📰 Cybersecurity Newsfeed

🔥 Vulnerabilities

Talos disclosed CVE‑2025‑1533 & CVE‑2025‑3464 in ASUS AsIO3.sys, enabling local SYSTEM privileges via buffer overflow and auth bypass. No patch yet. Read more

Hundreds of Model Context Protocol (MCP) servers are exposed to RCE and data leakage due to misconfigurations dubbed “NeighborJack.” Read more

Cisco fixed CVE‑2025‑20281/20282 (CVSS 10) in ISE/ISE‑PIC allowing unauthenticated root‑level RCE via API and file‑upload flaws. Read more

CISA confirmed active exploitation of CVE‑2024‑54085 in AMI MegaRAC BMC, enabling remote hijack or bricking of servers. Read more

🕵️ Adversaries & Attacks

IRGC‑linked *Educated Manticore* (APT35/42) used AI‑generated spear‑phishing to steal Gmail credentials from Israeli journalists and researchers. Read more

A Kansas City hacker pled guilty to breaching three organizations to market his own security services and avoid gym fees. Read more

📈 Trends

ESET reports ClickFix attacks jumped 500% in 2025, becoming the No. 2 vector after phishing and linked to infostealers and ransomware. Read more

📚 Others

Commentary warns that rising geopolitical tension is reshaping cyber warfare, demanding adversary‑informed defenses and AI‑aware resilience strategies. Read more

Rapid SaaS adoption without mature resilience plans leaves data at risk; firms must address the shared‑responsibility gap. Read more