VMware Zero-Day, CISA Alerts & Cisco Flaws – 09/30/2025

Secure Your Business Now

Today’s threat landscape is dominated by the active exploitation of critical vulnerabilities, including a VMware zero-day leveraged by Chinese hackers for nearly a year. CISA has issued urgent directives for flaws in Fortra and Linux Sudo, while nearly 50,000 Cisco firewalls remain exposed to ongoing attacks. This summary also covers a disruptive cyberattack on Japanese brewer Asahi and new threat intelligence on North Korean cyber operations and emerging malware toolkits.

Top 5 Critical Security Alerts

  • CISA orders federal gov to patch critical Fortra file transfer bug: With a CVSS score of 10/10, CISA has issued an emergency directive for a critical vulnerability in Fortra’s file transfer solution, highlighting significant risk. Read more
  • Chinese hackers exploiting VMware zero-day since October 2024: A high-severity privilege escalation flaw (CVE-2025-41244) in VMware products has been actively exploited by a China-linked APT group for nearly a year before being patched. Read more
  • CISA warns of critical Linux Sudo flaw exploited in attacks: CISA has added a critical Sudo vulnerability (CVE-2025-32463) to its Known Exploited Vulnerabilities catalog, as attackers are actively using it to gain root-level privileges on Linux systems. Read more
  • Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws: Tens of thousands of publicly exposed Cisco ASA and FTD appliances remain vulnerable to two actively exploited vulnerabilities, posing a significant risk to networks. Read more
  • Critical WD My Cloud bug allows remote command injection: Western Digital has patched a critical vulnerability in multiple My Cloud NAS devices that could allow remote attackers to execute arbitrary system commands. Read more

Threat Intelligence

  • North Korea IT worker scheme expanding to more industries, countries outside of US tech sector: Research from Okta reveals that North Korean IT workers are expanding their infiltration efforts beyond the US tech sector into dozens of other countries and industries. Read more
  • New MatrixPDF toolkit turns PDFs into phishing and malware lures: A new toolkit named MatrixPDF enables attackers to weaponize standard PDF files, turning them into interactive lures designed to bypass email security for phishing and malware delivery. Read more
  • New China APT Strikes With Precision and Persistence: A newly identified China-linked APT group, Phantom Taurus, is targeting government and telecom sectors using advanced, fileless backdoors to evade detection. Read more
  • ‘Klopatra’ Trojan Makes Bank Transfers While You Sleep: A sophisticated new Android banking trojan, ‘Klopatra,’ is targeting users in Italy and Spain with advanced techniques to steal financial data and execute fraudulent transfers. Read more
  • New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events: The ‘Datzbro’ Android banking trojan is targeting elderly users by using AI-generated Facebook events to lure victims into installing malware capable of device takeover. Read more

Security Breaches & Incidents

  • Japan’s beer-making giant Asahi stops production after cyberattack : Asahi Group, a major Japanese brewer, has suspended production and has no recovery timeline after a significant cyberattack disrupted its systems. Read more
  • A breach every month raises doubts about South Korea’s digital defenses: A consistent string of data breaches and security incidents in South Korea is raising serious questions about the nation’s cybersecurity posture despite its advanced digital infrastructure. Read more
  • WestJet confirms recent breach exposed customers’ passports: Canadian airline WestJet has confirmed that a June cyberattack resulted in the compromise of sensitive customer data, including passport details and other ID documents. Read more

Security Tools & Best Practices

  • Cybercrime Observations from the Frontlines: UNC6040 Proactive Hardening Recommendations: Google’s Threat Intelligence Group provides a detailed defensive framework with proactive hardening measures to protect SaaS platforms like Salesforce from vishing and data theft campaigns. Read more

Cloud & Network Security

  • Intel and AMD trusted enclaves, the backbone of network security, fall to physical attacks: Researchers have demonstrated that physical attacks can defeat the security of Intel SGX and AMD SEV trusted enclaves, a threat vector chipmakers claim is outside their model. Read more
  • Broadcom fixes high-severity VMware NSX bugs reported by NSA: Following a report from the NSA, Broadcom has released patches for two high-severity vulnerabilities in its VMware NSX network virtualization and security platform. Read more

Security Standards & Frameworks

  • CPPA fines Tractor Supply Company $1.4 million for privacy violations: Tractor Supply Company faces a $1.4 million fine for allegedly failing to provide a compliant privacy policy and sharing personal data without proper consent. Read more
  • Cyber information-sharing law and state grants set to go dark as Congress stalls over funding: Key cybersecurity initiatives, including a vital information-sharing law and state grant programs, are at risk of lapsing as Congress has yet to renew their funding. Read more
  • FTC alleges messaging app violated child privacy law, duped users into subscriptions: The FTC has filed a complaint against the Sendit app for allegedly collecting data from users under 13 and using deceptive subscription practices. Read more
  • CISA Releases Ten Industrial Control Systems Advisories: CISA has published ten new advisories detailing vulnerabilities and security issues in various Industrial Control Systems (ICS) from vendors like Festo, MegaSys, and LG. Read more

Emerging Security Technologies

  • OpenAI unveils Sora 2 video model with realistic physics, high-quality audio, and a new social app: OpenAI’s new Sora 2 model advances AI video generation and is launching with a social app, raising concerns about the potential for sophisticated deepfakes and misinformation. Read more
  • The US may be heading toward a drone-filled future: The increasing use of drones by private sector companies like Flock Safety for tracking shoplifters highlights growing concerns around surveillance and privacy. Read more
  • AI-Powered Voice Cloning Raises Vishing Risks: A new research framework demonstrates how AI voice cloning can be used in real-time conversations, significantly increasing the threat of sophisticated vishing attacks. Read more
Contact Us for a FREE Security Consultation!
Picture of Chris Armour

Chris Armour

Director of Software Engineering at Grab The Axe, leads the development of secure, scalable software solutions that drive growth and innovation. With expertise in network security, coding, and AI, he aligns technology strategies with business goals while mentoring high-performing teams. He holds a Bachelor of Science degree in Network Security from the University of Advancing Technology and is dedicated to advancing digital security and software innovation.

YOU MIGHT ALSO LIKE

HOA Security Solutions

Comprehensive HOA Security Solutions: A Case Study on Enhanced Safety Measures

Social Media Security

Strengthening Social Media Security: A Comprehensive Case Study

Financial Services Security

Enhancing Financial Services Security: A Comprehensive Case Study