Security updates

September 2025 security update: Data breaches spread while AI battles AI


Today’s threat landscape 

AI’s double edge and new attack vectors  

August underscored a pivotal truth: artificial intelligence is no longer just shaping the future of cybersecurity - it is defining its present.  

AI: Both target and weapon 

We know that generative AI has become a primary tool for attackers, but security firms are now reporting a sharp rise in phishing campaigns designed to evade AI-based filters. These “dual-target” phishing lures mimic corporate tone and context so well that both employees and defensive algorithms struggle to spot them. CrowdStrike’s 2025 Threat Hunting Report also highlighted a surge in attacks against AI infrastructure itself. This model poisoning, data extraction, and prompt injection are aimed at stealing training datasets or manipulating AI outputs. On the defense side, Microsoft’s Project Ire - an agent capable of reverse-engineering malware - was a standout innovation. 

Revived attack vectors 

Clickjacking is back in the spotlight. Researchers revealed that DOM-based extension clickjacking can even compromise major password managers, tricking users into exposing login credentials. At the same time, info-stealer malware surged by a staggering 800% compared to last year, driven by underground markets selling ready-to-deploy kits. These lightweight tools silently siphon browser-stored passwords, cookies, and session tokens - fueling secondary breaches and account takeovers. 

Social engineering: Still the weakest link 

Despite technical advances, social engineering remains the top attack vector. A Palo Alto Unit 42 analysis showed attackers can hijack accounts in under five minutes using well-crafted pretexts. Case studies from August demonstrated attackers bypassing multifactor authentication by tricking employees into approving login requests - proof that human judgment remains the biggest vulnerability. 

Business leaders must act 

For executives, the lesson is clear: AI-powered defenses are essential, but not sufficient. Strategy must blend cutting-edge detection with strong governance, continuous staff training, and compliance readiness. Threats are now faster, more adaptive, and more human-like than ever, making proactive investment in cyber resilience a board-level priority. 

Top 3 vulnerabilities 

Cisco patches critical RADIUS flaw in Secure Firewall  

Cisco has disclosed a critical vulnerability, CVE-2025-20265, in its Secure Firewall Management Center (FMC), earning the maximum severity rating of CVSS 10.0. The flaw stems from improper validation of RADIUS authentication responses, which could allow a remote, unauthenticated attacker to bypass authentication and gain full administrative access to affected systems. Successful exploitation would give attackers control over firewall policies and potentially the entire network environment managed by the FMC. 

Cisco confirmed that the vulnerability affects FMC releases 7.0.7 and 7.7.0 and has issued versions 7.0.8 and 7.7.10 to address the issue. No workarounds are available, making timely patching the only effective solution

Critical flaws found in WinRAR and 7-Zip  

Two of the most widely used archive utilities, WinRAR and 7-Zip, are vulnerable to high-severity flaws actively exploited in the wild. The WinRAR zero-day, CVE-2025-8088, carries a CVSS score of 9.8 and stems from improper handling of specially crafted archives. Cybercriminals can exploit it by tricking users into opening malicious files, leading to remote code execution and full system compromise. 

Similarly, 7-Zip is impacted by CVE-2025-55188, rated CVSS 8.6, which allows attackers to achieve arbitrary code execution under certain conditions when parsing archives. 

Both flaws have already been weaponized in targeted attacks. Vendors have released security updates addressing these vulnerabilities, specifically WinRAR 7.13 and 7-Zip 25.01 on Windows and Linux. 

“HTTP/2 MadeYouRESET” flaw impacts major platforms 

After Rapid Reset (CVE-2023-44487) and HTTP/2 CONTINUATION Flood, a new protocol-level flaw, dubbed “HTTP/2 MadeYouRESET,” has been disclosed under the generic identifier CVE-2025-8671 (CVSS 7.5). The MadeYouReset vulnerability lets attackers bypass the HTTP/2 limit of 100 concurrent requests per connection, allowing thousands of requests that can cause denial-of-service and, in some cases, out-of-memory crashes, which attackers can exploit to trigger denial-of-service (DoS) conditions against servers.  

Several widely used products have been confirmed vulnerable, each assigned specific CVEs: 

  • Apache Tomcat (CVE-2025-48989) 
  • F5 BIG-IP (CVE-2025-54500) 
  • IBM (CVE-2025-36047) 
  • Netty (CVE-2025-55163) 

Vendors have released, or are rolling out, patches and updates to mitigate the issue. 

Industry news 

Attacks surge across sectors 

Last month underscored both the scale of cyberattacks on critical industries and the growing focus on strengthening defenses. 

According to ENISA’s Telecom Security Incidents 2024 report, telecoms remain a prime target, with outages and data breaches causing cascading effects across connected sectors. The warning proved timely: Orange Belgium disclosed a breach impacting 850,000 customers, Luxembourg’s main telecom operator suffered a suspected state-linked attack, and Dutch organizations were compromised via the exploited Citrix NetScaler flaw (CVE-2025-6543). 

Financial services, too, remained in the spotlight. Allianz Life revealed a breach affecting most of its 1.4 million U.S. customers, while MOVEit’s parent company settled a class-action lawsuit for $8.5 million following its widely exploited supply-chain hack. Meanwhile, Swedish authorities reported a sophisticated Russian cyber-espionage campaign targeting foreign embassies. 

On the defense side, Microsoft detailed progress in quantum-safe cryptography, a shift designed to protect sensitive data against future decryption by quantum computers. 

The digital battlefield is intensifying, but so too are efforts to harden infrastructure to safeguard against the next generation of threats.