Today’s roundup
Over 75,000 WatchGuard security devices vulnerable to critical RCE
CISA: High-severity Windows SMB flaw now exploited in attacks
Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets
F5 breach exposes 262,000 BIG-IP systems worldwide
Self-spreading GlassWorm malware hits OpenVSX, VS Code registries
Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack
Japanese retailer Askul halts online orders, shipments after ransomware attack
Microsoft Revokes 200+ Fake Certificates Used in Teams Malware Attack
AWS outage crashes Amazon, Prime Video, Fortnite, Perplexity and more
Experian fined $3.2 million for mass-collecting personal data
Summary
Nearly 76,000 WatchGuard Firebox network security appliances are publicly exposed and vulnerable to CVE-2025-9242, a critical issue allowing unauthenticated remote code execution. This widespread exposure presents significant risks for organizations.
CISA warns of active exploitation of a high-severity Windows SMB privilege escalation vulnerability, enabling attackers to gain SYSTEM privileges on unpatched systems. Immediate patching is advised.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five new security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, including CVE-2025-61884 in Oracle E-Business Suite, confirming its active exploitation.
Over 262,000 F5 BIG-IP systems are exposed globally following a nation-state actor breach of F5 in August 2025. The China-linked UNC5221 group stole source code and undisclosed flaws, deploying the Brickstorm backdoor, creating widespread risk.
A new, ongoing supply-chain attack targets developers on OpenVSX and Microsoft Visual Studio marketplaces. Self-spreading "GlassWorm" malware has been installed approximately 35,800 times, posing a significant threat to development environments.
China-linked threat group Salt Typhoon is conducting a global cyber-attack campaign. They are exploiting a Citrix flaw and using DLL sideloading techniques to compromise critical infrastructure.
Japanese retailer Muji has halted online sales, and its logistics partner Askul has stopped online orders and shipments, due to a ransomware attack on Askul. This incident caused significant supply chain disruption.
Microsoft has revoked over 200 fraudulent code-signing certificates. These were used by the Vanilla Tempest threat group in a ransomware campaign leveraging fake Microsoft Teams installers.
Amazon Web Services (AWS) experienced a major outage stemming from DNS resolution issues, causing widespread disruption. Services like Amazon.com, Prime Video, Fortnite, and Perplexity AI were affected, highlighting a critical infrastructure vulnerability.
Experian Netherlands received a EUR 2.7 million ($3.2 million) fine from the Dutch Data Protection Authority. The penalty addresses multiple GDPR violations, including excessive personal data collection.
Want to dig deeper?
Vulnerabilities
Cyber Groups
Malware Families