News

UNC6384 Exploits CVE-2025-9491 to Target European Diplomats

Luciano Ferrari

04 Nov 2025 — 2 min read

Tuesday, November 4, 2025

Top 5 Cybersecurity Stories You Should Know

UNC6384 Exploits CVE-2025-9491 to Target European Diplomats — tl;dr: The China-affiliated threat actor group UNC6384 has exploited the Windows vulnerability CVE-2025-9491 to target European diplomats from Hungary, Belgium, Italy, and the Netherlands. Utilizing spear-phishing emails with malicious .LNK attachments, the attackers deploy the PlugX remote access tool, allowing extensive control over compromised devices. Dataminr has been alerting clients about this zero-day vulnerability since March 2025, highlighting the importance of user awareness and proactive monitoring to mitigate risks associated with such threats. Organizations are advised to enhance their defenses and educate employees on recognizing phishing attempts.
↪ https://www.dataminr.com/resources/blog/unc6384-exploits-cve-2025-9491-to-target-diplomats/
CISA's Known Exploited Vulnerabilities Catalog Updated with New CVEs — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) Catalog, which now includes new vulnerabilities such as CVE-2025-24893 for XWiki and CVE-2025-41244 for Broadcom's VMware Aria Operations. This catalog serves as a critical resource for organizations to prioritize vulnerability management and enhance their cybersecurity posture. Affected entities are advised to apply mitigations as per vendor instructions and follow relevant guidance to protect against potential exploits. Regularly consulting the KEV Catalog can help organizations stay ahead of emerging threats.
↪ https://www.cisa.gov/known-exploited-vulnerabilities-catalog
U.S. Indicts Cybersecurity Insiders for BlackCat Ransomware Attacks — tl;dr: Federal prosecutors in the U.S. have indicted three individuals, including former employees of DigitalMint and Sygnia, for orchestrating BlackCat ransomware attacks against five companies between May and November 2023. The defendants allegedly extorted millions in cryptocurrency from victims, including a medical device firm and a drone manufacturer. While one defendant has pleaded not guilty, another reportedly confessed to participating in the scheme to alleviate personal debt. The charges could lead to up to 50 years in prison, highlighting the severe consequences of insider threats in cybersecurity.
↪ https://thehackernews.com/2025/11/us-prosecutors-indict-cybersecurity.html
CVE-2025-43435: New Vulnerability Identified in NVD Database — tl;dr: CVE-2025-43435 has been identified as a potential security vulnerability, but details are currently limited as it is not yet available in the National Vulnerability Database (NVD). Organizations should monitor the NVD for updates on this CVE and assess their systems for any related risks. It is advisable to implement best practices for cybersecurity, including regular updates and patches, to mitigate potential impacts. For further information, stakeholders can contact the CVE team directly or check the CVE dictionary for status updates.
↪ https://nvd.nist.gov/vuln/detail/CVE-2025-43435
CVE-2025-12642 Identified: Potential Security Vulnerability in NVD — tl;dr: CVE-2025-12642 has been identified as a potential security vulnerability within the National Vulnerability Database (NVD). While specific details regarding the nature and impact of the vulnerability are currently unavailable, it is crucial for organizations and security professionals to monitor updates from the NVD. Users are advised to ensure that their systems are up-to-date with the latest security patches and to remain vigilant against potential threats. For further information, stakeholders should regularly check the NVD website and consult with cybersecurity experts.
↪ https://nvd.nist.gov/vuln/detail/CVE-2025-12642