation-state actors and financially motivated cybercriminals, with both increasingly leveraging AI-powered tools. The industrial sector has emerged as the most targeted industry...

India Enacts New Telecom Cybersecurity Rules for IMEI and Mobile Number Validation

India's Ministry of Communications has enacted new cybersecurity regulations for its telecommunications sector, effective October 22, 2025. The 'Telecommunications (Telecom Cyber Security) Amendment Rules, 2025' introduce two key measures: the establishment of...

UN Convention Against Cybercrime Signed in Hanoi Amid Global Endorsement and Controversy

In a landmark event in Hanoi, Vietnam, representatives from nearly 100 UN member states have signed the United Nations Convention against Cybercrime. Adopted by the UN General Assembly in December 2024, this treaty, also known as the Hanoi Convention, establis...

EU Accuses Meta and TikTok of Breaching Digital Services Act Transparency Rules

The European Commission has issued preliminary findings that Meta's platforms (Facebook and Instagram) and TikTok have breached their obligations under the Digital Services Act (DSA). The Commission alleges the companies failed to provide adequate access to pu...

Article Updates

Patch Now: Microsoft Fixes 170+ Flaws, Including Four Actively Exploited Zero-Days

Update:Microsoft's October 2025 Patch Tuesday has been updated to address a total of 193 vulnerabilities, an increase from the initial report, and now includes fixes for six zero-day vulnerabilities, with four still actively exploited. New CVEs mentioned include CVE-...

Ransomware Attacks on Critical Industries Skyrocket by 34%, KELA Reports

Update:New data from Cyble indicates a 50% year-over-year increase in ransomware attacks in 2025, with over 5,000 incidents recorded by late October. This is an escalation from the previously reported 34% increase. The Qilin group has solidified its position as the m...

UK Gov & NCSC Issue Urgent Warning to FTSE 350 Boards on Cyber Resilience

Update:The UK, alongside Singapore, has unveiled a new international framework to combat supply chain ransomware, endorsed by 67 Counter Ransomware Initiative members. This guidance provides actionable steps for organizations globally to assess supplier security, imp...