WSUS Flaw, Qilin Ransomware & Italian Spyware – 10/27/2025

Today’s top threat is a critical Windows Server Update Services (WSUS) vulnerability under active exploit, prompting an emergency directive from CISA for federal agencies to patch immediately. We are also tracking a detailed analysis of the sophisticated Qilin ransomware group’s attack methods and the discovery of a new Italian spyware linked to a Google Chrome zero-day. These events highlight the urgent need for robust patch management and heightened awareness of evolving espionage and extortion tactics.

Top 5 Critical Security Alerts

• CISA orders feds to patch Windows Server WSUS flaw used in attacks; CISA has added a critical WSUS vulnerability to its KEV catalog, mandating federal agencies to patch immediately due to active exploitation. Read more
• Italian spyware vendor linked to Chrome zero-day attacks — A Google Chrome zero-day vulnerability exploited earlier this year has been linked to malware from Italian spyware vendor Memento Labs, the successor to Hacking Team. Read more
• Uncovering Qilin attack methods exposed through multiple cases — Cisco Talos details the TTPs of the Qilin ransomware group, noting its focus on the manufacturing sector and use of legitimate tools for evasion and persistence. Read more
• QNAP warns of critical ASP.NET flaw in its Windows backup software — QNAP urges customers to patch a critical ASP.NET Core vulnerability impacting its NetBak PC Agent, a utility for backing up Windows data to NAS devices. Read more
• New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands — A vulnerability in OpenAI’s ChatGPT Atlas browser allows attackers to inject malicious instructions via specially crafted URLs, potentially leading to code execution. Read more

Threat Intelligence (APT, malware, ransomware)

• Mem3nt0 mori – The Hacking Team is back!: Kaspersky researchers link new ‘Dante’ spyware from Memento Labs (formerly Hacking Team) to the ForumTroll APT attacks, which exploited a Chrome zero-day. Read more
• Italian-made spyware spotted in breaches of Russian, Belarusian systems — The Dante spyware from Memento Labs was reportedly used in cyber-espionage operations targeting entities in Russia and Belarus. Read more
• Ransomware profits drop as victims stop paying hackers — Ransomware payment rates have fallen to a new low of 23%, indicating a shift in how organizations respond to extortion demands. Read more

Security Breaches & Incidents

• Sweden’s power grid operator confirms data breach claimed by ransomware gang — Sweden’s power grid operator is investigating a data breach after a ransomware group threatened to leak hundreds of gigabytes of stolen data. Read more
• Google disputes false claims of massive Gmail data breach — Google has refuted widespread reports of a massive data breach, stating that claims of 183 million exposed accounts are false. Read more

Security Tools & Best Practices

• X: Re-enroll 2FA security keys by November 10 or get locked out: X (formerly Twitter) is requiring users with security keys or passkeys for 2FA to re-enroll them by November 10 to avoid account lockout. Read more
• The State of Exposure Management in 2025: Insights From 3,000+ Organizations — A new report highlights how organizations are adapting to an expanding attack surface and AI-weaponized vulnerabilities by improving exposure management. Read more
• Microsoft: New policy removes pre-installed Microsoft Store apps — A new Microsoft policy allows IT administrators to remove pre-installed Microsoft Store applications, providing greater control over system configurations. Read more

Security Standards & Frameworks (NIST, MITRE ATT&CK, CIS)

• US declines to join more than 70 countries in signing UN cybercrime treaty — The United States has opted not to sign the UN Convention against Cybercrime, a global treaty aimed at creating a unified mechanism to combat digital crime. Read more

Emerging Security Technologies (AI, XDR, CNAPP)

• AI fuels a new wave of fake receipts, according to SAP Concur — SAP Concur warns that generative AI is driving a significant increase in expense fraud through the creation of highly convincing fake receipts. Read more
• Reuters: Deepseek emerges as key AI partner in China’s military research — A report indicates that China’s military is utilizing domestic AI models from companies like Deepseek and Alibaba for developing autonomous weapons systems. Read more
• What brain privacy will look like in the age of neurotech — Experts discuss the future of brain data privacy, including the potential for commodification and the role of AI in decoding internal speech. Read more