Cyber Threat Digest – 2025-10-26

🔥 Known Exploited Vulnerabilities (CISA KEV)

8 exploited vulns of note.

• CVE-2025-54236 — Adobe Commerce and Magento Improper Input Validation Vulnerability — Adobe Commerce and Magento (Added: 2025-10-24) — Details
• CVE-2025-59287 — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability — Microsoft Windows (Added: 2025-10-24) — Details
• CVE-2025-61932 — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability — Motex LANSCOPE Endpoint Manager (Added: 2025-10-22) — Details
• CVE-2022-48503 — Apple Multiple Products Unspecified Vulnerability — Apple Multiple Products (Added: 2025-10-20) — Details
• CVE-2025-2746 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details
• CVE-2025-2747 — Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability — Kentico Xperience CMS (Added: 2025-10-20) — Details
• CVE-2025-33073 — Microsoft Windows SMB Client Improper Access Control Vulnerability — Microsoft Windows (Added: 2025-10-20) — Details
• CVE-2025-61884 — Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability — Oracle E-Business Suite (Added: 2025-10-20) — Details

---

⚠️ Recent CVEs (NVD)

Latest CVEs with CVSS badges.

• CVE-2025-12216 — Malicious / Malformed App can be Installed but not Uninstalled/may lead to unavailability.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. CRITICAL 10.0 — Details
• CVE-2025-12217 — SNMP Default Community String (public).This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. MEDIUM 6.9 — Details
• CVE-2025-12218 — Weak Default Credentials.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. CRITICAL 10.0 — Details
• CVE-2025-12219 — Vulnerable Components in Azure Access OS.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. CRITICAL 10.0 — Details
• CVE-2025-12220 — Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. CRITICAL 10.0 — Details
• CVE-2025-12221 — Busybox 1.31.1 - Multiple Known Vulnerabilities.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. LOW 2.1 — Details

---

📰 Security News

Top headlines from trusted sources.

• New CoPhish attack steals OAuth tokens via Copilot Studio agents
  — Sat, 25 Oct 2025 16:16:00 GMT
• Hackers launch mass attacks exploiting outdated WordPress plugins
  — Fri, 24 Oct 2025 19:28:42 GMT
• Critical WSUS flaw in Windows Server now exploited in attacks
  — Fri, 24 Oct 2025 16:28:14 GMT
• Amazon: This week's AWS outage caused by major DNS failure
  — Fri, 24 Oct 2025 15:33:58 GMT
• Fake LastPass death claims used to breach password vaults
  — Fri, 24 Oct 2025 14:47:48 GMT
• How to reduce costs with self-service password resets
  — Fri, 24 Oct 2025 14:06:16 GMT