Cisco ASA Zero-Day & Fortra GoAnywhere Under Active Attack

A wave of sophisticated cyberattacks is targeting critical enterprise infrastructure, with newly discovered zero-day vulnerabilities in Cisco’s Adaptive Security Appliances (ASA) and Fortra’s GoAnywhere managed file transfer solution being actively exploited by threat actors. These coordinated campaigns, confirmed by cybersecurity agencies across the US, UK, Canada, and Australia, highlight the escalating risks facing organizational networks and sensitive data.

In a recent discussion, Mirko Rinaldini, Head of ICT at Juventus Football Club, detailed the club’s comprehensive cyber risk strategy. The program is threat-led and outcomes-driven, carefully balancing innovation with robust security measures across matchday operations, e-commerce platforms, and digital services to protect fans, revenue, and the club’s reputation.

For security teams looking to improve internal collaboration, “Practical Purple Teaming” offers a guide to building stronger partnerships between offensive and defensive units. The book focuses on designing and running effective exercises that enhance detection, improve response capabilities, and foster greater trust between teams.

Tim Bramble, Director of Threat Detection and Response at OpenText, recently explained how Security Operations Centers are leveraging AI to detect and prioritize threats more effectively. By establishing a baseline of “normal” activity across users and systems, AI helps surface subtle anomalies that traditional, rules-based security methods frequently overlook, allowing for faster and more accurate threat identification.

The critical flaw in Fortra GoAnywhere, tracked as CVE-2025-10035 and rated a perfect 10.0 on the CVSS scale, was exploited in zero-day attacks before a patch became available on September 15, 2025. This vulnerability in the widely used managed file transfer solution allowed attackers unauthorized access to sensitive systems.

MacOS users are being cautioned by LastPass about a malicious campaign spreading through fake GitHub pages. Individuals searching for popular software like LastPass, 1Password, Adobe After Effects, and Gemini are being tricked into installing the Atomic information-stealing malware instead of the legitimate applications they intended to download.

SonicWall has enhanced the security of its Secure Mobile Access (SMA) 100 series appliances with new firmware. This update introduces advanced file-checking capabilities that empower users to identify and remove known rootkit infections from their systems.

In response to a recent wave of account takeovers and malicious package uploads, GitHub is implementing stricter security measures for its npm registry. The platform, which serves as the primary online repository for JavaScript and Node.js packages, is tightening its publishing rules to prevent attackers from compromising developer accounts and distributing harmful code.

The latest release from OffSec, Kali Linux 2025.3, is now available. This newest iteration of the popular penetration testing and digital forensics platform includes improved tooling for virtual machine environments and introduces ten new tools for security professionals.

A zero-day vulnerability in the Libraesva Email Security Gateway, identified as CVE-2025-59689, has been actively exploited by attackers believed to be state-sponsored. The Italian email security company has confirmed these incidents, underscoring the advanced threats facing email infrastructure.

SolarWinds has addressed a critical remote code execution vulnerability in its Web Help Desk solution. Designated as CVE-2025-26399, this flaw could be exploited by unauthenticated attackers to execute arbitrary code on affected systems, posing a significant risk to IT ticketing and asset management operations.

Law firms of all sizes are increasingly targeted by cybercriminals seeking access to highly sensitive client information. These organizations typically hold vast amounts of valuable data, including confidential client communications, detailed financial records, and privileged legal strategies. Attackers are exploiting system vulnerabilities, weak authentication practices, outdated software, and insufficient staff training to gain access.

The U.S. Secret Service has successfully dismantled a network of electronic devices located throughout the New York tristate area. Officials stated this network presented an imminent threat to national security, as it was being used to launch telecommunications attacks and transmit threats directed at senior government officials.

As drone technology becomes more integrated into military, agricultural, and industrial operations, securing these devices and their supply chains is becoming a critical priority. The unique capabilities of drones introduce new risks that require dedicated security measures and awareness.

An open-source framework known as Cybersecurity AI (CAI) is now available to help security teams develop and operate AI-driven tools for both offensive and defensive security tasks. Designed for researchers, ethical hackers, IT personnel, and organizations, the framework facilitates using artificial intelligence to discover vulnerabilities, test defensive measures, and strengthen overall security posture.

A new framework has been introduced to establish a baseline for security controls in Software-as-a-Service (SaaS) applications. Managing security across a sprawling portfolio of SaaS tools is a complex challenge, as each application has its own unique settings, permissions, and logging mechanisms. Traditional third-party risk assessments often focus on the vendor’s overall security, not the specific application, creating security gaps that organizations must address with limited visibility and resources.

Cisco has released patches for 14 vulnerabilities affecting its IOS and IOS XE software. Among these is CVE-2025-20352, a high-severity flaw that has been exploited in zero-day attacks, necessitating immediate attention from network administrators.

Microsoft Threat Intelligence recently identified and blocked a phishing campaign that utilized a large language model to obfuscate a malicious attachment. Cybercriminals are increasingly leveraging AI-powered tools and malicious LLMs to generate highly convincing, error-free phishing emails, create deepfakes, build fraudulent online personas, develop fake websites, and even write malware.

Windows 10 users within the European Economic Area have received welcome news: they will qualify for an additional year of free security updates. These extended security updates will now be available until October 14, 2026, at no cost, and without the requirement to back up user settings, applications, or credentials to the Microsoft cloud.

In a security video, Brittany Allen, Senior Trust and Safety Architect at Sift, discusses the emerging fraud risks associated with the rise of AI agents. She explains that while these agents are designed to assist users, they can inadvertently aid fraudsters by performing tasks without the ability to recognize malicious intent, potentially causing real-world harm.

David Hardoon, Global Head of AI Enablement at Standard Chartered, explores the fundamental role of ethics and safety in artificial intelligence development. He emphasizes the importance of building responsible AI systems from the very beginning of the development lifecycle.

The role of agentic AI within the security operations center is examined by David Norlin, CTO of Lumifi. He clarifies what agentic AI entails, how it can automate repetitive cybersecurity workflows to enhance efficiency, and why maintaining accountability and implementing the technology carefully are absolutely critical for success.

Analyst firm Gartner predicts a significant shift in cybersecurity spending over the coming years. By 2030, preemptive cybersecurity solutions are projected to dominate 50% of IT security budgets, a substantial increase from less than 5% in 2024. This trend indicates that proactive defense mechanisms are set to replace standalone detection and response solutions as the primary strategy for countering cyber threats.

Security professionals have a new open-source tool at their disposal called Nosey Parker. This command-line utility is specifically designed to unearth secrets and sensitive information concealed within text files and Git history. Functioning like a specialized version of grep, it excels at identifying passwords, API keys, and other confidential data that should not be exposed.

Recent data from Bugcrowd reveals a troubling trend: attackers are increasingly focusing their efforts on hardware and application programming interfaces (APIs). While the number of reported website vulnerabilities has remained steady, flaws in APIs and hardware components are rising sharply. This shift demonstrates that threat actors are adapting their tactics to target the underlying infrastructure and hidden systems that are essential for business operations.

For those seeking new opportunities, a fresh selection of cybersecurity roles is available this week. The market offers a variety of positions spanning different experience levels and specializations within the field.

The past month has seen a range of new product releases from leading cybersecurity vendors. Notable releases have come from companies including Absolute Security, Blackdot Solutions, Catchpoint, Cynomi, DataLocker, Gigamon, Lookout, Nagomi Security, Neon Cyber, QuSecure, Relyance AI, Secure Code Warrior, and Teleport.

(Source: HelpNet Security)