31 Oct 2025
Week in review
Greetings,
A new episode of the Share Today, Save Tomorrow podcast is out now! Episode 48: Cyber Resilience and AI Risk: Insurance, Regulation & Boardroom Strategy.
Our host, Bek Cheb, is joined by two of WTW’s Cyber and Technology Risk team, Ben Di Marco & Leah Mooney, to expertly unpack the evolving landscape of AI governance, cyber risk, and insurance. They explore how voluntary guardrails are shaping future regulation, why cyber insurance is now essential (not optional), and the practical steps SMEs and large enterprises can take to boost resilience.
This episode is available now on Spotify, Apple Podcasts, and YouTube!
This week, it was reported that several Tasmanian government agencies have been affected by a cyber attack on a third-party system used to manage student data. The breach stems from VETtrak, a student management software platform developed by ReadyTech, which provides services to the Department for Education, Children and Young People, the state’s fire and emergency services, and the health department. ReadyTech first disclosed the incident to the ASX on October 17, confirming that the affected platform had been isolated while an investigation was underway.
Although the Tasmanian government has stated there is currently no evidence that sensitive student information was accessed, ReadyTech later confirmed that cybercriminals had posted a small number of documents containing personal data online. The company has reported the breach to the Australian Federal Police and advised the public not to attempt to view or download the stolen material.
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Date: 2025-10-24
Author: The Hacker News
[AUSCERT has published security bulletins for these Microsoft updates]
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week.
QNAP warns of critical ASP.NET flaw in its Windows backup software
Date: 2025-10-27
Author: Bleeping Computer
[See AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ASB-2025.0173/]
QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing up data to a QNAP network-attached storage (NAS) device.
Tracked as CVE-2025-55315, this security bypass flaw was found in the Kestrel ASP.NET Core web server and enables attackers with low privileges to hijack other users' credentials or bypass front-end security controls via HTTP request smuggling.
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux
Date: 2025-10-29
Author: The Hacker News
Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems.
"The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that harvests credentials from system keyrings, browsers, and authentication services across Windows, Linux, and macOS," Socket security researcher Kush Pandya said.
Chrome Zero-Day Exploitation Linked to Hacking Team Spyware
Date: 2025-10-27
Author: Security Week
The exploited Chrome vulnerability, tracked as CVE-2025-2783 and described as a sandbox escape issue, was caught in the wild in a sophisticated cyberespionage campaign attributed to a state-sponsored APT. Firefox was affected by a similar flaw, tracked as CVE-2025-2857.
Dubbed Operation ForumTroll, the campaign targeted education, finance, government, media, research, and other organizations in Russia and used phishing emails masquerading as forum invitations to deliver personalized, short-lived links taking victims to websites containing the exploit for CVE-2025-2783.
WordPress security plugin exposes private data to site subscribers
Date: 2025-10-29
Author: Bleeping Computer
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.
The plugin provides malware scanning and protection against brute-force attacks, exploitation of known plugin flaws, and against database injection attempts.
Identified as CVE-2025-11705, the vulnerability was reported to Wordfence by researcher Dmitrii Ignatyev and affects versions of the plugin 4.23.81 and earlier.
ESB-2025.7820 – Splunk: Splunk AppDynamics Private Synthetic Agent: CVSS (Max): 9.8
Splunk remedied common vulnerabilities and exposures (CVE-2022-48622, CVE-2024-45159) in Third Party
Packages in Splunk AppDynamics Private Synthetic Agent version 25.7.0 and higher.
ESB-2025.7801 – Ubuntu: Squid: CVSS (Max): 10.0
Leonardo Giovannini discovered that Squid failed to redact HTTP Authentication credentials in a default configuration. An attacker could possibly use this issue to obtain sensitive information.
ESB-2025.7733 – SUSE: MozillaFirefox: CVSS (Max): 9.8
The Firefox Extended Support Release 140.4.0 ESR update addresses multiple security vulnerabilities, including use-after-free, out-of-bounds access, information leaks, and potential code execution issues. It also includes fixes for several memory safety bugs in Firefox and Thunderbird.
ESB-2025.7722 – SUSE: govulncheck-vulndb: CVSS (Max): 9.9
This update adds or updates a large set of new Go CVE Numbering Authority (CNA) identifiers each mapped to corresponding CVE and/or GHSA aliases, expanding the vulnerability database index for Go modules.
ESB-2025.7712 – Debian: thunderbird: CVSS (Max): 9.8
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
