Between January and October 2025, two major ClickFix campaigns were tracked, including an Interlock ransomware incident in August targeting a U.S. SLTT entity. It has been used to deliver malware such as Lumma Stealer, NetSupport RAT, and SocGholish.

The cybersecurity landscape has seen a significant shift in threat actor behavior, with a marked increase in the exploitation of public-facing applications, evolving ransomware tactics, and targeted cyber-espionage campaigns.

A critical bug, CVE-2025-61932, has been identified in Motex LANSCOPE Endpoint Manager. It allows remote attackers to execute arbitrary code by sending specially crafted packets due to improper verification of the source of communication channels.

Multiple vulnerabilities have been identified in Oxford Nanopore Technologies' MinKNOW software, a DNA and RNA sequencing platform. These flaws could allow attackers to gain unauthorized access, exfiltrate data, and disrupt sequencing operations.

A critical vulnerability affects Adobe Experience Manager Forms JEE. This flaw allows attackers to execute arbitrary code on affected systems. The vulnerability has been added to CISA’s KEV catalog, indicating confirmed exploitation in the wild.

A high-severity vulnerability, CVE-2025-6264, was spotted in Rapid7's Velociraptor tool. This flaw stems from incorrect default permissions that allow users with specific roles to execute arbitrary commands and potentially take over endpoints.

CISA has released a new Industrial Control Systems (ICS) advisory, ICSA-25-287-01, addressing a vulnerability in Rockwell Automation's 1715 EtherNet/IP Comms Module. This is part of a regular release of Industrial Control Systems (ICS) advisories.

A critical vulnerability identified as CVE-2025-24990 affects the Agere Modem Driver in Microsoft Windows. This untrusted pointer dereference flaw enables local attackers to escalate privileges and gain administrator access.

A critical RCE bug affects multiple Mozilla products including Firefox, Thunderbird, and SeaMonkey. This flaw, which occurs when JavaScript is enabled, allows remote attackers to execute arbitrary code by exploiting memory corruption.

A critical heap out-of-bounds write vulnerability, tracked as CVE-2021-22555, has been identified in the Linux Kernel. This flaw allows attackers to escalate privileges or cause a DoS condition via heap memory corruption through user namespaces.