Microsoft’s October 2025 Patch Tuesday delivered fixes for 172 vulnerabilities across Windows and related products, including six zero-day flaws (vulnerabilities publicly disclosed or exploited before a patch was available). The updates also address eight “Critical” issues (five remote code execution and three elevation of privilege vulnerabilities) . Notably, this is the final Patch Tuesday that…
Since the second half of September 2025, the National Cybersecurity Response Team of Ukraine (CERT-UA) has observed a new wave of targeted cyberattacks against Ukrainian defense forces and local government institutions.These attacks have been attributed to the UAC-0239 group, believed to be operating on behalf of or in cooperation with Russian threat actors. The attackers…
Executive summary On 2 October 2025, the extortion group Crimson Collective announced on Telegram that it had compromised Red Hat Consulting’s private Git repositories. Reports indicate that the attackers stole approximately 570 GB of compressed data from around 28 000 internal repositories. Among the stolen files were Customer Engagement Reports (CERs), which contain architecture diagrams, configuration details, authentication tokens and network maps. The leak…
On September 12, 2025, the Federal Bureau of Investigation (FBI) issued a FLASH alert detailing the operations of two cybercriminal groups, UNC6040 and UNC6395, which are targeting Salesforce instances to exfiltrate data and extort organizations. This alert, intended for cybersecurity professionals (CERTs, SOC analysts, CISOs), outlines the initial access vectors, data exfiltration techniques, authentication bypass…
On September 9, 2025, Microsoft released security updates addressing over 80 vulnerabilities across Windows operating systems and related software (81 vulnerabilities were patched on this date). Notably, there were no actively exploited “zero-day” vulnerabilities in this month’s update bundle. However, two publicly disclosed vulnerabilities (zero-days) were fixed, meaning they were known to attackers or researchers…
I want to alert you to a major security incident that is currently making waves in the JavaScript community. We are dealing with a software supply chain attack in the npm ecosystem: no fewer than 18 highly popular packages (including chalk and debug) were compromised through a hijacked maintainer account. As a result, malicious versions…
A recent supply-chain attack targeting Salesloft – the provider of a popular AI chatbot integrated with Salesforce – has compromised data from hundreds of companies. Tracked by Google as threat group UNC6395, the attackers stole OAuth access tokens for Salesloft’s Drift chatbot integration and used them between August 8 and August 18, 2025 to illicitly…
Executive SummaryFollowing the actively exploited vulnerability in Citrix NetScaler (CVE-2025-7775), this summary provides an overview of the technical details and the associated risks. The flaw, a critical memory overflow, has been added by CISA to its Known Exploited Vulnerabilities (KEV) catalog due to confirmed in-the-wild exploitation. It allows unauthenticated remote code execution on vulnerable appliances,…
Summary: I analyzed the Vulnerability Summary for the Week of July 21, 2025 published by CISA. This bulletin lists 176 new vulnerabilities discovered that week. In this article, I present all these vulnerabilities in a factual and structured manner, organized by affected product or vendor. For each product, you’ll find the CVE identifier, CVSS severity…
I have reviewed the CISA bulletin of newly reported vulnerabilities for the week of July 14, 2025. It is a compilation of recently discovered flaws, mostly classified as critical (CVSS score 7.0–10.0). As a CERT manager, I am providing here a detailed analysis of these vulnerabilities. I have grouped them by vendor, highlighting each flaw…
