Today’s threat landscape is marked by urgent alerts from CISA regarding an actively exploited vulnerability in Lanscope Endpoint Manager. Concurrently, a critical flaw in Adobe Commerce is being leveraged to attack hundreds of e-commerce sites, while the North Korean Lazarus Group continues its espionage campaign against European defense firms. This summary also covers new advisories for Industrial Control Systems and emerging threats targeting AI-powered browsers.
Top 5 Critical Security Alerts
- CISA warns of Lanscope Endpoint Manager flaw exploited in attacks: CISA has added a critical vulnerability (CVE-2025-61932) in Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities catalog, confirming it is under active attack. Read more
- Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw: A critical improper input validation flaw in Adobe Commerce and Magento (CVE-2025-54236), dubbed ‘SessionReaper’, is being actively exploited to take over e-commerce sessions, with over 250 stores already targeted. Read more
- North Korean Lazarus hackers targeted European defense companies: The North Korean Lazarus Group is conducting a sophisticated cyber-espionage campaign, ‘Operation DreamJob,’ using fake job lures to compromise European defense companies, particularly those involved in drone technology. Read more
- CISA Releases Eight Industrial Control Systems Advisories: CISA has published eight new advisories detailing multiple critical vulnerabilities in ICS/SCADA products from vendors including AutomationDirect, ASKI Energy, Veeder-Root, and Delta Electronics, some with CVSS scores as high as 9.9. Read more
- “Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards: A cybercriminal group named ‘Jingle Thief’ is targeting and exploiting the cloud environments of retail organizations to conduct widespread gift card fraud. Read more
Threat Intelligence
- IR Trends Q3 2025: ToolShell attacks dominate, highlighting criticality of segmentation and rapid response: Cisco Talos reports a surge in attacks on public-facing applications for initial access in Q3 2025, with ToolShell exploits against SharePoint being the most prevalent tactic. Read more
- Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials: Google’s Threat Intelligence Group is tracking a Vietnamese threat cluster (UNC6229) that uses fake job postings on legitimate platforms to deliver malware and phish for credentials to hijack corporate advertising accounts. Read more
- Phishing campaign across Mideast, North Africa is attributed to Iranian group: The Iranian state-sponsored group MuddyWater has been linked to a recent phishing campaign that spreads backdoor malware to targets in the Middle East and North Africa. Read more
- Hackers posing as Kyrgyz officials target Russian agencies in cyber espionage campaign: The ‘Cavalry Werewolf’ hacking group is targeting Russian public sector, energy, and manufacturing companies in a prolonged cyber-espionage campaign using lures that impersonate Kyrgyz officials. Read more
Security Breaches & Incidents
- Toys “R” Us Canada warns customers’ info leaked in data breach: Toys “R” Us Canada has notified customers of a data breach after threat actors stole and subsequently leaked customer records online. Read more
- US accuses former L3Harris cyber boss of stealing and selling secrets to Russian buyer: The US DOJ has charged a former general manager of L3Harris’s hacking division, Trenchant, with stealing trade secrets and selling them to a buyer in Russia. Read more
Security Tools & Best Practices
- Microsoft disables File Explorer preview for downloads to block attacks: To mitigate credential theft risks, Microsoft is now automatically blocking the File Explorer preview pane for files downloaded from the internet to prevent attacks leveraging malicious documents. Read more
- HP pulls update that broke Microsoft Entra ID auth on some AI PCs: HP has retracted a faulty HP OneAgent software update that deleted Microsoft certificates on some Windows 11 AI PCs, preventing users from logging into Microsoft Entra ID. Read more
Emerging Security Technologies
- Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions: Security researchers have found that OpenAI’s Atlas and Perplexity’s Comet AI browsers are vulnerable to sidebar spoofing attacks, which can trick users into following malicious, AI-generated instructions. Read more
- ChatGPT Atlas carries significant security risks, OpenAI warns: OpenAI’s own head of security has publicly warned that the company’s new browser, ChatGPT Atlas, could introduce significant security vulnerabilities for its users. Read more
- Zero Trust Has a Blind Spot: Your AI Agents. A new report highlights how autonomous AI agents are creating significant security blind spots that traditional Zero Trust architectures are not equipped to handle. Read more
