Article Details

⚡ Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More. Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week's roundup gives you the biggest security moves to know. Whether you're protecting key systems or locking down cloud apps, these are the updates you need before making your next security decision. Take a quick look to start your week informed and one step ahead. ⚡ Threat of the Week Cisco 0-Day Flaws Under Attack — Cybersecurity agencies warned that threat actors have exploited two security flaws affecting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. The RayInitiator and LINE VIPER malware represent a significant evolution on that used in the previous campaign, both in sophistication and its ability to evade detection. The activity involves the exploitation of CVE-2025-20362 (CVSS score: 6.5) and CVE-2025-20333 (CVSS score: 9.9) to bypass authentication and execute malicious code on susceptible appliances. The campaign is assessed to be linked to a threat cluster dubbed ArcaneDoor, which was attributed to a suspected China-linked hacking group known as UAT4356 (aka Storm-1849). Future-Ready Protection for Microsoft Rising attacks demand a plan. Get Veeam's Cyber Resilience Playbook for Microsoft 365 & Entra ID and learn 10 steps to stay future-ready and secure your SaaS data. Download the playbook now! 🔔 Top News ‎️‍🔥 Trending CVEs Hackers don't wait. They exploit newly disclosed vulnerabilities within hours, transforming a missed patch or a hidden bug into a critical point of failure. One unpatched CVE is all it takes to open the door to a full-scale compromise. Below are this week's most critical vulnerabilities, making waves across the industry. Review the list, prioritize patching, and close the window of opportunity before attackers do. This week's list includes — CVE-2025-20362, CVE-2025-20333, CVE-2025-20363 (Cisco), CVE-2025-59689 (Libraesva ESG), CVE-2025-20352 (Cisco IOS), CVE-2025-10643, CVE-2025-10644 (Wondershare RepairIt), CVE-2025-7937, CVE-2025-6198 (Supermicro BMC), CVE-2025-9844 (Salesforce CLI), CVE-2025-9125 (Lectora Desktop), CVE-2025-23298 (NVIDIA Merlin), CVE-2025-59545 (DotNetNuke), CVE-2025-34508 (ZendTo), CVE-2025-27888 (Apache Druid Proxy), CVE-2025-10858, CVE-2025-8014 (GitLab), and CVE-2025-54831 (Apache Airflow). 📰 Around the Cyber World 🎥 Cybersecurity Webinars 🔧 Cybersecurity Tools Disclaimer: The tools featured here are provided strictly for educational and research purposes. They have not undergone full security audits, and their behavior may introduce risks if misused. Before experimenting, carefully review the source code, test only in controlled environments, and apply appropriate safeguards. Always ensure your usage aligns with ethical guidelines, legal requirements, and organizational policies. 🔒 Tip of the Week Hardening Active Directory Against Modern Attacks — Active Directory is a prime target—compromise it and attackers can own your network. Strengthen its defenses starting with Kerberos FAST (Flexible Authentication Secure Tunneling), which encrypts pre-authentication traffic to block offline password cracking and relay attacks. Deploy it in "Supported" mode, monitor KDC events (IDs 34, 35), then enforce "Required" once all clients are ready. Run PingCastle for a rapid forest health check and use ADeleg/ADeleginator to uncover dangerous over-delegation in OUs or service accounts. Harden password security with Fine-Grained Password Policies (FGPP) and automate local admin password rotation using LAPS or Lithnet Password Protection to block breached credentials in real time. Tighten other control layers: use AppLocker Inspector/Gen to lock down application execution and GPOZaurr to detect orphaned or risky Group Policy Objects. Scan AD Certificate Services with Locksmith to close misconfigurations and use ScriptSentry to catch malicious logon scripts that enable stealthy persistence. Finally, apply CIS or Microsoft security baselines and generate custom Attack Surface Reduction rules with ASRGen to block exploit techniques that bypass standard policies. This layered, rarely implemented strategy raises the cost of compromise and forces even advanced adversaries to work far harder. Conclusion These headlines show how tightly connected our defenses must be in today's threat landscape. No single team, tool, or technology can stand alone—strong security depends on shared awareness and action. Take a moment to pass these insights along, spark a conversation with your team, and turn this knowledge into concrete steps. Every patch applied, policy updated, or lesson shared strengthens not just your own organization, but the wider cybersecurity community we all rely on.