Daily Security Digest – 2025-10-01
🛡️ Security Feed Digest – 2025-10-01
Total Articles: 5 SMB Tagged: 5
📝 Quick Notes
Over the last month, there have been a spike in phishing exploits. In the news, we continue to read stories of companies who are devastated by a single password. Continue your efforts to talk to employees about learning about using MFA at home and at work.
High-Risk
- [SMB] Microsoft Patch Tuesday, September 2025 Edition
https://krebsonsecurity.com/2025/09/microsoft-patch-tuesday-september-2025-edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws ... - [SMB] Storm-0501’s evolving techniques lead to cloud-based ransomware
https://microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware
2025-08-27T09:00:00-07:00
Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs).
Policy
- [SMB] Improving Risk Management Decisions with SBOM Data: A New Whitepaper from the OpenSSF SBOM Everywhere SIG
https://openssf.org/blog/2025/09/18/improving-risk-management-decisions-with-sbom-data-a-new-whitepaper-from-the-openssf-sbom-everywhere-sig
Thu, 18 Sep 2025 19:13:05 +0000
Why this whitepaper matters, and how to put it to work By Anita D’Amico, David A. Wheeler, Kate Stewart and Josh Bressers SBOMs are becoming part of everyday software practice, but many teams still ask the same question: how do we turn SBOM data into decisions we can trust?
Awareness
- [SMB] AI vs. AI: Detecting an AI-obfuscated phishing campaign
https://microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign
2025-09-24T05:00:00-07:00
Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses.
Emerging
- [SMB] New OpenSSF Guidance on AI Code Assistant Instructions
https://openssf.org/blog/2025/09/16/new-openssf-guidance-on-ai-code-assistant-instructions
Tue, 16 Sep 2025 19:25:51 +0000
By Avishay Balter & David A. Wheeler AI code assistants are powerful tools. They can speed up development, suggest solutions, and help explore alternatives. But they also create security risks, because the results you get depend heavily on what you ask.