As 2025 draws to a close, the cybersecurity landscape remains fraught with significant threats ranging from zero-day exploits and ransomware campaigns to state-sponsored espionage. Organisations across sectors must stay vigilant against emerging vulnerabilities and ensure compliance with evolving regulatory standards like NIS2. Today’s roundup covers critical updates impacting enterprise infrastructure, ongoing targeted attacks, and key guidance for security teams.
Vulnerabilities Impacting Enterprise Systems
Windows 10 Message Queuing Fix
Microsoft has released an out-of-band update for Windows 10 to address issues caused by this month’s extended security update for Windows 11, which inadvertently broke Message Queuing (MSMQ). MSMQ is widely used in enterprise environments to manage background tasks and messaging services. The disruption could impact business continuity, making it essential for IT teams to prioritise this patch.
Zero-Day Exploits Against SonicWall Edge Devices
SonicWall’s SMA1000 devices have come under renewed attack through a chained zero-day vulnerability combined with a previously disclosed critical flaw. These attacks expose organisations using SonicWall for remote access to serious compromise risks, underscoring the need for rapid patching and monitoring of VPN appliances.
UEFI Vulnerability Enables Early-Boot Attacks
Major motherboard manufacturers including ASRock, Asus, Gigabyte, and MSI have been found vulnerable to early-boot direct memory access (DMA) attacks via a UEFI flaw. Such attacks can completely bypass operating system security, allowing persistent threats at the firmware level. Businesses should assess their hardware risk and apply firmware updates where available.
HPE IT Infrastructure Management Software Patch
Hewlett-Packard Enterprise has patched a critical remote code execution flaw (CVE-2025-37164) in its IT infrastructure management software. Because unauthenticated attackers could exploit this vulnerability, organisations relying on HPE solutions must urgently deploy the update to prevent potential breaches.
Ransomware and Data Theft Campaigns
Clop Ransomware Targets Gladinet CentreStack
The Clop ransomware group is actively exploiting internet-exposed Gladinet CentreStack file servers, combining data theft with extortion tactics. This highlights the ongoing trend of ransomware gangs prioritising data exfiltration to increase leverage over victims.
Seizure of E-Note Crypto Exchange
In a significant law enforcement action, US authorities seized the E-Note cryptocurrency exchange infrastructure, which was allegedly used to launder over $70 million in ransomware payments. This crackdown disrupts cybercriminal financial channels and signals increased regulatory focus on crypto platforms enabling illicit transactions.
Espionage and Credential-Based Attacks
China-Aligned LongNosedGoblin Group Deploys Malware via Windows Group Policy
A new report from ESET reveals a China-aligned threat actor, LongNosedGoblin, using Windows Group Policy to deploy espionage malware targeting government entities in Southeast Asia and Japan. Active since at least September 2023, this campaign demonstrates sophisticated use of native Windows tools for persistence and covert operations.
Password Spraying Attacks on VPN Gateways
Automated password spraying campaigns are targeting Cisco SSL VPN and Palo Alto Networks GlobalProtect gateways. These credential-based attacks aim to gain initial access by exploiting weak password policies, emphasising the critical need for strong authentication controls.
Compliance and Best Practices
Aligning Password and MFA Policies with NIS2
With the NIS2 directive placing stricter requirements on identity and access management, organisations must revisit their password policies and multi-factor authentication (MFA) implementations. Weak passwords and poor authentication practices now represent compliance risks, and adopting robust controls is essential for regulatory adherence and security resilience.
University of Sydney Data Breach
Lastly, the University of Sydney suffered a data breach where hackers accessed an online coding repository and extracted personal information of students and staff. This incident underscores the risks of unsecured development environments and the importance of protecting sensitive data repositories.
Key Takeaways
- Organisations should prioritise patching critical vulnerabilities in widely used enterprise systems such as Windows 10, SonicWall devices, and HPE management software.
- Firmware-level threats like the UEFI DMA vulnerability require hardware risk assessments and timely updates.
- Ransomware campaigns continue evolving with data theft extortion, while law enforcement actions against crypto exchanges disrupt cybercriminal economies.
- State-sponsored groups increasingly exploit native Windows features for stealthy espionage operations.
- Credential-based attacks on VPNs highlight the urgent need for strong password policies and MFA, aligning with NIS2 compliance requirements.
- Data breaches in academic institutions demonstrate the ongoing importance of securing development and code repositories.
Security teams and business leaders must maintain a proactive stance on patch management, threat detection, and regulatory compliance to navigate the complex threat environment at year-end and beyond.