Ticker feed

A researcher has released working exploit code for CVE-2025-59287, a critical Windows Server Update Services vulnerability that lets attackers execute code remotely without authentication. The flaw affects all Windows Server versions from 2012 to 2025 and scores 9.8 out of 10 for severity.

The bug stems from unsafe data handling in WSUS's cookie processing system. Attackers can send malicious requests to port 8530, triggering code execution with full system privileges. Microsoft warns the vulnerability is "wormable," meaning it could spread across networks automatically.

With public exploit code now available on GitHub, unpatched WSUS servers face immediate risk. Organizations should apply Microsoft's October 2025 security updates immediately and restrict network access to WSUS servers until patching is complete.

Source: Cyber Security News

Renault UK suffered a cyber attack through a third-party data provider, exposing customer names, addresses, birth dates, phone numbers, and vehicle details. The car manufacturer emphasized that no financial information or passwords were compromised in what they called an "isolated incident."

Unlike Jaguar Land Rover's recent attack that shut down UK production, Renault's manufacturing operations remain unaffected since their own systems weren't breached. The company is contacting affected customers and has notified authorities, though they won't reveal how many people were impacted.

This marks another major automotive cyber attack following JLR's August breach, highlighting the growing threat to car companies' data security.

Source: Sky News

European authorities dismantled "SIMCARTEL," a sophisticated cybercrime operation that used 40,000 SIM cards to facilitate phishing attacks and fraud across more than 80 countries. The October 10 raids in Austria, Estonia, and Latvia resulted in seven arrests and seizure of 1,200 SIM box devices.

The network created 49 million fake accounts for social media and communication platforms, enabling criminals to hide their identities while conducting scams. Investigators linked the operation to over 3,200 fraud cases, including investment scams and fake emergencies, causing $5.8 million in losses.

Authorities seized luxury vehicles, froze $833,000 in accounts, and shut down servers supporting the criminal infrastructure. The case highlights the growing threat of SIM farms worldwide.

Source: CyberScoop

Tim Brown, SolarWinds' chief information security officer, lived through a nightmare when Russian hackers infiltrated his company's software in December 2020. The attack compromised 18,000 clients including the US Treasury and Commerce departments through tainted Orion network monitoring software.

Brown lost 25 pounds in 20 days from stress, appearing on major news outlets while coordinating the global response. The company had to abandon email, bring staff into the office during COVID, and spend six months rebuilding security systems.

The fallout was severe: lawsuits, SEC charges against Brown personally, and a $26 million settlement. The stress eventually triggered a heart attack when Brown learned he was being charged. Despite everything, he stayed with SolarWinds, saying "it happened on my watch."

Source: The Guardian

Russia, China, Iran, and North Korea have dramatically escalated their use of AI in cyberattacks against the United States, according to Microsoft's latest threat report. The tech giant identified over 200 instances of AI-generated fake content in July alone—double the previous year and ten times higher than 2023.

These adversaries are using AI to create sophisticated phishing emails, generate digital clones of government officials, and automate attacks on critical infrastructure like hospitals and transportation networks. The US remains the top global target, followed by Israel and Ukraine.

Microsoft warns this represents a "pivotal moment" as outdated cyber defenses struggle against rapidly evolving AI-enhanced threats. The company urges immediate investment in cybersecurity basics to counter these escalating digital dangers.

Source: Security Week

Microsoft disrupted a major ransomware operation by revoking over 200 digital certificates that cybercriminals were using to make malware look legitimate. The Vanilla Tempest group, also known as Vice Society, created fake Microsoft Teams installers that appeared authentic thanks to stolen certificates from Microsoft's own Azure service and other providers like DigiCert and GlobalSign.

The scammers hosted these fake installers on domains like teams-download[.]buzz and used search engine tricks to lure victims. When users downloaded what they thought was Teams, they actually got the "Oyster" backdoor, which later delivered Rhysida ransomware. Vanilla Tempest has previously targeted schools and hospitals, though their latest victims remain unclear.

Source: Dark Reading

Russian cyber-attacks against NATO countries jumped 25% over the past year, with Microsoft's analysis showing nine of the ten most targeted nations are alliance members. The US faced 20% of attacks, followed by the UK at 12% and Ukraine at 11%. Government agencies bore the brunt, accounting for a quarter of all strikes, with research institutions and think tanks also heavily targeted.

Experts warn this reflects Russia's broader "hybrid warfare" strategy using unconventional tactics like drone incursions and sabotage. Recent incidents include 19 Russian drones crossing into Poland and fighter jets violating Estonian airspace. Microsoft noted Russia increasingly leverages its cybercriminal networks as proxies, particularly ransomware groups that have crippled businesses worldwide.

Source: The Guardian

Harvard University confirmed it was breached through a critical zero-day vulnerability in Oracle's E-Business Suite system. The flaw, tracked as CVE-2025-61882, allows attackers to remotely access systems without authentication. The notorious Clop ransomware gang exploited this vulnerability, adding Harvard to their dark web leak site and claiming to have stolen university data.

The attack is part of a broader campaign that began on September 29, though evidence suggests Clop may have been exploiting this vulnerability as early as August 9 - weeks before Oracle released a patch. Harvard says the breach impacted "a limited number of parties associated with a small administrative unit" and they've found no evidence of further system compromise after applying Oracle's patch.

Source: Dark Reading

The Cybersecurity and Infrastructure Security Agency issued an emergency order Wednesday directing all federal agencies to immediately patch F5 technology systems after a foreign nation-state actor gained access to the company's source code. F5 first discovered the breach in August but kept it quiet until now at the Justice Department's request.

The Seattle-based company revealed that hackers maintained "long-term, persistent access" to its development systems, stealing source code and information about unpatched vulnerabilities. CISA warns attackers could exploit these flaws to steal credentials and take control of federal networks.

Federal agencies have until October 22 to apply F5's security updates, with thousands of F5 devices currently in use across government networks. CISA isn't naming the country behind the attack but calls it part of a broader campaign targeting U.S. technology suppliers.

Source: CBS News

F5 disclosed that state-sponsored hackers breached its systems and stole sensitive data, including BIG-IP source code and information on undisclosed vulnerabilities. The attackers maintained persistent access to development systems, though F5 says no critical vulnerabilities or remote code execution flaws were compromised.

The company detected the August 9 attack but delayed disclosure with Justice Department permission. Some customer configuration data from a "small percentage" of clients was also stolen from an engineering platform.

While F5 found no evidence of supply chain tampering or access to financial systems, the attack profile suggests Chinese state-sponsored involvement. Chinese hackers frequently target major software companies hunting for zero-day vulnerabilities.

Source: Security Week