Critical Vulnerabilities and Phishing Campaigns Dominate Cybersecurity Headlines

Major Threats & Vulnerabilities

Zero-Day and Actively Exploited Vulnerabilities

A critical vulnerability in Oracle WebLogic allows unauthenticated remote access through the proxy layer. Oracle advises immediate patching, placing affected components behind a WAF, and tightening access controls.

A severe flaw in GNU InetUtils telnetd (versions 1.9.3–2.7) enables passwordless root access. Organizations should disable Telnet, migrate to SSH, or patch and restrict access if Telnet must remain.

Apple patched two zero-click WebKit vulnerabilities that allowed silent compromise of iPhones and iPads via malicious web content. These flaws were actively exploited in the wild.

Cisco Secure Email appliances are under active attack via CVE-2025-20393, a remote code execution flaw granting root access. Cisco urges patching and recommends removing Spam Quarantine from public access and forwarding logs for monitoring.

Fortinet FortiSIEM is affected by CVE-2025-64155, a command injection vulnerability being exploited via TCP port 7900. Attackers can write arbitrary files and escalate privileges. A patch is available.

Cloud and Infrastructure Vulnerabilities

Azure DNS behavior involving Private Endpoints can cause silent DoS-style outages. Microsoft has issued partial guidance; best practices include using NxDomainRedirect and monitoring DNS zones.

Windows Admin Center has a vulnerability in Azure SSO that allows attackers to impersonate admins using stolen tokens, enabling tenant-wide compromise. A patch has been issued.

Windows Remote Assistance contains a flaw that allows crafted files to bypass Mark-of-the-Web protections, making phishing attacks more effective. No active exploitation has been reported.

Software Supply Chain and Development Risks

AWS CodeBuild was found vulnerable to CI/CD repository hijacking, allowing attackers to inject malicious code into GitHub repos. AWS attributed the issue to misconfigurations and confirmed no customer impact.

Go language updates addressed six core library vulnerabilities and two toolchain flaws that could lead to DoS or code execution. Users should upgrade to Go 1.25.6 or 1.24.12.

Industry News

Phishing Campaigns and Social Engineering

LastPass users are being targeted by phishing emails urging them to “backup now,” tricking them into revealing master passwords. The campaign uses spoofed infrastructure and urgency tactics.

LinkedIn messages are being used to deliver malware via DLL sideloading, leveraging trusted processes and weaponized WinRAR SFX files for persistence.

Phishing kits are evolving into SaaS-like platforms, using adversary-in-the-middle (AiTM) techniques and reverse proxies to steal session tokens and bypass MFA protections.

Malware Campaigns and Browser Threats

The GhostPoster malware campaign leveraged 17 browser extensions with over 840,000 installs. These extensions used stealthy techniques like hiding code in PNG icons and delaying malicious activity to evade detection.

Policy and Regulatory Developments

The EU Cybersecurity Act is being updated to potentially exclude high-risk third-country suppliers from critical sectors, prompting organizations to reassess vendor relationships and procurement strategies.

Kaiser Permanente agreed to a $46 million settlement over allegations that website tracking tools leaked patient interaction data to third parties, highlighting the risks of third-party scripts in healthcare environments.

Nation-State and Hacktivist Threats

The UK’s NCSC warns of increasing activity from Russian-aligned hacktivists, who are escalating from DDoS attacks to targeting online services and operational technology.

Security Tips & Best Practices

Web and Application Security

To protect internet-facing web servers, organizations should keep systems updated, remove unused services, restrict admin access, enforce MFA, use strong TLS, apply security headers, and deploy a WAF.

Cloud and Identity Security

To protect cloud tenants from lateral movement, enforce least privilege with RBAC and PIM, require MFA and Conditional Access, segment networks, lock down admin ports, and monitor for identity anomalies.

Third-Party and OAuth Security

To secure third-party app access, enforce allowlisting, use least-privilege OAuth scopes, inventory and remove unused integrations, and monitor with CASB or SSPM tools.

Defending Against Hacktivist Disruption

To defend against hacktivist attacks, use CDN/WAF, upstream DDoS scrubbing, DNS protections, and rate limiting. Secure admin portals with VPNs or jump hosts, enforce MFA, and rehearse failover plans.

Tools & Resources

CISA and international partners released a playbook for securing AI in operational technology environments. It addresses risks like model drift and safety bypasses and recommends governance, validation, and safety integration.

If you want to see more from our Newsletter Archive please click here.