IT Security Newsletter - 9/30/2025
CISA to furlough 65% of staff if government shuts down this week
Roughly one-third of the Cybersecurity and Infrastructure Security Agency's workforce will stay on the job if the federal government shuts down on Wednesday, according to newly published guidance. "CISA estimates 889 employees as the total number excepted and estimated to be retained during a lapse in appropriations," the Department of Homeland Security said in its shutdown plan document, which it published over the weekend. READ MORE...
Cyberattack on Beer Giant Asahi Disrupts Production
Japanese brewing giant Asahi Group Holdings on Monday announced that its operations in the country have been disrupted by a cyberattack. The incident, the company said, resulted in system failures that affected orders and shipments at all its subsidiaries in the country, as well as call center operations, customer service desks included. Reuters reported that production at some of Asahi's 30 domestic factories has been suspended due to the cyberattack. READ MORE...
Interpol operation disrupts romance scam and sextortion networks in Africa
Authorities arrested 260 cybercrime suspects during a two-week operation spanning 14 African countries, Interpol announced Friday. The globally coordinated summertime crackdown dubbed "Operation Contender 3.0" targeted criminal networks that facilitated romance scams and sextortion, officials said. Interpol said total losses attributed to the scam syndicates amounted to about $2.8 million, involving almost 1,500 victims. READ MORE...
AI-Powered Voice Cloning Raises Vishing Risks
As vishing becomes more frequently used amongst threat actors, researchers have discovered that AI-generated voice clones from as little as five minutes of recorded audio are well on the rise. NCC Group's research team has explored how voice impersonation using AI allows for classic social engineering attacks to become even more refined, blurring the lines of what is real and what is simulated. READ MORE...
Apple fixes critical font processing bug. Update now!
Apple has released important security updates to address a critical vulnerability in FontParser-the part of MacOS/iOS/iPadOS that processes fonts. Identified as CVE-2025-43400, the flaw was discovered internally by Apple and allows an attacker to craft a malicious font that can cause apps to crash or corrupt process memory, potentially leading to arbitrary code execution. While Apple hasn't said it's being actively exploited, similar bugs have been used in attacks in the past. READ MORE...
High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter
Broadcom on Monday announced patches for six vulnerabilities affecting VMware Aria Operations, NSX, vCenter, and VMware Tools products, including four high-severity flaws. Both Aria Operations and VMware Tools are impacted by a high-severity local privilege escalation bug tracked as CVE-2025-41244. Patches have also been rolled out for a medium-severity issue in VMware Aria Operations that could allow attackers to disclose the credentials of other users. READ MORE...
UK convicts "Bitcoin Queen" in world's largest cryptocurrency seizure
The Metropolitan Police has secured a conviction in what is believed to be the world's largest cryptocurrency seizure, valued at more than £5.5 billion ($7.3 billion). Zhimin Qian, 47, also known as Yadi Zhang, pleaded guilty today at Southwark Crown Court to acquiring and possessing criminal property under the Proceeds of Crime Act. Police said she conducted a multibillion-pound fraudulent Bitcoin scheme that defrauded more than 128,000 victims in China between 2014 and 2017. READ MORE...
CISA warns of critical Linux Sudo flaw exploited in attacks
Hackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, describing it as "an inclusion of functionality from untrusted control sphere." CISA has given federal agencies until October 20 to apply the official mitigations. READ MORE...
- ...in 1927, Babe Ruth hits his 60th home run of the 1927 season and with it sets a record that would stand for 34 years.
- ...in 1954, the USS Nautilus, the world's first nuclear submarine, is commissioned by the U.S. Navy.
- ...in 1972, Pro baseball great Roberto Clemente hits his 3,000th and final hit of his career
- ...in 1980, the original specifications for Ethernet computer networking technologies are published by Xerox with Intel and Digital Equipment Corporation.