Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 42 – 2025

Publication date

17.10.2025

Approach Cyber Weekly Digest Cover Image

Featured Story

F5 says hackers stole undisclosed BIG-IP flaws, source code

Summary

U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. :contentReference[oaicite:0]{index=0}

The company became aware of the breach on August 9, 2025, with investigations revealing that a highly sophisticated nation-state threat actor had gained long-term, persistent access to its BIG-IP product development environment and engineering knowledge-management platform. :contentReference[oaicite:1]{index=1}

F5 has issued patches to address 44 vulnerabilities (including the ones stolen in the breach) and urged customers to update their systems as soon as possible. In response, the Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring federal agencies to apply updates by October 22, 2025. :contentReference[oaicite:3]{index=3}

Analysis from our SOC team: This breach represents a severe supply-chain risk with stolen vulnerabilities creating zero-day potential. Prioritise patch management of all F5 infrastructure, particularly internet-facing management interfaces.

Other News

Two New Windows Zero-Days Exploited in the Wild

Summary

Microsoft released fixes for 183 security flaws, including three vulnerabilities under active exploitation. The two Windows zero-days are CVE-2025-24990 and CVE-2025-59230. :contentReference[oaicite:4]{index=4}

Analysis from our SOC team: These zero-days demand immediate patching across all Windows environments. CVE-2025-24990 is critical as it affects every Windows version by default, allowing attackers with minimal privileges to escalate to administrator. For CVE-2025-59230, focus on VPN and remote access infrastructure.

Hackers Deploy Linux Rootkits via Cisco SNMP Flaw in ‘Zero Disco’ Attacks

Summary

Cybersecurity researchers disclosed a new campaign called Operation Zero Disco that exploited CVE-2025-20352, a stack-overflow vulnerability in Cisco IOS / IOS XE SNMP subsystem, to deploy Linux rootkits on devices including Cisco 9400, 9300 and legacy 3750 G series.

Analysis from our SOC team: This campaign targets legacy Cisco infrastructure with sophisticated rootkit deployment. If running Cisco 9400, 9300, or 3750G series devices, patch immediately. Monitor SNMP traffic for anomalous patterns and review authentication logs for unexpected access attempts, particularly universal passwords containing “disco” variations.

Windows 10 stops updates: how do you stay safe on the internet?

Summary

On 14 October 2025, Microsoft stopped providing regular security updates for Windows 10, putting many users at risk. According to Statcounter, ~38.4 % of Belgian Windows PCs were still running on Windows 10 in September 2025.

Your computer will continue to work, but it will be more vulnerable to viruses and hackers. Users have four options to stay safe: switch to Windows 11 if compatible, activate Extended Security Updates (ESU) through their Microsoft account (free) or one-time purchase for an extra year of updates, switch to alternative operating systems like Linux, or purchase a new computer.

Analysis from our SOC team: The tips described in the article are what we would like to emphasise as well. Organisations must treat Windows 10 end-of-life as a critical security event requiring immediate action. Inventory all endpoints, accelerate Windows 11 migrations where possible, and enforce ESU enrolment for devices that cannot upgrade.

OTHER STORIES

Weekly Digest Week 43 – 2025

Weekly Digest Week 41 – 2025

Weekly Digest Week 40 – 2025

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?

info@approach-cyber.com

Facebook-f Linkedin-in Youtube

Our certifications & labels

Facebook-f Linkedin-in Youtube