CyberPulse SMB - Daily Security Topic Digest
Date: September 24, 2025
⚠️ What Every Business Leader Should Know
The analysis of current articles shows several important cybersecurity risks for small and mid-sized businesses (SMBs). These include using outdated Windows systems, which can be easier for hackers to break into, and risks from publishing articles online without checking permissions or licenses. There are also ongoing threats from advanced cyberattacks aimed at platforms like Salesforce and Microsoft 365. Problems in popular software like SolarWinds, along with threats from foreign governments, show why strong security is so important. The wide range of risks means businesses need to use multiple layers of protection.
🔴 High-Risk Issues
Passwords & Email
Phishing attacks and credential stuffing remain prevalent, exploiting weak passwords and unsuspecting employees. These attacks often lead to account compromises, data breaches, and malware infections.
**Business Risk:** A successful phishing attack could expose sensitive customer data, leading to regulatory fines and reputational damage, costing thousands or even millions of dollars.
- Enforce strong password policies and multi-factor authentication (MFA).
- Implement regular security awareness training for all employees.
- Utilize email filtering and anti-phishing solutions.
Ransomware
Ransomware attacks encrypt critical data, demanding payment for its release. Recovery can be costly and time-consuming, even with backups.
**Business Risk:** A ransomware attack can cripple operations, leading to lost revenue, data loss, and significant recovery costs.
- Regularly back up your data to an offline location.
- Implement robust endpoint detection and response (EDR) solutions.
- Keep your software updated and patched.
Supply Chain Attacks
Compromised software libraries or third-party vendors can provide attackers with access to your systems. This often goes undetected until significant damage is done.
**Business Risk:** A supply chain attack can lead to widespread data breaches, operational disruptions, and significant financial losses.
- Vet third-party vendors carefully and regularly review their security practices.
- Utilize software composition analysis (SCA) tools to identify vulnerabilities in your software.
- Prioritize patching known vulnerabilities in your software and dependencies.
⚙️ Foundational Policy Risks
Outdated Software
Unpatched software creates vulnerabilities that attackers can exploit. Many attacks leverage known vulnerabilities that could be easily mitigated with updates.
**Business Risk:** Outdated software increases your susceptibility to malware, ransomware, and other cyber threats, leading to data breaches and operational disruptions.
- Implement a regular patching schedule for all software and operating systems.
- Utilize automated patching tools where possible.
Weak Access Controls
Inadequate access controls allow unauthorized users to access sensitive data and systems. This can lead to data breaches, theft, and regulatory violations.
**Business Risk:** Weak access controls can result in data breaches, regulatory fines, and reputational damage.
- Implement the principle of least privilege, granting users only the access they need.
- Regularly review and update user access permissions.
- Utilize multi-factor authentication (MFA) wherever possible.
📢 Security Awareness Gaps
Phishing
Phishing attacks exploit human error, tricking employees into revealing sensitive information or downloading malware. These attacks are becoming increasingly sophisticated.
**Business Risk:** Successful phishing attacks can lead to data breaches, financial losses, and reputational damage.
- Conduct regular security awareness training for all employees.
- Implement robust email filtering and anti-phishing solutions.
📦 What You Should Prioritize Now
| Priority | Action |
|---|---|
| Implement MFA | Enable MFA on all critical accounts. |
| Patching | Prioritize patching critical vulnerabilities. |
| Backups | Ensure regular, offline backups of critical data. |
| Security Awareness Training | Conduct phishing simulations and training. |
| Vendor Risk Assessment | Review the security practices of your third-party vendors. |
| Password Policy | Enforce strong password policies. |
| Firewall Review | Review and update your firewall configurations. |
| Endpoint Detection | Implement endpoint detection and response (EDR) solutions. |
| Software Updates | Automate software updates where possible. |
💬 Final Thought
Consistent, simple security practices—like MFA, regular software updates, and employee training—are the most effective long-term investments you can make to protect your business from cyber threats. Prioritizing these actions now will significantly reduce your risk in the future.
🔗 Additional Reading
High-Risk
- [SMB] How One Bad Password Ended a 158-Year-Old Business — Most businesses don't make it past their fifth birthday - studies show that roughly 50% of small businesses fail within the first five years.
- New YiBackdoor Malware Shares Major Code Overlaps with IcedID and Latrodectus — Cybersecurity researchers have disclosed details of a new malware family dubbed YiBackdoor that has been found to share "significant" source code overlaps with…
- iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks — Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages an…
- Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials — Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks desig…
- State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability — Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-spons…
- Threat Actor Deploys 'OVERSTEP' Backdoor in Ongoing SonicWall SMA Attacks — Hackers tracked as UNC6148 are attacking SonicWall security devices by installing hidden software, allowing them to control systems, steal passwords, and hide …
- GitHub Aims to Secure Supply Chain as NPM Hacks Ramp Up — GitHub will address weak authentication and overly permissive tokens in the NPM ecosystem, following high-profile threat campaigns like those involving Shai-Hu…
- Exposed Docker Daemons Fuel DDoS Botnet — The for-hire platform leverages legitimate cloud-native tools to make detection and disruption harder for defenders and SOC analysts.
- Feds Tie ‘Scattered Spider’ Duo to $115M in Ransoms — U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K.
- [SMB] UK agency makes arrest in airport cyberattack investigation — <h4>After air passenger travel hit across the Atlantic, organized crime agency strikes</h4> <p><strong>Breaking</strong> The UK's National Crime Agency has arr…
- Cybercriminals cash out with casino giant's employee data — <h4>Attackers hit jackpot after targeting Boyd Gaming</h4> <p>Hotel and casino operator Boyd Gaming has disclosed a cyberattack to US regulators, warning that …
- [SMB] UK arrests suspect for RTX ransomware attack causing airport disruptions — The UK's National Crime Agency has arrested a suspect linked to a ransomware attack that is causing widespread disruptions across European airports. [...]
- [SMB] PyPI urges users to reset credentials after new phishing attacks — The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. [...]
- [SMB] GitHub notifications abused to impersonate Y Combinator for crypto theft — A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. [...]
- Boyd Gaming discloses data breach after suffering a cyberattack — US gaming and casino operator Boyd Gaming Corporation disclosed it suffered a breach after threat actors gained access to its systems and stole data, including…
- Libraesva ESG issues emergency fix for bug exploited by state hackers — Libraesva rolled out an emergency update for its Email Security Gateway solution to fix a vulnerability exploited by threat actors believed to be state sponsor…
- [SMB] US Disrupts Massive Cell Phone Array in New York — <p>This is a <a href="https://www.bbc.com/news/articles/cn4w0d8zz22o">weird story</a>:</p> <blockquote><p>The US Secret Service disrupted a network of telecomm…
- [SMB] AI vs. AI: Detecting an AI-obfuscated phishing campaign — <p>Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and e…
- [SMB] Microsoft Purview delivered 30% reduction in data breach likelihood — <p>A recent Total Economic Impact™ (TEI) Of Microsoft Purview study by Forrester Consulting, commissioned by Microsoft, offers valuable insights into how organ…
- Automatically Secure: how we upgraded 6,000,000 domains by default to get ready for the Quantum Future — After a year since we started enabling Automatic SSL/TLS, we want to talk about these results, why they matter, and how we’re preparing for the next leap in In…
- SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw — SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attacke…
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service — Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against…
- GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security — GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain…
- BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells — Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor u…
- [SMB] GitHub moves to tighten npm security amid phishing, malware plague — <h4>Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing</h4> <p>GitHub, which owns the npm registry for JavaScript package…
- Oracle gets to store US users' TikTok data, says Trump — <h4>President to announce details on Big Red’s storage and security deal for Chinese social media phenomenon later this week</h4> <p>The White House has promis…
- Suspected Iran-backed attackers targeting European aerospace sector with novel malware — <h4>Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer</h4> <p>Suspected Iranian government-backed online attackers have expanded thei…
- [SMB] SolarWinds releases third patch to fix Web Help Desk RCE bug — SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication. [...]
- SonicWall releases SMA100 firmware update to wipe rootkit malware — SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. [...]
- GitHub tightens npm security with mandatory 2FA, access tokens — GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. [...]
- NPM package caught using QR Code to fetch cookie-stealing malware — Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser.
- [SMB] Airport disruptions in Europe caused by a ransomware attack — The disruptions over the weekend at several major European airports were caused by a ransomware attack targeting the check-in and boarding systems. [...]
- Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign — <p>SEO poisoning campaign "Operation Rewrite” uses a malicious IIS module called BadIIS to redirect users to unwanted websites.</p> <p>The post <a href="https:…
- Zero trust with zero clicks, a new take on IdPs — With Tailscale and tsidp, it’s even possible to securely isolate and authorize MCP servers for private AI deployments with minimal effort.
- What’s in the SOSS? Podcast #40 – S2E17 From Manager to Open Source Security Pioneer: Kate Stewart’s Journey Through SBOM, Safety, and the Zephyr Project — Intro Music + Promo Clip (00:00) CRob (00:07.862) Welcome, welcome, welcome to “What’s in the SOSS?” the OpenSSF’s podcast where we talked to the amazing peopl…
- From Beginner to Builder: Your First Code Contribution — Maybe you've used open source before and wondered how it all works, or you're early in your career and heard that open source contributions can boost your grow…
- [SMB] ⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More — The security landscape now moves at a pace no patch cycle can match.
- [SMB] Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants — A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including G…
- 15 Years of Zero Trust: Why It Matters More Than Ever — With the emergence of AI-driven attacks and quantum computing, and the explosion of hyperconnected devices, zero trust remains a core strategy for security ope…
- [SMB] EU’s cyber agency blames ransomware as Euro airport check-in chaos continues — <h4>Airport staff revert to manual ops as travellers urged to use self-service check-in where possible</h4> <p>The EU's cybersecurity agency today confirmed th…
- Car giant Stellantis says customer data nicked after partner vendor pwned — <h4>Automaker insists only names and emails exposed, no financials</h4> <p>Car giant Stellantis is admitting that attackers targeted one of its third-party par…
- Microsoft Entra ID flaw allowed hijacking any company's tenant — A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. [...]
- [SMB] What happens when a cybersecurity company gets phished? — A Sophos employee was phished, but we countered the threat with an end-to-end defense process
- Nimbus Manticore Deploys New Malware Targeting Europe — <p>Nimbus Manticore Deploys New Malware Targeting Europe Key Findings Introduction Since early 2025, Check Point Research (CPR) has tracked waves of Nimbus Man…
- 22nd September – Threat Intelligence Report — <p>For the latest discoveries in cyber research for the week of 22nd September, please download our Threat Intelligence Bulletin.
- DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams — Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a …
- [SMB] Toxics, Vol. 13, Pages 802: Toxicological Impacts of Polypropylene Nanoparticles Similar in Size to Nanoplastics in Plastic-Bottle Injections on Human Umbilical Vein Endothelial Cells — Microplastic and nanoplastic (MNP) particles have been observed in various human organs.
Policy
- From FBI to CISO: Unconventional Paths to Cybersecurity Success — Cybersecurity leader Jason Manar shares insights on diverse career paths, essential skills, and practical advice for entering and thriving in the high-stress y…
- CISA Announces Steve Casapulla as Executive Assistant Director for Infrastructure Security — WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA) announced the appointment of Stephen L.
- Campaigners urge UK PM Starmer to dump digital ID wheeze before it's announced — <h4>Labour accused of sneaking in plans it denied before the general election</h4> <p>Seven campaign groups have written to UK prime minister Keir Starmer urgi…
- [SMB] The AI Fix #69: How we really use ChatGPT, and will AI agents crash the economy? — In episode 69 of The AI Fix, our hosts discover brain rot, a shark wears trainers on its fins, an AI writes a terrible J-Pop song, Graham learns that ants don’…
- [SMB] JRFM, Vol. 18, Pages 539: Committee Diversity Effect on Corporate Investment Risk Practices — Background: This study examines how diversifying committees influence corporate investment risk practices, specifically in decision-making and resource allocat…
- Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation — Big companies are getting smaller, and their CEOs want everyone to know it.
- Slow Wi-Fi? Add houseplants to the list of suspects — <h4>Not as bad as other interference, but maybe it's time for a wired connection</h4> <p>Houseplants could be slowing down your Wi-Fi, according to Broadband G…
- Data, Vol. 10, Pages 151: Validation of Anthropogenic Emission Inventories in Japan: A WRF-Chem Comparison of PM2.5, SO2, NOx and CO Against Observations — Reliable, high-resolution emission inventories are essential for accurately simulating air quality and for designing evidence-based mitigation policies.
- Canada dismantles TradeOgre exchange, seizes $40 million in crypto — The Royal Canadian Mounted Police has shut down the TradeOgre cryptocurrency exchange and seized more than $40 million believed to originate from criminal acti…
- IJMS, Vol. 26, Pages 9233: Advances in Psoriasis Research: Decoding Immune Circuits and Developing Novel Therapies — Psoriasis is a chronic inflammatory autoimmune skin disease characterized by erythematous plaques covered with silvery-white scales, often accompanied by syste…
- Polymers, Vol. 17, Pages 2553: Recent Advances in Marine-Derived Polysaccharide Hydrogels: Innovative Applications and Challenges in Emerging Food Fields — Marine-derived polysaccharides (MPs) are a class of polysaccharides isolated and purified from marine organisms, which engage in various biological activities …
Emerging
- As Incidents Rise, Japanese Government's Cybersecurity Falls Short — The Japanese government suffered the most cybersecurity incidents in 2024 — 447, nearly double the previous year — while failing to manage 16% of critical syst…
- Google-sponsored DORA report reframes AI as central to software development — <h4>Most organizations use AI in dev, the question now is how to use it properly, claims report</h4> <p>Google Cloud's 2025 DORA (DevOps Research and Assessmen…
- Workers: Yes, RTO makes sense. No, we’re not going to do it — <h4>Report uncovers widespread clock blocking, coffee badging</h4> <p>UK workers totally understand why bosses want to get them back into the office – but woul…
- ISC Stormcast For Wednesday, September 24th, 2025 https://isc.sans.edu/podcastdetail/9626, (Wed, Sep 24th) — ISC Stormcast For Wednesday, September 24th, 2025 https://isc.sans.edu/podcastdetail/9626, (Wed, Sep 24th)
- Electronics, Vol. 14, Pages 3781: Fus: Combining Semantic and Structural Graph Information for Binary Code Similarity Detection — Binary code similarity detection (BCSD) plays an important role in software security.
- Microorganisms, Vol. 13, Pages 2239: Antibiotic Residues in Muscle Tissues of Lueyang Black-Bone Chickens Under Free-Range Mountainous Conditions and Their Association with Gut Microbiota — The absorption, transport, and distribution of antibiotics in animals are influenced by the composition and function of the intestinal microbial community.
- Workers fear for their jobs as JLR's latest shutdown extended — <h4>With no idea when engines restart, families gear down on spending ahead of Christmas</h4> <p>Jaguar Land Rover is extending the shutdown of its production …
- ISC Stormcast For Tuesday, September 23rd, 2025 https://isc.sans.edu/podcastdetail/9624, (Tue, Sep 23rd) — ISC Stormcast For Tuesday, September 23rd, 2025 https://isc.sans.edu/podcastdetail/9624, (Tue, Sep 23rd)
- Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship — An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed.
- Pharmaceuticals, Vol. 18, Pages 1426: Src and Abl as Therapeutic Targets in Lung Cancer: Opportunities for Drug Repurposing — Personalized medicine has gained an important relevance over the years with the development of targeted therapies, especially in cancer, adapted to the individ…
- How to Gain Control of AI Agents and Non-Human Identities — We hear this a lot: “We’ve got hundreds of service accounts and AI agents running in the background.
- Don't despair. iFixit says you can still repair that iPhone Air — <h4>Thinnest yet still fixable, though not without effort</h4> <p>iFixit has given Apple's slimline new smartphone, the iPhone Air, a thumbs-up for repairabili…
- Brit scientists over the Moon after growing tea in lunar soil — <h4>It's one small sip for man...</h4> <p>British boffins say they've discovered a way of taking one of the country's favorite pastimes – having a nice cup of …
- ISC Stormcast For Monday, September 22nd, 2025 https://isc.sans.edu/podcastdetail/9622, (Mon, Sep 22nd) — ISC Stormcast For Monday, September 22nd, 2025 https://isc.sans.edu/podcastdetail/9622, (Mon, Sep 22nd)
- Help Wanted: What are these odd reuqests about?, (Sun, Sep 21st) — Looking at our web honeypot data, I came across an odd new request header I hadn&#;x26;#;39;t seen before: "X-Forwarded-App".
- Microsoft says recent updates cause DRM video playback issues — Microsoft has confirmed a known issue that prevents some apps from playing Digital Rights Management (DRM) protected video content or displaying and recording …
- Verified Steam game steals streamer's cancer treatment donations — A gamer seeking financial support for cancer treatment lost $32,000 after downloading from Steam a verified game named BlockBlasters that drained his cryptocur…
- [SMB] Details About Chinese Surveillance and Propaganda Companies — <p>Details from <a href="https://www.wired.com/story/made-in-china-how-chinas-surveillance-industry-actually-works/">leaked documents</a>:</p> <blockquote><p>W…
- Upgrade your travel kit with a tiny, Tailscale-friendly router — I’ll be on vacation when this post is published. It’s not a tropical, cultural, or adventure vacation, but a kind of remote staycation, in a big rented house, …
- Entropy, Vol. 27, Pages 991: Category Name Expansion and an Enhanced Multimodal Fusion Framework for Few-Shot Learning — With the advancement of image processing techniques, few-shot learning (FSL) has gradually become a key approach to addressing the problem of data scarcity.
- Sustainability, Vol. 17, Pages 8506: Analysis of the Summer Sea Breeze Cooling Capacity on Coastal Cities Based on Computer Fluid Dynamics — Summer sea breezes provide cooling in coastal cities; however, their temporal cooling distribution and inland penetration distance remain inadequately studied.
- BDCC, Vol. 9, Pages 242: A Critical Analysis of Government Communication via X (Twitter) — Social media has dramatically impacted all sectors of society, including public communication and governmental relations.
- Make Windows 11 more useful and less annoying with these 11 Registry hacks — <h4>From pain-free shutdowns to crap-free search, these tweaks will improve your experience</h4> <p><strong>hands on</strong> Windows 11 has a number of puzzli…
- Technologies, Vol. 13, Pages 424: Evaluation of a Cyber-Physical System with Fuzzy Control for Efficiency Optimization in Rotary Dryers: Real-Time Multivariate Monitoring of Humidity, Temperature, Air Velocity and Mass Loss — Precise control and monitoring systems are essential for efficient energy consumption in food dehydration.
Other
- [Guest Diary] Distracting the Analyst for Fun and Profit, (Tue, Sep 23rd) — &#;x26;#;x5b;This is a Guest Diary by Taylor House, an ISC intern as part of the SANS.edu Bachelor&#;x26;#;3…
- [SMB] Apple’s New Memory Integrity Enforcement — <p>Apple has introduced a new hardware/software security feature in the iPhone 17: “<a href="https://security.apple.com/blog/memory-integrity-enforcement…
- Windows 11 update leaves Blu-ray and TV apps stuttering — <h4>Protected content in some Blu-ray and DVD applications broken</h4> <p>Microsoft has added another entry to its growing list of problematic updates in the W…