Article Details

⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More. It's easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn't just patching fast, but watching smarter and staying alert for what you don't expect. Here's a quick look at this week's top threats, new tactics, and security stories shaping the landscape. ⚡ Threat of the Week F5 Exposed to Nation-State Breach — F5 disclosed that unidentified threat actors broke into its systems and stole files containing some of BIG-IP's source code and information related to undisclosed vulnerabilities in the product. The company said it learned of the incident on August 9, 2025, although it's believed that the attackers were in its network for at least 12 months. The attackers are said to have used a malware family called BRICKSTORM, which is attributed to a China-nexus espionage group dubbed UNC5221. GreyNoise said it observed elevated scanning activity targeting BIG-IP in three waves on September 23, October 14, and October 15, 2025, but emphasized the anomalies may not necessarily relate to the hack. Censys said it identified over 680,000 F5 BIG-IP load balancers and application gateways visible on the public internet, with the majority of hosts located in the U.S., followed by Germany, France, Japan, and China. Not all identified systems are necessarily vulnerable, but each represents a publicly accessible interface that should be inventoried, access-restricted, and patched proactively as a precautionary measure. "Edge infrastructure and security vendors remain prime targets for long-term, often state-linked threat actors," John Fokker, vice president of threat intelligence strategy at Trellix, said. "Over the years, we have seen nation-state interest in exploiting vulnerabilities in edge devices, recognizing their strategic position in global networks. Incidents like these remind us that strengthening collective resilience requires not only hardened technology but also open collaboration and intelligence sharing across the security community." Zero Trust + AI: Thrive in the AI Era and Empower Your Workforce It's no surprise, hackers are using AI in creative ways to compromise users and breach organizations. Zscaler Zero Trust + AI helps defeat ransomware and AI-power attacks today by enabling you to detect and block advanced threats, and discover and classify sensitive data everywhere. 🔔 Top News ‎️‍🔥 Trending CVEs Hackers move fast. They often exploit new vulnerabilities within hours, turning a single missed patch into a major breach. One unpatched CVE can be all it takes for a full compromise. Below are this week's most critical vulnerabilities gaining attention across the industry. Review them, prioritize your fixes, and close the gap before attackers take advantage. This week's list includes — CVE-2025-24990, CVE-2025-59230 (Microsoft Windows), CVE-2025-47827 (IGEL OS before 11), CVE-2023-42770, CVE-2023-40151 (Red Lion Sixnet RTUs), CVE-2025-2611 (ICTBroadcast), CVE-2025-55315 (Microsoft ASP.NET Core), CVE-2025-11577 (Clevo UEFI firmware), CVE-2025-37729 (Elastic Cloud Enterprise), CVE-2025-9713, CVE-2025-11622 (Ivanti Endpoint Manager), CVE-2025-48983, CVE-2025-48984 (Veeam), CVE-2025-11756 (Google Chrome), CVE-2025-49201 (Fortinet FortiPAM and FortiSwitch Manager), CVE-2025-58325 (Fortinet FortiOS CLI), CVE-2025-49553 (Adobe Connect collaboration suite), CVE-2025-9217 (Slider Revolution plugin), CVE-2025-10230 (Samba), CVE-2025-54539 (Apache ActiveMQ), CVE-2025-41703, CVE-2025-41704, CVE-2025-41706, CVE-2025-41707 (Phoenix Contact QUINT4), and CVE-2025-11492, CVE-2025-11493 (ConnectWise Automate). 📰 Around the Cyber World 🎥 Cybersecurity Webinars 🔧 Cybersecurity Tools Disclaimer: These tools are for educational and research use only. They haven't been fully security-tested and could pose risks if used incorrectly. Review the code before trying them, test only in safe environments, and follow all ethical, legal, and organizational rules. 🔒 Tip of the Week Most Cloud Breaches Aren't Hacks — They're Misconfigurations. Here's How to Fix Them — Cloud storage buckets like AWS S3, Azure Blob, and Google Cloud Storage make data sharing easy — but one wrong setting can expose everything. Most data leaks happen not because of hacking, but because someone left a public bucket, skipped encryption, or used a test bucket that never got locked down. Cloud platforms give you flexibility, not guaranteed safety, so you need to check and control access yourself. Misconfigurations usually happen when permissions are too broad, encryption is disabled, or visibility is lost across multiple clouds. Doing manual checks doesn't scale — especially if you manage data in AWS, Azure, and GCP. The fix is using tools that automatically find, report, and even fix unsafe settings before they cause damage. ScoutSuite is a strong starting point for cross-cloud visibility. It scans AWS, Azure, and GCP for open buckets, weak IAM roles, and missing encryption, then creates an easy-to-read HTML report. **Prowler** goes deeper into AWS, checking S3 settings against CIS and AWS benchmarks to catch bad ACLs or unencrypted buckets. For ongoing control, Cloud Custodian lets you write simple policies that automatically enforce rules — for example, forcing all new buckets to use encryption. And CloudQuery can turn your cloud setup into a searchable database, so you can monitor changes, track compliance, and visualize risks in one place. The best approach is to combine them: run ScoutSuite or Prowler weekly to find issues, and let Cloud Custodian handle automatic fixes. Even a few hours spent setting these up can stop the kind of data leaks that make headlines. Always assume every bucket is public until proven otherwise — and secure it like it is. Conclusion The truth is, no tool or patch will ever make us fully secure. What matters most is awareness — knowing what's normal, what's changing, and how attackers think. Every alert, log, or minor anomaly is a clue. Keep connecting those dots before someone else does.