PhantomRaven Supply Chain Attack Hits npm; Conduent Breach Exposes 10.5M; CISA Flags Actively Exploited Flaws

Publication Date: October 31, 2025

Summary

This cybersecurity brief for October 31, 2025, covers a surge in sophisticated threats. Highlights include the 'PhantomRaven' supply chain attack on npm using novel evasion techniques, a massive data breach at Conduent affecting 10.5 million individuals, and CISA adding critical, actively exploited vulnerabilities in XWiki and VMware to its KEV catalog. Other major incidents include a prolonged nation-state breach at a key telecom provider, a significant Azure outage, and escalating ransomware campaigns from the Qilin group.

Today New Articles

CISA KEV Alert: XWiki RCE Flaw Actively Exploited for Cryptomining

The US Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution (RCE) vulnerability in the XWiki enterprise wiki platform, CVE-2025-24893, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, rated 9.8 on th...

VMware Zero-Day LPE Flaw Exploited by China-Linked Actor Added to CISA KEV

CISA has added CVE-2025-41244, a high-severity local privilege escalation (LPE) vulnerability in VMware products, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw affects VMware Aria Operations and VMware Tools and allows a non-administrative use...

Finance Execs Targeted in Sophisticated LinkedIn Phishing Scheme with Fake Board Invites

A sophisticated phishing campaign is targeting finance executives through LinkedIn direct messages, using fake invitations to an executive board as a lure. The multi-stage attack, detailed by Push Security, aims to harvest Microsoft credentials and session coo...

Telecom Giant Ribbon Communications Breached by Nation-State Actor for 10 Months

Telecommunications provider Ribbon Communications has disclosed a significant security breach by a suspected nation-state actor. According to an SEC filing, the attackers first gained access in December 2024 and remained undetected for nearly a year until Sept...

Canada Issues National Alert as Hacktivists Target Critical Infrastructure

The Canadian Centre for Cyber Security, along with the RCMP, has issued a national alert warning of increasing cyberattacks by hacktivists against the nation's critical infrastructure. The advisory follows multiple successful breaches of internet-accessible In...

Article Updates

Qilin Ransomware Claims 700 Victims in 2025, Becoming Top Global Threat

Update:A new Cisco Talos report provides updated insights into the Qilin ransomware group's TTPs. The manufacturing sector is now identified as the most heavily targeted, accounting for 23% of attacks. Qilin affiliates are observed using legitimate tools like Cyberdu...

Conduent Data Breach: 10 Million+ Individuals' Personal & Medical Data Exposed

Update:New details reveal the Conduent data breach, affecting 10.5 million individuals, is attributed to the SafePay ransomware group. Attackers exfiltrated a massive 8.5 terabytes of sensitive data, including SSNs and medical records, leading to $25 million in direc...