CyberNews: 25/09/2025 Edition
Today’s roundup
Summary
Cisco confirmed active exploitation of two zero-day vulnerabilities (CVE-2025-20333/CVE-2025-20362) in ASA and FTD firewall software, prompting CISA to issue an emergency directive requiring federal agencies to patch by September 26. Salesforce addressed critical ForcedLeak vulnerability (CVSS 9.4) enabling CRM data theft through AI agent prompt injection. North Korean actors deployed new AkdoorTea backdoor against crypto developers, combining TsunamiKit and Tropidoor malware. Chinese state-linked UNC5221 targeted US tech firms with BRICKSTORM backdoor via compromised network appliances. Malicious Rust crates 'faster_log' and 'async_println' stole cryptocurrency keys from 8,424 developers. Attackers breached a US federal agency by exploiting critical GeoServer flaw CVE-2024-36401 within two weeks of disclosure. Cisco warned of widespread exploitation of SNMP flaw (CVE-2025-20352) allowing root-level RCE in IOS/XE devices. Chinese APT RedNovember used Cobalt Strike and custom Pantegana malware in global government espionage. Vane Viper's decade-long DNS infrastructure facilitated malvertising and ad fraud via 1 trillion queries. UK retailer Co-op reported £206M revenue loss from April cyberattack requiring system shutdowns.
Want to dig deeper?
Vulnerabilities
| CVE-2025-20333 | High |
| CVE-2025-20362 | Medium |
| CVE-2024-36401 | Critical |
| CVE-2025-20352 | High |