Top 5 Cybersecurity News Stories October 17, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

CISA has issued an alert warning organizations of a critical vulnerability in Adobe Experience Manager (AEM) that allows unauthenticated remote code execution. The flaw, which affects the AEM Forms module, has been described as “perfectly exploitable” and can be leveraged without prior access.

Adobe has released security updates to address multiple vulnerabilities in AEM, urging administrators to apply patches immediately. CISA emphasized that exploitation could result in full system compromise if left unmitigated. Organizations are advised to isolate public-facing instances, restrict access, and monitor for indicators of compromise.
Read more on The Hacker News

2. Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped

Microsoft has released its October 2025 Patch Tuesday updates, addressing 183 vulnerabilities, including two zero-day flaws actively exploited by attackers. The vulnerabilities, found in the Agere modem driver and Remote Access Connection Manager (RasMan), enable local privilege escalation and affect all supported Windows versions.

Both issues carry high severity ratings and have been observed in targeted attacks. Microsoft urged organizations to deploy patches immediately, given the active exploitation and potential for broad impact. Security analysts recommend close monitoring for signs of post-exploitation activity across enterprise environments.
Read more on The Hacker News

3. Auction giant Sotheby’s says data breach exposed financial information

Sotheby’s has confirmed a cybersecurity breach that exposed sensitive customer data, including financial and banking information. The attack, discovered in July 2025, prompted an internal investigation and the engagement of third-party experts. Affected individuals are being notified, and the company stated that no evidence suggests auction operations were impacted.

Sotheby’s emphasized its commitment to protecting client confidentiality and has strengthened encryption, access controls, and vendor oversight in response. The incident highlights ongoing risks to luxury service providers handling high-value personal and financial data.
Read more on BleepingComputer

4. Have I Been Pwned: Prosper data breach impacts 17.6 million accounts

The data breach notification service Have I Been Pwned has added records from a massive breach at peer-to-peer lending platform Prosper. The incident affected approximately 176 million user accounts, exposing names, emails, phone numbers, and other personal identifiers. Prosper confirmed the breach following unauthorized access to its systems.

Security experts urge users to reset passwords, enable multi-factor authentication, and remain vigilant for identity theft attempts. The scale of the exposure underscores the significant data protection challenges facing financial technology platforms worldwide.
Read more on BleepingComputer

5. F5 discloses major security breach linked to nation-state hackers

F5 has disclosed a significant security incident linked to a nation-state threat actor that gained unauthorized access to internal systems. The attackers reportedly accessed parts of F5’s software development and testing environments, including elements related to its BIG-IP product line.

The company stated that there is no evidence of malicious code insertion or compromise of customer networks, but investigations are ongoing. F5 is working with federal authorities and cybersecurity experts to contain the breach and enhance security controls. The incident raises concerns over potential supply chain exposure.
Read more on GeekWire

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!