Daily Briefing for 09.26.25

At a glance.

1. CISA orders US Federal agencies to patch Cisco flaws by midnight.
2. Microsoft revokes certain cloud services from the Israeli military.
3. Unsecured database exposes millions of files related to auto insurance claims.

CISA orders US Federal agencies to patch Cisco flaws by midnight.

The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday issued an emergency directive ordering federal civilian agencies to mitigate against actively exploited vulnerabilities affecting Cisco Adaptive Security Appliances (ASAs) by midnight tonight. The vulnerabilities (CVE-2025-20333 and CVE-2025-20362) were exploited as zero-days to achieve unauthenticated remote code execution and establish persistence through reboots and system upgrades. Cisco issued patches for the flaws yesterday, attributing the exploitation to the same threat actor responsible for the ArcaneDoor operation in 2023 and 2024. The Washington Post cites security experts as saying Chinese hackers are behind the campaign, and CISA did not dispute this conclusion.

CISA said in its directive, "CISA is directing agencies to account for all Cisco ASA and Firepower devices, collect forensics and assess compromise via CISA-provided procedures and tools, disconnect end-of-support devices, and upgrade devices that will remain in service. These actions are directed to address the immediate risk, assess compromise, and inform analysis of the ongoing threat actor campaign."

Microsoft revokes certain cloud services from the Israeli military.

Microsoft has stopped providing certain cloud services to the Israeli military as the company investigates alleged mass surveillance of Palestinians, CNBC reports. Microsoft initiated the investigation following an August report from the Guardian that claimed the IDF's Unit 8200 was using Microsoft's Azure servers in Europe to store millions of recordings of phone calls made by Palestinian civilians. Microsoft's President, Brad Smith, said yesterday in a letter to employees, "While our review is ongoing, we have found evidence that supports elements of The Guardian’s reporting. This evidence includes information relating to IMOD consumption of Azure storage capacity in the Netherlands and the use of AI services."

Smith outlined the following two reasons for cutting the services: "First, we do not provide technology to facilitate mass surveillance of civilians. We have applied this principle in every country around the world, and we have insisted on it repeatedly for more than two decades. This is why we explained publicly on August 15 that Microsoft’s standard terms of service prohibit the use of our technology for mass surveillance of civilians. Second, we respect and protect the privacy rights of our customers. This means, among other things, that we do not access our customers’ content in this type of investigation."

Microsoft will continue providing other services to Israel, including those related to cybersecurity.

Unsecured database exposes millions of files related to auto insurance claims.

Security researcher Jeremiah Fowler discovered a publicly exposed database containing ten terabytes of data with more than five million records related to car insurance claims, including "powers of attorney, vehicle registrations, estimates, repair invoices, and images of damaged vehicles with visible license plates and VIN numbers." Information in the database suggests the data belongs to Illinois-based ClaimPix, a platform for filing auto insurance claims, though it's not clear if the database belongs to ClaimPix or to a third-party vendor. The database was secured after Fowler notified the company.