News

Data Breaches and Ransomware Attacks Target Major Companies: October 2025 Report

Luciano Ferrari

27 Oct 2025 — 2 min read

Monday, October 27, 2025

Top 5 Cybersecurity Stories You Should Know

Data Breaches and Ransomware Attacks Target Major Companies: October 2025 Report — tl;dr: The latest Check Point Threat Intelligence Report reveals significant cyber incidents, including a data breach at Toys “R” Us Canada exposing customer records, and a ransomware attack on Japanese retailer Askul disrupting e-commerce operations. Other notable breaches include Verisure's unauthorized access to customer data and a cyber-attack on Jewett-Cameron Trading that compromised sensitive corporate information. Additionally, vulnerabilities such as CVE-2025-33073 and CVE-2025-59287 pose risks to Windows systems. Organizations are advised to implement robust security measures, including patching known vulnerabilities and enhancing employee training to mitigate phishing threats.
↪ https://research.checkpoint.com/2025/27th-october-threat-intelligence-report/
CVE-2025-40778: BIND 9 Vulnerability Exposes 706K DNS Resolvers to Cache Poisoning — tl;dr: A critical security flaw, CVE-2025-40778, has been identified in BIND 9 DNS software, affecting over 706,000 resolvers globally. This vulnerability, rated 8.6 on the CVSS scale, allows remote attackers to inject malicious DNS records into resolver caches, posing a significant risk to internet infrastructure. The flaw arises from BIND's permissive handling of certain DNS responses. Affected versions include BIND 9.11.0 to 9.16.50, 9.18.0 to 9.18.39, 9.20.0 to 9.20.13, and 9.21.0 to 9.21.12. Users are advised to update their BIND installations promptly to mitigate risks.
↪ https://thecyberexpress.com/cve-2025-40778-flaw-exposes-706k-servers/
Critical RCE Vulnerability CVE-2025-59287 in WSUS Servers Requires Immediate Patching — tl;dr: Microsoft has issued an out-of-band update for a critical unauthenticated remote code execution vulnerability (CVE-2025-59287) affecting Windows Server Update Services (WSUS) from 2012 to 2025. This flaw allows attackers to execute arbitrary code with SYSTEM privileges, posing a significant risk of full host compromise and data theft. Exploitation has been observed in the wild following the release of a proof-of-concept exploit. Organizations are urged to apply the security updates immediately, disable the WSUS role if patching is delayed, and restrict access to trusted networks to mitigate risks.
↪ https://www.triskelelabs.com/blog/cve-2025-59287-vulnerability-in-wsus-servers?hs_amp=true
Chrome Zero-Day CVE-2025-2783 Exploited in State-Sponsored Operation ForumTroll — tl;dr: The first Chrome zero-day of 2025, tracked as CVE-2025-2783, has been exploited in a sophisticated cyberespionage campaign named Operation ForumTroll, linked to state-sponsored actors. The vulnerability, a sandbox escape issue, was used to deliver Hacking Team's spyware, LeetAgent, targeting organizations in sectors like education and finance in Russia. Attackers utilized phishing emails to lure victims to malicious sites. To mitigate risks, users should ensure their browsers are updated and remain vigilant against suspicious emails and links.
↪ https://www.securityweek.com/chrome-zero-day-exploitation-linked-to-hacking-team-spyware/
PassiveNeuron Espionage, Jingle Thief Gift Card Fraud, SessionReaper Adobe Exploit — tl;dr: A new cyber-espionage campaign named PassiveNeuron targets government and industrial networks in Asia, Africa, and Latin America using sophisticated malware. Meanwhile, the Jingle Thief group exploits cloud systems for gift card scams, leveraging stolen Microsoft 365 credentials to issue fake cards. Additionally, a critical vulnerability in Adobe Commerce, known as SessionReaper (CVE-2025-54236), is actively being exploited, with many stores still unpatched. Organizations are urged to implement robust security measures and apply necessary updates to protect against these evolving threats.
↪ https://www.duocircle.com/announcements/cybersecurity-news-update-week-44-of-2025