Daily Security Briefing 040

October 14, 2025 | Read Online

Microsoft patches 172 vulnerabilities including 4 zero-days, PolarEdge IoT botnet’s unique C2 methods, and $15 billion crypto seizure from pig butchering scam kingpin…

Executive Summary

Today’s cybersecurity landscape is marked by extensive vulnerability remediation and ongoing threats from sophisticated malware. Microsoft’s October Patch Tuesday addresses a critical mass of 172 flaws, including actively exploited zero-days, underscoring the constant need for prompt patching. The emergence of PolarEdge malware employing custom binary protocols and TLS servers highlights advanced IoT botnet innovations. Meanwhile, enforcement actions continue to impact cybercrime, with U.S. authorities seizing $15 billion linked to a major crypto scam. Additionally, concerns about U.S. cybersecurity workforce cuts and surveillance practices reveal continued political scrutiny in cyber governance. These developments collectively showcase the intersection of technical threats and policy dynamics in cybersecurity today.

Top Articles

Microsoft Patch Tuesday October 2025 – 172 Vulnerabilities Fixed Along with 4 Zero-days
Microsoft’s latest security update patches 172 vulnerabilities across Windows, Office, Azure, and more. Four zero-day exploits are included, two of which have confirmed active exploitation. This large-scale release reinforces the importance of rapid deployment to mitigate potential attacks.
BleepingComputer

PolarEdge C2 Communication via Custom Binary Protocol with Custom TLS Server
PolarEdge, an IoT botnet implant first detected in early 2025, uses a novel command-and-control mechanism via a proprietary binary protocol and custom TLS server. Researchers uncovered this technique while investigating exploit traffic targeting Cisco routers through CVE-2023-20118. This sophisticated malware stealthily communicates unauthenticated instructions, complicating detection.
GBHackers | CyberPress

US Seizes $15 Billion in Crypto from ‘Pig Butchering’ Kingpin
The U.S. Department of Justice has confiscated $15 billion in bitcoin from the alleged head of the Prince Group, responsible for extensive cryptocurrency investment scams known as pig butchering or romance baiting. This seizure represents one of the largest crypto-related enforcement actions targeting organized fraud operations.
BleepingComputer

Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
A Chinese state-sponsored group known as Flax Typhoon compromised an ArcGIS system, maintaining backdoor access for over a year. This campaign highlights persistent espionage efforts targeting geospatial infrastructure with long-term covert footholds. U.S. intelligence agencies have publicly attributed the activity to this actor.
TheHackerNews

RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing
Researchers revealed a critical flaw called RMPocalypse that undermines AMD’s SEV-SNP secure virtualization technology. The vulnerability allows malicious actors to perform a single memory write to compromise confidential computing protections, leading AMD to issue necessary security fixes.
TheHackerNews

Hackers Use Authentic Legal Notifications as Tools to Spread Info-stealing Malware
A phishing campaign targets Latin America using deceptive Spanish-language judicial notices to deliver AsyncRAT malware. Attackers conceal malicious payloads within SVG image attachments, evading conventional email and antivirus filters to deploy remote access trojans.
CyberPress

Swalwell Seeks Answers from CISA on Workforce Cuts
Rep. Eric Swalwell raised concerns over reported staffing reductions at CISA, accusing the Trump Administration of undermining the agency’s capacity. He demands clarification on personnel shifts that may weaken U.S. cybersecurity defenses amid rising threats.
CyberScoop

The Trump Administration’s Increased Use of Social Media Surveillance
A Brookings report reveals that the Trump Administration escalated social media surveillance with targeted monitoring and a zero-tolerance “Catch and Revoke” policy aimed at deportations. This approach marks a more explicit and aggressive use of digital monitoring for immigration enforcement.
Schneier.com

Security Firms Dispute Credit for Overlapping CVE Reports
FuzzingLabs accused Gecko Security of copying its vulnerability disclosures and filing CVE reports without proper attribution. Gecko denies wrongdoing, citing a misunderstanding of the disclosure process. This dispute highlights tensions in collaborative vulnerability research.
BleepingComputer

Upcoming Speaking Engagements
Bruce Schneier and Nathan E. Sanders will present talks and book signings of “Rewiring Democracy” on October 22, 2025, at the Harvard Kennedy School Ash Center and Cambridge Public Library, both in Cambridge, Massachusetts.
Schneier.com

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.