Latest Stories

Stay up-to-date with everything at Approach

Blog article

Weekly Digest Week 46 – 2025

Publication date

14.11.2025

Featured Story

Hackers exploited Citrix, Cisco ISE flaws in zero-day attacks

Summary

It has been reported that an advanced threat actor has exploited critical vulnerabilities “Citrix Bleed 2” (CVE-2025-5777) in NetScaler ADC and Gateway, and CVE-2025-20337 affecting Cisco Identity Services Engine (ISE) as zero-days to deploy custom malware.

Further investigation by Amazon Threat Intelligence revealed and shared with Cisco an anomalous payload targeting a previously undocumented endpoint in Cisco ISE that used vulnerable deserialization logic.

The web shell registered as an HTTP listener to intercept all requests and used Java reflection to inject into Tomcat server threads. It also employed DES encryption with non-standard base64 encoding for stealth, required knowledge of specific HTTP headers to access, and left minimal forensic traces.

Analysis from our SOC teamThese attacks show that advanced actors are increasingly targeting edge devices with stealthy malware, so organizations must urgently verify patching, restrict access to network appliances, and monitor for abnormal HTTP or deserialization activity.

Other News

Phishing Tool Uses Smart Redirects to Bypass Detection

Summary

A new phishing tool targeting Microsoft 365 users leverages “Quantum Route Redirect” payloads delivered by phishing hyperlinks that “can automatically differentiate between security tools or people through an intelligent redirect system.

Researchers have observed that the redirect system enables attacks to bypass multiple layers of security.

Analysis from our SOC teamIt is vital that organizations monitor abnormal redirect behaviour, as attackers are now using dynamic redirect chains to evade secure email gateways. While user awareness remains essential, these links can appear legitimate at first glance.

CISA warns feds to fully patch actively exploited Cisco flaws

Summary

CISA has issued a warning to U.S. federal agencies to implement full patches for two vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. These vulnerabilities are currently under active exploitation and are tracked as CVE-2025-20362 and CVE-2025-20333.

These flaws allow remote threat actors to access restricted URL endpoints without authentication and gain code execution on vulnerable Cisco firewall devices.

Cisco had already issued patches for the flaws in September, but some agencies have not yet implemented them correctly, leaving vulnerable devices exposed to ongoing attacks.

Analysis from our SOC teamThese vulnerabilities, which are being actively exploited, demonstrate that edge devices are prime targets. Therefore, organizations should urgently verify patches and monitor for unusual access or traffic on ASA/Firepower appliances.

The Safeonweb campaign against investment fraud is proving highly successful

Summary

The Centre for Cybersecurity Belgium (CCB) has reported that its national awareness campaign via Safeonweb against online investment fraud is proving highly successful.

The campaign successfully reached nearly 70% of Belgians over the age of 18 (or more than 6.3 million people) through TV and online channels.

Despite the campaign’s success, the CCB notes that “investment fraud remains a very real threat. Scams are becoming more diverse, using new technologies and targeting wider audiences.”

Analysis from our SOC teamDespite heightened awareness, investment scams continue to represent a significant entry point for social engineering attacks. Organisations must therefore reinforce phishing training and monitor compromised user behaviour.

OTHER STORIES

Weekly Digest Week 50 – 2025

Weekly Digest Week 49 – 2025

Weekly Digest Week 47 – 2025

Contact us to learn more about our services and solutions

Our team will help you start your journey towards cyber serenity

Do you prefer to send us an email?

info@approach-cyber.com

Facebook-f Linkedin-in Youtube