Daily Digest

Microsoft Scrambles to Patch Actively Exploited WSUS Flaw as Qilin Ransomware Surges

October 27, 2025

6 articles (5 new, 1 updated)

18 min read

Summary

In cybersecurity news for October 27, 2025, Microsoft issued an emergency patch for a critical, actively exploited remote code execution vulnerability in Windows Server Update Services (WSUS). Concurrently, reports indicate the Qilin ransomware group has become the most prolific operator of 2025, claiming over 700 victims. Other major incidents include a massive China-linked smishing campaign using over 194,000 domains, active exploitation of a critical flaw in Adobe Commerce, and a series of data breaches affecting the retail and healthcare sectors.

Filter by Category

New Articles (5)

Critical Adobe Commerce Flaw Under Active Exploitation, CISA Warns

CRITICAL

Actively Exploited 'SessionReaper' Vulnerability (CVE-2025-54236) in Adobe Commerce Allows Session Hijacking

A critical improper input validation vulnerability in Adobe Commerce and Magento, tracked as CVE-2025-54236, is being actively exploited in the wild. Dubbed 'SessionReaper,' the flaw allows an unauthenticated remote attacker to hijack user sessions via the REST API, leading to potential web shell deployment and complete store takeover. CISA has added the vulnerability to its KEV catalog, and with reports suggesting over 60% of Magento stores remain unpatched, immediate action is urged for all administrators.

October 27, 2025

5 min read

Session HijackingWeb ShellREST APIKEVImproper Input Validation +2 more

Critical Adobe Commerce Flaw Under Active Exploitation, CISA Warns

Vulnerability

Cyberattack

Data Breach

ChatGPT Flaw Allows 'Memory Poisoning' via CSRF Attack

MEDIUM

New Vulnerability in ChatGPT Atlas Browser Allows Persistent Memory Poisoning and Account Takeover

A novel vulnerability discovered in OpenAI's ChatGPT Atlas web browser allows attackers to perform 'memory poisoning' through a Cross-Site Request Forgery (CSRF) attack. Researchers at LayerX Security found that this flaw can be used to invisibly inject malicious instructions into ChatGPT's persistent 'Memory' feature. These instructions survive across sessions and devices, and can be triggered by a user's normal prompts to execute malicious code, potentially leading to account takeover or malware deployment.

October 27, 2025

4 min read

ChatGPTOpenAICSRFAI SecurityMemory Poisoning +1 more

ChatGPT Flaw Allows 'Memory Poisoning' via CSRF Attack

Vulnerability

Cloud Security

APT-C-60 Escalates 'SpyGlace' Campaign Against Japan

HIGH

South Korea-Linked APT-C-60 Intensifies Cyber-Espionage Against Japan with Updated SpyGlace Backdoor

The South Korea-aligned cyber-espionage group APT-C-60 has significantly intensified its campaign against Japanese organizations in the third quarter of 2025. According to JPCERT/CC and Cyble, the group has deployed at least three new versions of its custom 'SpyGlace' backdoor. The attackers have evolved their tactics, now attaching malicious VHDX files directly to phishing emails and abusing legitimate services like GitHub and StatCounter for stealthy command-and-control communications and malware delivery, making detection more challenging.

October 27, 2025

4 min read

APT-C-60SpyGlaceCyber-EspionageVHDXLiving off the Land +1 more

APT-C-60 Escalates 'SpyGlace' Campaign Against Japan

Threat Actor

Cyberattack

Malware

Data Breaches Hit Toys 'R' Us Canada, Askul, and Verisure

HIGH

Multiple Retail and Service Companies Disclose Data Breaches, Exposing Customer PII

A wave of data breaches has impacted several consumer-facing companies globally. Toys "R" Us Canada has had customer records leaked on the dark web. Japanese retailer Askul suffered a disruptive ransomware attack that halted operations and may have resulted in a data leak. Additionally, Swedish security firm Verisure disclosed a breach affecting 35,000 customers via a third-party vendor, and U.S.-based Jewett-Cameron Trading reported the theft of financial documents.

October 27, 2025

4 min read

Data BreachPIIRansomwareRetailVendor Breach +1 more

Data Breach

Ransomware

Healthcare Sector Rocked by Breaches at ModMed, LifeBridge, and Right at Home

HIGH

Multiple Healthcare Providers and Vendors Announce Data Breaches, Exposing Patient PHI

The healthcare sector continues to be a prime target for cyberattacks, with recent data breaches announced by Electronic Health Record (EHR) provider Modernizing Medicine (ModMed), home healthcare provider Right at Home, and Baltimore-based LifeBridge Health. The incidents, which include a ransomware attack claimed by the Sinobi group and a third-party breach via Oracle Health, have exposed a vast range of sensitive Protected Health Information (PHI), including Social Security numbers, medical diagnoses, and financial data.

October 27, 2025

4 min read

HealthcareData BreachPHIHIPAARansomware +2 more

Healthcare Sector Rocked by Breaches at ModMed, LifeBridge, and Right at Home

Data Breach

Ransomware

Regulatory

Updated Articles (1)

Ransomware Attacks Surge 50% in 2025; Qilin Group Takes the Lead

HIGH

Ransomware Landscape Shifts as Attacks Increase 50% in 2025, with Qilin and The Gentlemen Emerging as Dominant Threats

Update:

The Qilin ransomware group's victim count has dramatically increased to 701 by late October, up from 441, making it the most prolific group of 2025. This surge is attributed to absorbing affiliates from the defunct RansomHub operation. High-profile attacks include Synnovis ($44M cost), Shamir Medical Center (8TB data theft), and disruptions to French high schools, highlighting increased financial and operational damages across critical sectors like healthcare and manufacturing. The group's expanded reach and impact signify a heightened threat landscape.

October 25, 2025

Updated: October 27, 2025

5 min read

RansomwareQilinThe GentlemenPowerShellIndustrial Sector +2 more

Ransomware

Threat Actor

Threat Intelligence

📢 Share This Publication

Help others stay informed about cybersecurity threats