CyberNews: 16/10/2025 Edition

Published by Dunateo on 2025-10-16

Today’s roundup

  • Critical Pre-Authentication RCE Vulnerability Found in WatchGuard Fireware OS
  • CISA Warns of Actively Exploited Critical Adobe AEM Zero-Day
  • Nation-State Actor Breaches F5, Stealing BIG-IP Source Code; CISA Issues Emergency Directive
  • CISA Adds Multiple Actively Exploited Flaws to KEV Catalog, Including Windows Zero-Days
  • Hackers Deploy Linux Rootkits via Exploitation of Cisco SNMP Flaw
  • Qilin Ransomware Group Expands Operations, Announces New Victims
  • New Phishing Campaign Impersonates LastPass and Bitwarden, Leading to PC Hijacks
  • Chinese Threat Group 'Jewelbug' Infiltrates Russian IT Network for Five Months
  • Over 100 VS Code Extensions Leaked Access Tokens, Posing Supply Chain Risk

    • Summary

    A critical pre-authentication RCE (CVE-2025-9242, CVSS 9.3) in WatchGuard Fireware OS's IKEv2 VPN services allows remote arbitrary code execution on Firebox appliances. Researchers achieved root access, noting a lack of modern mitigations. Patches are available for affected versions.

    CISA has added a critical Adobe Experience Manager (AEM) vulnerability (CVE-2025-54253, CVSS 10.0) to its KEV catalog. This zero-day, allowing arbitrary code execution, is under active exploitation, requiring immediate patching.

    F5 disclosed a sophisticated nation-state breach in August 2025, resulting in the theft of BIG-IP source code and undisclosed vulnerability data. F5 released immediate patches, and CISA issued an emergency directive for federal agencies to apply updates by October 22, 2025.

    CISA updated its KEV catalog with new actively exploited flaws: CVE-2016-7836 (SKYSEA RCE), CVE-2025-6264 (Rapid7 Velociraptor command execution), and CVE-2025-47827 (IGEL OS Secure Boot bypass), alongside Windows zero-days. Federal agencies must patch by November 4, 2025.

    "Operation Zero Disco" exploits CVE-2025-20352 (CVSS 7.7), a stack overflow in Cisco IOS/IOS XE Software. Attackers are deploying Linux rootkits on older, unprotected Cisco systems.

    The Qilin ransomware group is expanding operations, announcing new victims globally including government and automotive entities. Resecurity reports Qilin relies on bulletproof hosting and demanded $10 million for data from Asahi Group Holdings.

    A new phishing campaign targets LastPass and Bitwarden users with fake breach alerts, coaxing them to download malicious "secure" desktop apps. This leads to PC hijacks; users are advised to ignore these scams.

    The Chinese-linked "Jewelbug" APT infiltrated a Russian IT service provider for five months (Jan-May 2025). This marks an expansion of the group's cyber espionage, demonstrating long-term, persistent access.

    Research uncovered that over 100 Visual Studio Code extension publishers leaked access tokens, creating a critical software supply chain risk. Attackers could exploit these tokens to push malicious updates to the extensions' entire install base.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-9242 Critical
    CVE-2025-54253 Critical
    CVE-2016-7836 Critical
    CVE-2025-6264 Medium
    CVE-2025-47827 Medium
    CVE-2025-20352 High