ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.
Join us on Wednesday, November 5 at 1 PM ET for a live discussion on how AI is reshaping Governance, Risk, and Compliance. Experts from Hyperproof and Grant Thornton join Dave Bittner to share firsthand experiences, practical insights, and a forward-looking perspective on how AI is transforming compliance workflows. Register now to attend live or watch on demand.
The US Cybersecurity and Infrastructure Security Agency (CISA) warns that a high-severity Windows SMB flaw (CVE-2025-33073) is being actively exploited in attacks, BeyondMachines reports. The vulnerability, which received a CVSS score of 8.8, was patched in Microsoft's July 2025 Patch Tuesday updates. The flaw is an improper access control vulnerability that can allow attackers to gain SYSTEM privileges on a compromised machine.
CISA has ordered Federal civilian agencies to patch the flaw by November 10th, and private sector organizations should follow suit.
CSO Online reports that foreign hackers used SharePoint vulnerabilities (CVE-2025-53770 and CVE-2025-49704) to breach the Kansas City National Security Campus (KCNSC), which manufactures roughly 80% of the non-nuclear parts in the US's nuclear stockpile. Microsoft patched the flaws in July after the vulnerabilities were exploited in a wave of zero-day attacks. The US National Nuclear Security Administration (NNSA) disclosed in July that it had been affected by the attacks, but didn't share specifics.
Researchers at Microsoft and Resecurity attributed the initial zero-day attacks to Chinese state-sponsored actors, but a source familiar with the Kansas City incident told CSO that a Russian threat actor was behind this particular incident. Resecurity doesn't rule out this possibility, noting that criminal groups likely began targeting the SharePoint flaw after it became public.
CompTIA is developing their first-ever certification focused on artificial intelligence in cybersecurity. The SecAI+certification aims to help mid-career cybersecurity professionals demonstrate competencies with AI tools. Learn how N2K can help you get a jumpstart on preparing for this new certification today.
China's Ministry of State Security (MSS) has accused the US National Security Agency (NSA) of hacking the National Time Service Center (NTSC), a public institute responsible for maintaining standard time in China, the Record reports. The Record notes that the NTSC is "functionally equivalent to the U.S. Naval Observatory," and Chinese state-owned newspaper the Global Times explains that the institute "provides high-precision time services for sectors such as national communications, finance, electric power, transportation, surveying and mapping, and national defense."
The MSS says it has "ironclad evidence” that NSA tried to "steal state secrets and conduct cyber espionage," and China's CERT published a technical analysis of the incident. The Record observes that such an attack would not necessarily be considered a breach of cyber norms, and China's claims are likely an attempt to deflect from Western accusations surrounding Beijing's Salt Typhoon hacking operations.
An NSA official said in a statement, "NSA does not confirm nor deny allegations in the media regarding its operations. Our core focus is countering foreign malign activities persistently targeting American interests, and we will continue to defend against adversaries wishing to threaten us."
A ransomware attack on Japanese office equipment retailer Askul and its affiliated logistics network is disrupting online services for several major Japanese e-commerce sites. Household goods retailers Muji, The Loft, and Sogo & Seibu, which rely on Askul's logistics services, have shut down their online sales as a result.
The Japan Times reports that Askul is investigating whether customer data were stolen in the attack, and the company may postpone its earnings report that was scheduled for October 28th.
The BBC cites analysts at the Cyber Monitoring Centre (CMC) as saying the ransomware attack against Jaguar Land Rover (JLR) will cost approximately £1.9 billion (US$2.5 billion), making it the costliest attack in UK history. The attack, which began on September 1st, affected at least 5,000 businesses across the supply chain. The CMC estimates that JLR will need at least until January 2026 to fully recover its operations. JLR hasn't commented on the report, but says it's bringing manufacturing back online in phases.
Ciaran Martin, chair of the CMC's technical committee, stated, "With a cost of nearly £2bn, this incident looks to have been by some distance the single most financially damaging cyber event ever to hit the UK.
A US court has ordered Israeli spyware firm NSO Group to stop targeting Meta's WhatsApp, Reuters reports. US District Court Judge Phyllis Hamilton said in a ruling on Friday, "[D]efendants freely acknowledge that they continue to use Whatsapp to collect users’ messages....The argument for an injunction is even stronger in this case, because there is no dispute that defendants still possess the software at issue in this litigation, as well as the source code and other data illegally acquired from Whatsapp."
The judge also deemed that the punitive damages imposed on NSO were excessive, and reduced the amount NSO owes Meta from $167 million to just $4 million. The injunction preventing NSO from targeting WhatsApp may be more unfavorable for the spyware firm than monetary damages, however; the company had previously argued that such an injunction "would put NSO’s entire enterprise at risk" and "force NSO out of business."
Today's issue includes events affecting , and .
