CyberPulse

17/12/2025

🔐 Threat Pulse | Daily Cyber Threat Brief

Several actively exploited vulnerabilities require immediate attention. Priority items below, with direct remediation guidance.

1️⃣ React Server Components – React2Shell (CVE-2025-55182)
Actively exploited unauthenticated RCE affecting React Server Components and frameworks such as Next.js.
Impact includes full server compromise and malware deployment.
🔧 Patch immediately:
https://eu1.hubs.ly/H0qv39F0

2️⃣ Apple WebKit Zero-Days (CVE-2025-43529, CVE-2025-14174)
Confirmed exploitation in targeted attacks via malicious web content.
Affects iOS, iPadOS, macOS, Safari and related platforms. Listed on CISA KEV.
🔧 Update all Apple devices:
https://eu1.hubs.ly/H0qv3j20

3️⃣ Microsoft Windows Privilege Escalation (CVE-2025-62221)
Exploited in the wild. Allows local attackers to elevate to SYSTEM privileges.
Listed on CISA KEV.
🔧 Apply December security updates:
https://eu1.hubs.ly/H0qv3t90

4️⃣ Microsoft PowerShell & Copilot Flaws (CVE-2025-54100, CVE-2025-64671)
PowerShell RCE and Copilot cross-prompt injection risks.
No confirmed exploitation yet, but high impact in enterprise environments.
🔧 Patch and review ex*****on policies:
https://eu1.hubs.ly/H0qv2Vg0

5️⃣ Ongoing State-Based Activity Trend
Threat actors are increasingly exploiting known vulnerabilities and misconfigurations in internet-facing infrastructure rather than zero-days.
Basic hygiene remains critical.
🔧 Hardening guidance:
https://eu1.hubs.ly/H0qv2ZL0

If you have not patched React, Apple WebKit or Windows endpoints this week, you are already behind active threat activity.

The library for web and native user interfaces

25/11/2025

📢 CyberPulse Named to the Tech Partner News Fast 50

We’re proud to be recognised as one of Australia’s fastest-growing and top-performing ICT providers. Our growth is powered by the trust our clients place in us.

Thank you to the organisations that rely on CyberPulse to deliver across cyber advisory, managed compliance, advanced pe*******on testing and 24x7 Managed Detection and Response.

To our team and partners, your focus and commitment drive everything we do. This is just the beginning.

19/11/2025

📢 – 19 Nov 2025
A focused update on pivotal developments shaping the cyber-threat landscape.

🛡️ Microsoft Corporation Patch Round – November 2025
This month’s rollout addresses 63 vulnerabilities, including one zero-day actively exploited in the wild (CVE-2025-62215) and five rated “Critical”.
• The zero-day resides in the Windows Kernel and enables privilege escalation from local authenticated access.
• Other significant issues span RCE in GDI+, RCE in Office (e.g., CVE-2025-62199) and elevated privilege in system components.

This emphasises sustained pressure on both enterprise endpoints and legacy platforms (e.g., Windows 10 ESU environments).

☁️ Cloudflare, Inc. Global Outage – 18 Nov 2025
A major disruption impacted multiple high-profile platforms early morning UTC, when Cloudflare’s traffic-management layer suffered from a “spike in unusual traffic” and internal degradation.
Affected services included platforms such as ChatGPT, X (formerly Twitter), and numerous other applications reliant on Cloudflare’s edge infrastructure.

The incident highlights that infrastructure-service dependency is a core risk even absent direct vulnerability exploitation.

📌 Key Takeaways for Executives & Technical Teams
• The simultaneous presence of an actively exploited zero-day and a high-volume patch release underscores the urgency of streamlined patch-management and prioritised asset inventories.
• Infrastructure supply-chain and provider-dependency risks are front-of-mind: the Cloudflare outage demonstrates that resilience demands more than software patching.
• Legacy systems and service exposures (e.g., unsupported OS, internet-facing servers) remain leveraged angles for threat actors; alignment with resilience and continuity frameworks is essential.

Fortinet FortiWeb Zero-day Vulnerability Exploited in the Wild (CVE-2025-64446) Posted by Author Diksha Ojha on Posted on November 14, 2025November 14, 2025 Threat actors are exploiting a zero-day vulnerability, CVE-2025-64446, that has been discovered in Fortinet’s FortiWeb web application firewa...

06/11/2025

🚨 Threat Pulse – 6 November 2025

🔹 Haileybury College confirms cyber breach
Hackers gained limited access to the Melbourne school’s network. The school initiated its incident-response plan and isolated affected systems.
Herald Sun: https://eu1.hubs.ly/H0ppqCN0

🔹 Microsoft reports increased AI use in cyber campaigns
Microsoft states that Russia, China, Iran and North Korea are using AI-generated content to improve phishing, influence operations and intrusion campaigns.
AP News: https://eu1.hubs.ly/H0pppCh0

🔹 Retail sector heavily affected by ransomware
Nearly half of ransomware incidents in retail originate from unknown security gaps, showing that visibility and asset management remain weak points.
Economic Times: https://eu1.hubs.ly/H0pprds0

🔹 Armis prepares for IPO with focus on device security
Armis raised US$435 million ahead of its IPO. The company’s growth highlights continued investment in IoT and operational technology visibility.
Wall Street Journal: https://eu1.hubs.ly/H0ppqK-0

🔹 APAC breach activity remains high
Regional reports show that up to 97% of APAC data breaches involve system intrusion, web application attacks or social engineering. Ransomware accounts for more than half of malware-related breaches.
CISO ET: https://eu1.hubs.ly/H0ppqK80

Communications Today: https://eu1.hubs.ly/H0ppq0r0

🧩 Key insights:
• Threat activity remains high across education, retail and regional sectors.
• State actors are scaling operations with AI-assisted tools.
• Visibility and device management continue to be the most significant control gaps.

03/11/2025

🔐 Today’s Cyber Security Update

📰 News Highlights
• Proton AG has launched its “Data Breach Observatory”, a dark-web monitoring platform that’s already identified more than 790 breach incidents exposing over 300 million records.
• Broadcom Inc. (via its VMware, Inc. business) has patched a zero-day vulnerability CVE-2025-41244 in VMware Aria Operations/VMware Tools, which was actively exploited in the wild by the China-linked threat actor UNC5174.

🚨 Critical Vulnerabilities & Actions
• Vendor: Microsoft — CVE 2025-59287: A remote code-ex*****on vulnerability in WSUS allows malicious crafted packages to execute arbitrary code.
Action: Apply Microsoft’s out-of-band security update immediately.
Direct link: https://eu1.hubs.ly/H0phnSS0

• Vendor: Cisco Systems, Inc. — CVE 2025-20363: Remote code-ex*****on in ASA/FTD/IOS/IOS XE/IOS XR web services; unauthenticated and low-privilege exploitation.
Action: Follow Cisco’s advisory and install fixed firmware versions.
Direct link: https://eu1.hubs.ly/H0phnVR0

• Vendor: Juniper Networks, Inc. — CVE 2025-60010: Authentication bypass in Junos OS / Junos OS Evolved allowing login despite expired credentials.
Action: Apply the security bulletin, upgrade to the fixed versions, and enforce strengthened access controls.
Direct link: https://eu1.hubs.ly/H0phr0W0

📌 Key Takeaway:
If you’re managing patch cycles for WSUS, firewalls/edge devices or network operating systems, these vulnerabilities demand immediate attention. Prioritise remediation, verify deployment in your environment, and ensure layered controls are in place.

01/11/2025

🚨 CyberPulse Threat Pulse – 1 November 2025 🚨

Your daily snapshot of the most important cyber threats and security news for Australia and the world:

🌏 Global Highlights:

A United Nations cybercrime treaty was signed in Hanoi by 60 countries. The treaty aims to improve international cooperation on issues such as phishing, ransomware, and online trafficking. Technology industry leaders warn that vague language could threaten human rights. More details: https://eu1.hubs.ly/H0pgLYM0
Operation ForumTroll exploited a Google Chrome zero-day vulnerability which allowed attackers to steal sensitive files from Russian media, government bodies, and financial institutions. See details: https://eu1.hubs.ly/H0pgMv_0

🇦🇺 Australian News:

Qantas’s Chief Customer and Digital Officer will step down after a major breach that affected over a million customers. The airline is overhauling its cybersecurity leadership to address ongoing risks. Read more: https://eu1.hubs.ly/H0pgLRn0
The Australian Cyber Security Centre reports cyber incidents have increased by 11% in the past year, with state-sponsored actors still targeting Australian government and critical infrastructure. Incident report summary: https://eu1.hubs.ly/H0pgMwT0
New legislation will soon require Australian businesses to report ransomware incidents and share attack data. The goal is to strengthen Australia’s national cybersecurity defences. See the news: https://eu1.hubs.ly/H0pgMYV0

Stay proactive. Review your threat models and incident response plans, and ensure your controls are current. For tailored briefings or support, reach out to CyberPulse.

05/07/2024

The Six Major Challenges in Cybersecurity
This LinkedIn article delves into the six primary challenges facing organisations in the realm of cybersecurity today. From the rising costs associated with implementing advanced security measures to the increasing sophistication of cyberattacks, insider threats, supply chain vulnerabilities, compliance with regulatory requirements, and the shortage of skilled cybersecurity professionals, the article provides insights and solutions to help businesses navigate these issues effectively.



https://zurl.co/zz6b

05/07/2024

Check our our our article about the six primary challenges facing organisations in the realm of cybersecurity today.



https://zurl.co/cOSv

22/06/2024

Welcome to the CyberPulse Cyber Roundup. Follow us for the latest updates and insights from the world of cybersecurity:

1. CISA Hack Exposes Sensitive Information

The Cybersecurity and Infrastructure Security Agency (CISA) reported a significant breach in their Chemical Facility Anti-Terrorism Standards (CFATS) program. Hackers accessed personal and facility information through an Ivanti Connect Secure appliance hack, raising concerns about the security of critical infrastructure data.

2. Santander US Employee Data Breach

Santander US is notifying over 12,000 employees that their personal information was compromised due to a data breach linked to a Snowflake attack. This incident highlights the ongoing vulnerabilities in financial institutions and the importance of robust data protection measures.

3. VARTA Cyberattack Halts Production

German battery manufacturer VARTA experienced a cyberattack on February 12th, leading to the temporary closure of five production plants. The attack, attributed to an organized group of hackers, disrupted IT systems and production equipment, although the full extent of the damage is still under investigation.

4. LockBit Ransomware Surge

The LockBit ransomware group has been identified as the most active ransomware gang recently. However, experts suggest that the group may be inflating their activity numbers to create a perception of dominance. This emphasizes the need for continuous vigilance and updated security measures against ransomware threats.

5. Microsoft Email Spoofing Vulnerability

A significant email spoofing vulnerability in Microsoft services has been actively exploited. This flaw allows attackers to send emails that appear to come from legitimate sources, posing a substantial risk of phishing and other email-based attacks. Microsoft has released patches, and users are urged to update their systems immediately.

6. Trello Data Leak

Online collaboration tool Trello experienced a data leak in January 2024, affecting 15 million accounts. The leak was due to poor security practices involving a public API that exposed user information, including emails and usernames. Trello has since tightened its API security to prevent such incidents in the future.

7. CDK Global Hack

Car dealership software provider CDK Global is dealing with a severe cyberattack that disrupted services for numerous car dealerships. The company is working on restoring affected services while investigating an additional hack discovered during the recovery process.

8. AI Risk Summit Announcement

SecurityWeek announced the upcoming AI Risk Summit on June 25-26, 2024, at the Ritz-Carlton, Half Moon Bay. The summit will focus on the intersection of AI and cybersecurity, bringing together industry leaders to discuss risk management and AI-driven security strategies.

Stay tuned for more updates and ensure your cybersecurity measures are up to date to protect against these evolving threats.

Feel free to reach out to our team for more insights or assistance with your cybersecurity needs.

Stay secure, The CyberPulse Team - https://zurl.co/Gooq

We are leaders in the space of Governance, Risk and Compliance (GRC), security advisory, consulting and pe*******on testing.

09/07/2020

We are leaders in the space of Governance, Risk and Compliance (GRC), security advisory, consulting and pe*******on testing.

We are leaders in the space of Governance, Risk and Compliance (GRC), security advisory, consulting and pe*******on testing.