October 2025 security update: September’s biggest ransomware, AI, and vulnerability exploits

Today’s threat landscape 

Large-scale ransomware, SpamGPT and phishing-as-a-service are the new norm 

September confirmed that cybercriminals are innovating faster than defenses evolve, blending stealth, AI, and social engineering into highly disruptive campaigns. 

 
The ransomware attack on Collins Aerospace’s MUSE check-in system caused airport chaos across Europe, grounding flights and showing how attackers now prioritize operational disruption as much as profit. Critical service providers remain top targets, with cascading effects across supply chains and daily life. Meanwhile, MFA downgrade attacks are on the rise. Proofpoint showed that even FIDO2 authentication can be compromised when systems are forced into weaker fallback modes, undermining trust in strong authentication frameworks. 

 
The AI battle intensified last month. A Gartner survey revealed that genAI-driven attacks are rising sharply, with 70% of security leaders citing an increase in their frequency and sophistication. SpamGPT, a criminal phishing engine, was deployed in massive campaigns, generating personalized lures at scale. Researchers also warned of new coding vulnerabilities introduced by LLMs, while enterprise surveys showed that data security complexity is slowing AI adoption, as companies struggle to secure sensitive datasets. 

To make matters worse, AI is now powering phishing-as-a-service platforms: from LLM-generated lures flagged by Microsoft to new services that craft context-aware emails and voice messages designed to evade traditional filters. Security researchers note that phishing has become an AI arms race, where criminals leverage automation to mislead at scale and sidestep detection. 

Top 3 vulnerabilities 

Cisco fixes major flaws in routers and firewalls 

We recently covered the actively exploited Cisco zero-days CVE-2025-20362 and CVE-2025-20333. However, Cisco also disclosed other critical and high-severity flaws. These are: 

• CVE-2025-20352 (CVSS 9.8) in IOS XR allows remote, unauthenticated attackers to execute arbitrary code via crafted HTTP requests. 
• CVE-2025-20248 (CVSS 8.6) impacts SNMP in IOS XR, where malformed requests may cause a denial of service, disrupting network operations. 
•  CVE-2025-20340 (CVSS 7.8) allows manipulation of digital signatures in IOS XR, potentially enabling privilege escalation or unauthorized configuration changes. 
• CVE-2025-20363 (CVSS 9.0), affecting multiple Cisco firewalls, stems from improper input validation and allows remote attackers to bypass authentication and gain device control. 

Cisco has released patches for all vulnerabilities, urging administrators to update IOS XR and firewall software immediately to mitigate risks. 

Critical remote code execution flaw hits Fortra GoAnywhere MFT 

A critical flaw (CVE-2025-10035) has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) platform. Carrying the maximum CVSS score of 10.0, it affects the product’s License Servlet and is due to an unsafe deserialization process. Attackers can trick the system with a fake license, which could lead to remote command injection and total system control. 

The flaw impacts all supported GoAnywhere MFT versions. Fortra warns that the exploitation risk is higher when the Admin Console is exposed to the internet. Administrators are advised to check audit logs for anomalies and upgrade immediately to the fixed releases 7.8.4 (latest) or 7.6.3 (sustain). 

Critical SessionReaper flaw hits Adobe 

Adobe has addressed a critical vulnerability in its Commerce and Magento Open Source platforms. Tracked as CVE-2025-54236 with a CVSS score of 9.1, it has been dubbed “SessionReaper.” The issue arises from improper input validation in the Commerce REST API, allowing unauthenticated attackers to hijack customer accounts without user interaction. 

Under certain conditions, this vulnerability could lead to remote code execution. Affected versions include Adobe Commerce 2.4.9-alpha2 and earlier, Magento Open Source 2.4.9-alpha2 and earlier, and Adobe Commerce B2B 1.5.3-alpha2 and earlier. 

Adobe has released a hotfix (VULN-32437-2-4-X-patch) to mitigate the risk. Merchants are urged to apply the patch promptly to secure their systems. 

Industry news 

Pressures mount: From data leaks to global industry attacks 

Sweden is grappling with one of its most serious data breaches in years. Sensitive personal information was leaked after hackers targeted Sportadmin, a widely used digital platform for sports clubs. The Swedish government has responded with a major boost to its cyber security budget, underscoring how quickly national resilience has become a political priority. 

Globally, the scale of distributed denial of service (DDoS) attacks is setting records. FastNetMon recently detected an attack surpassing previous benchmarks, while Cloudflare blocked a staggering 115 million requests per second earlier this month. Security researchers warn that a massive botnet, now controlling an estimated 576 million devices, is driving this surge. For businesses, the message is clear: DDoS resilience is no longer optional but essential. 

Meanwhile, the automotive sector is under direct fire. Stellantis confirmed a breach affecting brands including Citroën, FIAT, and Jeep, while Jaguar Land Rover was hit by multiple cyber incidents, forcing factory shutdowns and threatening UK economic output. The convergence of large-scale data leaks, weaponized botnets, and direct strikes on global manufacturers highlights an escalating threat landscape. 

For business leaders, the stakes are no longer limited to IT downtime - cyber security is now a strategic pillar of competitiveness and continuity.