CyberPulse SMB - Daily Security Topic Summary
Date: September 23, 2025
⚠️ What Every Business Leader Should Know
The most pressing cybersecurity risks for SMBs this week revolve around outdated Windows systems facing end-of-support (posing significant vulnerability), Adobe Commerce flaws, and potential Salesforce data breaches. Other risks, while present (like malicious Python packages and browser-based attacks), are less immediately critical for most SMBs. Focusing on patching and strong access controls is paramount.
Current threats highlight significant risks to SMBs from ransomware (LockerGoga, Megacortex), supply chain attacks targeting npm and GitHub packages, and exploitation of vulnerabilities in various software (Apple, Chrome, Ivanti). Malware loaders and RATs are being actively used, indicating sophisticated attacks. Data breaches are prevalent, with sensitive information appearing on forums. The overall threat landscape shows a high likelihood of successful attacks leveraging both known and zero-day vulnerabilities, emphasizing the need for robust security practices.
Emerging cybersecurity threats in late 2025 for SMBs center around increased AI integration (code assistants, Copilot, GPT models) creating new attack vectors and vulnerabilities. Data breaches stemming from third-party applications and compromised messaging services (Signal, WhatsApp) remain significant concerns. While quantum computing poses a long-term risk, its immediate impact on SMBs is currently limited. The recent increase in data breaches involving customer details highlights the ongoing importance of robust data protection measures.
🔴 High-Risk Issues
Passwords & Email
Phishing attacks and credential stuffing remain highly effective. Malicious emails often contain malware or links to compromised websites designed to steal login credentials.
**Business Risk:** A successful attack could lead to data breaches, financial losses, and reputational damage, impacting customer trust and potentially leading to legal action.
- Implement multi-factor authentication (MFA) for all accounts.
- Train employees to identify and report suspicious emails.
- Use strong, unique passwords and a password manager.
Ransomware
Ransomware attacks encrypt critical data, demanding payment for its release. These attacks can cripple operations and lead to significant financial losses.
**Business Risk:** Ransomware can disrupt operations, leading to lost revenue, data loss, and potentially hefty ransom payments.
- Regularly back up your data to an offline location.
- Keep your software updated with the latest security patches.
- Implement robust network security measures, including firewalls and intrusion detection systems.
Supply Chain Attacks
Attacks targeting third-party software and services can compromise your entire system. Compromised software packages or updates can introduce malware into your network.
**Business Risk:** A compromised supply chain can lead to widespread data breaches, operational disruptions, and significant financial losses.
- Vet third-party vendors carefully, verifying their security practices.
- Regularly review and update your software and dependencies.
- Implement robust security monitoring to detect unusual activity.
⚙️ Foundational Policy Risks
Outdated Software
Unpatched software creates vulnerabilities that cybercriminals can exploit. Outdated systems are prime targets for attacks.
**Business Risk:** Outdated software leaves your systems vulnerable to attacks, leading to data breaches, operational disruptions, and financial losses.
- Implement a regular patching schedule for all software.
- Use automated patching tools where possible.
- Prioritize patching critical systems first.
Weak Access Controls
Inadequate access controls allow unauthorized individuals to access sensitive data and systems. Weak passwords and lack of MFA are common vulnerabilities.
**Business Risk:** Weak access controls can lead to data breaches, unauthorized access to sensitive information, and potential regulatory fines.
- Implement strong password policies and enforce MFA.
- Regularly review and update user access permissions.
- Use role-based access control (RBAC) to limit access based on job function.
📢 Security Awareness Gaps
Phishing Attacks
Phishing emails are designed to trick employees into revealing sensitive information or downloading malware. These attacks are becoming increasingly sophisticated.
**Business Risk:** Successful phishing attacks can lead to data breaches, malware infections, and financial losses.
- Conduct regular security awareness training for all employees.
- Implement email filtering and anti-phishing solutions.
- Develop clear procedures for reporting suspicious emails.
📦 What You Should Prioritize Now
| Priority | Action |
|---|---|
| Implement MFA | Enable MFA on all critical accounts. |
| Software Updates | Patch all critical software vulnerabilities immediately. |
| Data Backup | Ensure regular, offline backups of critical data. |
| Security Awareness Training | Conduct employee training on phishing and other threats. |
| Vendor Risk Assessment | Review security practices of key vendors. |
| Network Security Review | Assess firewall rules and intrusion detection systems. |
| Password Management | Enforce strong password policies and consider a password manager. |
| Incident Response Plan | Develop a plan for responding to security incidents. |
💬 Final Thought
Consistent, simple security practices—like MFA, regular updates, and employee training—provide the strongest long-term protection against evolving cyber threats. Prioritizing these foundational elements significantly reduces your risk profile.
🔗 Additional Reading
High-Risk
- SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw — SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attacke…
- ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service — Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against…
- GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security — GitHub on Monday announced that it will be changing its authentication and publishing options "in the near future" in response to a recent wave of supply chain…
- BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells — Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor u…
- [SMB] GitHub moves to tighten npm security amid phishing, malware plague — <h4>Hundreds of compromised packages pulled as registry shifts to 2FA and trusted publishing</h4> <p>GitHub, which owns the npm registry for JavaScript package…
- Oracle gets to store US users' TikTok data, says Trump — <h4>President to announce details on Big Red’s storage and security deal for Chinese social media phenomenon later this week</h4> <p>The White House has promis…
- Suspected Iran-backed attackers targeting European aerospace sector with novel malware — <h4>Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer</h4> <p>Suspected Iranian government-backed online attackers have expanded thei…
- [SMB] SolarWinds releases third patch to fix Web Help Desk RCE bug — SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication. [...]
- SonicWall releases SMA100 firmware update to wipe rootkit malware — SonicWall has released a firmware update that can help customers remove rootkit malware deployed in attacks targeting SMA 100 series devices. [...]
- GitHub tightens npm security with mandatory 2FA, access tokens — GitHub is introducing a set of defenses against supply-chain attacks on the platform that led to multiple large-scale incidents recently. [...]
- NPM package caught using QR Code to fetch cookie-stealing malware — Newly discovered npm package 'fezbox' employs QR codes to hide a second-stage payload to steal cookies from a user's web browser.
- [SMB] Airport disruptions in Europe caused by a ransomware attack — The disruptions over the weekend at several major European airports were caused by a ransomware attack targeting the check-in and boarding systems. [...]
- Operation Rewrite: Chinese-Speaking Threat Actors Deploy BadIIS in a Wide Scale SEO Poisoning Campaign — <p>SEO poisoning campaign "Operation Rewrite” uses a malicious IIS module called BadIIS to redirect users to unwanted websites.</p> <p>The post <a href="https:…
- Zero trust with zero clicks, a new take on IdPs — With Tailscale and tsidp, it’s even possible to securely isolate and authorize MCP servers for private AI deployments with minimal effort.
- What’s in the SOSS? Podcast #40 – S2E17 From Manager to Open Source Security Pioneer: Kate Stewart’s Journey Through SBOM, Safety, and the Zephyr Project — Intro Music + Promo Clip (00:00) CRob (00:07.862) Welcome, welcome, welcome to “What’s in the SOSS?” the OpenSSF’s podcast where we talked to the amazing peopl…
- From Beginner to Builder: Your First Code Contribution — Maybe you've used open source before and wondered how it all works, or you're early in your career and heard that open source contributions can boost your grow…
- [SMB] ⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More — The security landscape now moves at a pace no patch cycle can match.
- [SMB] Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants — A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including G…
- 15 Years of Zero Trust: Why It Matters More Than Ever — With the emergence of AI-driven attacks and quantum computing, and the explosion of hyperconnected devices, zero trust remains a core strategy for security ope…
- [SMB] EU’s cyber agency blames ransomware as Euro airport check-in chaos continues — <h4>Airport staff revert to manual ops as travellers urged to use self-service check-in where possible</h4> <p>The EU's cybersecurity agency today confirmed th…
- Car giant Stellantis says customer data nicked after partner vendor pwned — <h4>Automaker insists only names and emails exposed, no financials</h4> <p>Car giant Stellantis is admitting that attackers targeted one of its third-party par…
- Microsoft Entra ID flaw allowed hijacking any company's tenant — A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. [...]
- [SMB] What happens when a cybersecurity company gets phished? — A Sophos employee was phished, but we countered the threat with an end-to-end defense process
- Nimbus Manticore Deploys New Malware Targeting Europe — <p>Nimbus Manticore Deploys New Malware Targeting Europe Key Findings Introduction Since early 2025, Check Point Research (CPR) has tracked waves of Nimbus Man…
- 22nd September – Threat Intelligence Report — <p>For the latest discoveries in cyber research for the week of 22nd September, please download our Threat Intelligence Bulletin.
- DPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job Scams — Threat actors with ties to the Democratic People's Republic of Korea (aka DPRK or North Korea) have been observed leveraging ClickFix-style lures to deliver a …
- [SMB] Toxics, Vol. 13, Pages 802: Toxicological Impacts of Polypropylene Nanoparticles Similar in Size to Nanoplastics in Plastic-Bottle Injections on Human Umbilical Vein Endothelial Cells — Microplastic and nanoplastic (MNP) particles have been observed in various human organs.
- LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer — LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware…
- [SMB] Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell — Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model (LLM) capabi…
- ShadowLeak Zero-Click Flaw Leaks Gmail Data via OpenAI ChatGPT Deep Research Agent — Cybersecurity researchers have disclosed a zero-click flaw in OpenAI ChatGPT's Deep Research agent that could allow an attacker to leak sensitive Gmail inbox d…
- UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware — An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infilt…
- SystemBC Powers REM Proxy With 1,500 Daily VPS Victims Across 80 C2 Servers — A proxy network known as REM Proxy is powered by malware known as SystemBC, offering about 80% of the botnet to its users, according to new findings from the B…
- [SMB] Patch Now: Max-Severity Fortra GoAnywhere Bug Allows Command Injection — Exploitation of the flaw, tracked as CVE-2025-10035, is highly dependent on whether systems are exposed to the Internet, according to Fortra.
- 'ShadowLeak' ChatGPT Attack Allows Hackers to Invisibly Steal Emails — The loophole allows cyberattackers to exfiltrate company data via OpenAI's infrastructure, leaving no trace at all on enterprise systems.
- FBI warns of cybercriminals using fake FBI crime reporting portals — The FBI warned today that cybercriminals are impersonating its Internet Crime Complaint Center (IC3) website in what the law enforcement agency described as "p…
- [SMB] CISA exposes malware kits deployed in Ivanti EPMM attacks — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affect…
- [SMB] Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet — Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT's License Servlet that can be exploited in command injection a…
- [SMB] Known. Emerging. Unstoppable? Ransomware Attacks Still Evade Defenses — Ransomware remains one of the most destructive threats—because defenses keep failing.
- [SMB] Gamaredon X Turla collab — Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine
Policy
- Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation — Big companies are getting smaller, and their CEOs want everyone to know it.
- Slow Wi-Fi? Add houseplants to the list of suspects — <h4>Not as bad as other interference, but maybe it's time for a wired connection</h4> <p>Houseplants could be slowing down your Wi-Fi, according to Broadband G…
- Data, Vol. 10, Pages 151: Validation of Anthropogenic Emission Inventories in Japan: A WRF-Chem Comparison of PM2.5, SO2, NOx and CO Against Observations — Reliable, high-resolution emission inventories are essential for accurately simulating air quality and for designing evidence-based mitigation policies.
- Canada dismantles TradeOgre exchange, seizes $40 million in crypto — The Royal Canadian Mounted Police has shut down the TradeOgre cryptocurrency exchange and seized more than $40 million believed to originate from criminal acti…
- IJMS, Vol. 26, Pages 9233: Advances in Psoriasis Research: Decoding Immune Circuits and Developing Novel Therapies — Psoriasis is a chronic inflammatory autoimmune skin disease characterized by erythematous plaques covered with silvery-white scales, often accompanied by syste…
- Polymers, Vol. 17, Pages 2553: Recent Advances in Marine-Derived Polysaccharide Hydrogels: Innovative Applications and Challenges in Emerging Food Fields — Marine-derived polysaccharides (MPs) are a class of polysaccharides isolated and purified from marine organisms, which engage in various biological activities …
- [SMB] Friday Squid Blogging: Giant Squid vs. Blue Whale — <p>A <a href="https://a-z-animals.com/animals/comparison/giant-squid-vs-blue-whale-compared/">comparison</a> aimed at kids.</p>
- Agriculture, Vol. 15, Pages 1984: Harvest Date Monitoring in Cereal Fields at Large Scale Using Dense Stacks of Sentinel-2 Imagery Validated by Real Time Kinematic Positioning Data — This study presents an operational and robust method for detecting and dating cereal harvest events using temporal stacks of Copernicus Sentinel-2 imagery and …
- Applied Sciences, Vol. 15, Pages 10261: Development of a Virtual Robotic System for Learning Spatial Vector Concepts in Junior High Schools — This study aims to address the challenges junior high school students often encounter when learning abstract spatial vector concepts.
Awareness
- Zuck has the power! Meta applies to sell excess electricity — <h4>With new electricity sources for AI datacenters, the company will have some juice left over</h4> <p>AI model training and serving require vast quantities o…
Emerging
- Workers fear for their jobs as JLR's latest shutdown extended — <h4>With no idea when engines restart, families gear down on spending ahead of Christmas</h4> <p>Jaguar Land Rover is extending the shutdown of its production …
- ISC Stormcast For Tuesday, September 23rd, 2025 https://isc.sans.edu/podcastdetail/9624, (Tue, Sep 23rd) — ISC Stormcast For Tuesday, September 23rd, 2025 https://isc.sans.edu/podcastdetail/9624, (Tue, Sep 23rd)
- Open Infrastructure is Not Free: A Joint Statement on Sustainable Stewardship — An Open Letter from the Stewards of Public Open Source Infrastructure Over the past two decades, open source has revolutionized the way software is developed.
- Pharmaceuticals, Vol. 18, Pages 1426: Src and Abl as Therapeutic Targets in Lung Cancer: Opportunities for Drug Repurposing — Personalized medicine has gained an important relevance over the years with the development of targeted therapies, especially in cancer, adapted to the individ…
- How to Gain Control of AI Agents and Non-Human Identities — We hear this a lot: “We’ve got hundreds of service accounts and AI agents running in the background.
- Don't despair. iFixit says you can still repair that iPhone Air — <h4>Thinnest yet still fixable, though not without effort</h4> <p>iFixit has given Apple's slimline new smartphone, the iPhone Air, a thumbs-up for repairabili…
- Brit scientists over the Moon after growing tea in lunar soil — <h4>It's one small sip for man...</h4> <p>British boffins say they've discovered a way of taking one of the country's favorite pastimes – having a nice cup of …
- ISC Stormcast For Monday, September 22nd, 2025 https://isc.sans.edu/podcastdetail/9622, (Mon, Sep 22nd) — ISC Stormcast For Monday, September 22nd, 2025 https://isc.sans.edu/podcastdetail/9622, (Mon, Sep 22nd)
- Help Wanted: What are these odd reuqests about?, (Sun, Sep 21st) — Looking at our web honeypot data, I came across an odd new request header I hadn&#;x26;#;39;t seen before: "X-Forwarded-App".
- Microsoft says recent updates cause DRM video playback issues — Microsoft has confirmed a known issue that prevents some apps from playing Digital Rights Management (DRM) protected video content or displaying and recording …
- Verified Steam game steals streamer's cancer treatment donations — A gamer seeking financial support for cancer treatment lost $32,000 after downloading from Steam a verified game named BlockBlasters that drained his cryptocur…
- [SMB] Details About Chinese Surveillance and Propaganda Companies — <p>Details from <a href="https://www.wired.com/story/made-in-china-how-chinas-surveillance-industry-actually-works/">leaked documents</a>:</p> <blockquote><p>W…
- Upgrade your travel kit with a tiny, Tailscale-friendly router — I’ll be on vacation when this post is published. It’s not a tropical, cultural, or adventure vacation, but a kind of remote staycation, in a big rented house, …
- Entropy, Vol. 27, Pages 991: Category Name Expansion and an Enhanced Multimodal Fusion Framework for Few-Shot Learning — With the advancement of image processing techniques, few-shot learning (FSL) has gradually become a key approach to addressing the problem of data scarcity.
- Sustainability, Vol. 17, Pages 8506: Analysis of the Summer Sea Breeze Cooling Capacity on Coastal Cities Based on Computer Fluid Dynamics — Summer sea breezes provide cooling in coastal cities; however, their temporal cooling distribution and inland penetration distance remain inadequately studied.
- BDCC, Vol. 9, Pages 242: A Critical Analysis of Government Communication via X (Twitter) — Social media has dramatically impacted all sectors of society, including public communication and governmental relations.
- Make Windows 11 more useful and less annoying with these 11 Registry hacks — <h4>From pain-free shutdowns to crap-free search, these tweaks will improve your experience</h4> <p><strong>hands on</strong> Windows 11 has a number of puzzli…
- Technologies, Vol. 13, Pages 424: Evaluation of a Cyber-Physical System with Fuzzy Control for Efficiency Optimization in Rotary Dryers: Real-Time Multivariate Monitoring of Humidity, Temperature, Air Velocity and Mass Loss — Precise control and monitoring systems are essential for efficient energy consumption in food dehydration.
- Plastic People, Plastic Cards: Synthetic Identities Plague Finance & Lending Sector — Following a pandemic-era respite, financial fraud linked to synthetic identities is rising again, with firms potentially facing $3.3 billion in damages from ne…
- SaaS vendors are hiking costs faster than inflation, but squeaky wheels can still get deals — <h4>And also force them to improve resilience</h4> <p>SaaS vendors are increasing prices faster than both inflation and the typical growth rate of corporate IT…
- Britain jumps into bed with Palantir in £1.5B defense pact — <h4>Arrangement follows big tech tie-ins claiming to offer £31B investment</h4> <p>The UK has struck a defense deal with US spy-tech biz Palantir, which the go…
- Trump admin says tech companies are abusing H-1B visas, slaps $100k a year to allow entry — <h4>It will hit outsourcing companies hardest</h4> <p>On Friday, President Trump signed a presidential proclamation to sharply raise the cost of employing H-1B…
- ChatGPT joins human league, now solves CAPTCHAs for the right prompt — <h4>Could this bot-prevention technique now be obsolete?</h4> <p>ChatGPT can be tricked via cleverly worded prompts to violate its own policies and solve CAPTC…
- Microsoft starts rolling out Gaming Copilot on Windows 11 PCs — Microsoft has begun rolling out the beta version of its AI-powered Gaming Copilot to Windows 11 systems for users aged 18 or older, excluding those in mainland…
- You don’t need quantum hardware for post-quantum security — Post-quantum cryptography protects against quantum threats using today’s hardware.
- [SMB] IJERPH, Vol. 22, Pages 1460: Designing, Developing, and Evaluating a Stakeholder-Informed Mobile App to Promote Physical Activity in Children — Background: Prolonged sedentary behavior and associated obesity are recognized risk factors for poor health across the lifespan.
- Systems, Vol. 13, Pages 826: The Missing Pieces in the Entrepreneurial Ecosystem Puzzle: A Complex Perspective on Economic Growth — The entrepreneurial ecosystem (EE) concept is widely popular, but it has recently attracted criticism.
Other
- [Guest Diary] Distracting the Analyst for Fun and Profit, (Tue, Sep 23rd) — &#;x26;#;x5b;This is a Guest Diary by Taylor House, an ISC intern as part of the SANS.edu Bachelor&#;x26;#;3…
- [SMB] Apple’s New Memory Integrity Enforcement — <p>Apple has introduced a new hardware/software security feature in the iPhone 17: “<a href="https://security.apple.com/blog/memory-integrity-enforcement…
- Windows 11 update leaves Blu-ray and TV apps stuttering — <h4>Protected content in some Blu-ray and DVD applications broken</h4> <p>Microsoft has added another entry to its growing list of problematic updates in the W…
- Capture the Flag Competition Leads to Cybersecurity Career — As Splunk celebrates the 10th anniversary of Boss of the SOC competition, it continues to be a valuable platform for security professionals to test their skill…
- [SMB] Transforming Cyber Frameworks to Take Control of Cyber-Risk — Frameworks may seem daunting to implement — especially for government IT teams that may not have an abundance of resources and expertise.
- From Ghent to Brussels: OpenSSF’s Week of Policy and Security in Europe — At the end of October, the Linux Foundation, the Linux Foundation Europe and OpenSSF will gather leaders across industry, government, and open source communiti…
No spam. Unsubscribe anytime.
Sign up for From the CISO's desk
CyberSecurity information tailored for Small-Medium Sized businesses to navigate in the current Cyber-Landscape