Cybersecurity Latest Rundown

Compliance Impact Scoreboard

SOX: 18 HIPAA: 4 FISMA: 3 General Enterprise: 2

CyberSecurity Latest Rundown

Heroes, late breaking critical news. Here's a detailed look at the current cybersecurity landscape for October 2, 2025.

CRITICAL ITEMS

OpenSSL patches 3 vulnerabilities, urging immediate updates
Date & Time: 2025-10-01T20:15:47

The OpenSSL Project has released security updates for three vulnerabilities in its widely used SSL/TLS toolkit. These flaws could allow attackers to recover private keys, execute arbitrary code, or conduct Denial-of-Service (DoS) attacks, posing a significant risk to encrypted communications and system integrity. Immediate patching is strongly recommended to mitigate potential exploitation.

CVE: CVE-2025-9230, CVE-2025-9231, CVE-2025-9232 | Compliance: SOX, GDPR | Source: securityaffairs.com ↗
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud
Date & Time: 2025-10-02T10:00:58

Cisco Talos has identified a Chinese-speaking cybercrime group, UAT-8099, targeting Internet Information Service (IIS) servers. The group's primary motives are search engine optimization (SEO) fraud and the theft of sensitive data, including credentials, configuration files, and certificates. This campaign highlights the ongoing threat of financially motivated actors compromising web infrastructure for illicit gains.

CVE: n/a | Compliance: SOX, FISMA | Source: blog.talosintelligence.com ↗
Cybercriminals Claim Theft of Data From Oracle E-Business Suite Customers
Date & Time: 2025-10-02T10:28:03

Threat actors are claiming to have stolen data from customers using Oracle's E-Business Suite. The attackers have alleged affiliations with the notorious Cl0p ransomware group and have operational links to the FIN11 cybercrime syndicate. This incident could have significant financial and operational impacts for affected Oracle customers if the data breach claims are verified.

CVE: n/a | Compliance: SOX | Source: www.securityweek.com ↗
New LKM Rootkit Emerges, Evades Most Detections
Date & Time: 2025-10-02T04:01:09

A new and powerful Linux Kernel Module (LKM) rootkit named 'Singularity' has been released, reportedly capable of evading most current detection methods. Its features include environment-triggered privilege elevation and hiding processes and files at the syscall level. The availability of such a tool on public platforms like GitHub lowers the barrier for sophisticated attacks against Linux systems.

CVE: n/a | Compliance: GDPR, SOX | Source: www.reddit.com ↗
Nvidia and Adobe vulnerabilities
Date & Time: 2025-10-01T18:37:57

Cisco Talos has disclosed five vulnerabilities in Nvidia products and one in Adobe Acrobat, all of which have been patched by the vendors. These vulnerabilities could pose various risks to users of the affected software, from denial of service to potential code execution. Organizations should ensure the latest security updates from Nvidia and Adobe are applied to mitigate these threats.

CVE: n/a | Compliance: HIPAA, SOX | Source: blog.talosintelligence.com ↗

HIGH SEVERITY ITEMS

China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors
Date & Time: 2025-10-02T07:40:57

The China-nexus Advanced Persistent Threat (APT) group, Phantom Taurus, is actively targeting government and telecommunications organizations with a malware variant known as Net-Star. The campaign's objective is espionage, leveraging distinct tactics, techniques, and procedures (TTPs) to exfiltrate sensitive information. This activity represents a persistent nation-state threat to critical infrastructure and government entities.

CVE: n/a | Compliance: SOX, FISMA | Source: securityaffairs.com ↗
That annoying SMS phish you just got may have come from a box like this
Date & Time: 2025-10-01T22:16:07

Researchers have discovered that scammers are abusing unsecured industrial cellular routers manufactured by Milesight IoT to send large volumes of SMS phishing (smishing) messages. These campaigns, ongoing since 2023, exploit vulnerable Internet of Things (IoT) devices to create a distributed and difficult-to-trace infrastructure for phishing attacks. This highlights the growing risk of insecure IoT devices being co-opted for widespread malicious activities.

CVE: n/a | Compliance: HIPAA, SOX | Source: arstechnica.com ↗

EXECUTIVE INSIGHTS

Show HN: Kexa.io – Open-Source IT Security Compliance (Now Premium UI and AI)
Date & Time: 2025-10-01T14:45:50

The open-source tool Kexa.io, designed to scan cloud environments for misconfigurations, has launched a premium version with an enhanced UI and AI-powered remediation assistance. This reflects a growing industry trend towards automated compliance and security posture management tools. For security leaders, such tools can help unify security visibility and shift from reactive incident response to proactive risk mitigation.

Source: news.ycombinator.com ↗
Insider Threat Intelligence Solutions | Trend Analysis Report
Date & Time: 2025-10-02T09:00:53

A new report from Nisos emphasizes the need for proactive monitoring of behavioral, technical, and organizational indicators to identify potential insider threats. As remote work and complex digital environments persist, the risk from insiders (whether malicious or unintentional) remains a critical concern for executives. Establishing a formal insider threat program is a key strategic defense against data loss and sabotage.

Source: nisos.com ↗
Cybersecurity Awareness Month: Security starts with you
Date & Time: 2025-10-01T16:00:00

Microsoft is highlighting the human element of cybersecurity for Cybersecurity Awareness Month, reinforcing that security is a shared responsibility. For leadership, this is a reminder that technology controls alone are insufficient; a strong security culture, continuous employee training, and awareness campaigns are essential components of a holistic defense strategy. Investing in people is as critical as investing in technology.

Source: www.microsoft.com ↗

VENDOR SPOTLIGHT

Spotlight Rationale: Today's intelligence highlights a landscape rife with unpatched vulnerabilities ([CVE-2025-9230](https://nvd.nist.gov/vuln/detail/CVE-2025-9230), [CVE-2025-9494](https://nvd.nist.gov/vuln/detail/CVE-2025-9494)), targeted attacks on misconfigured servers (UAT-8099), and the abuse of insecure IoT devices. Kexa.io is selected for its proactive, open-source approach to identifying the very misconfigurations that serve as entry points for these threats, directly addressing the root cause of many potential breaches.

Threat Context: Show HN: Kexa.io – Open-Source IT Security Compliance

Platform Focus: Kexa.io Open-Source Cloud Misconfiguration Scanner

Kexa.io provides a unified, open-source solution to scan cloud environments for security misconfigurations. By automating the detection of insecure settings, it directly counters the tactics used by groups like UAT-8099, which exploit improperly configured IIS servers. This proactive stance helps organizations harden their attack surface before vulnerabilities can be exploited, shifting security from a reactive to a preventative model.

Actionable Platform Guidance: Security teams can immediately leverage the open-source version of Kexa.io to perform baseline security assessments of their cloud infrastructure. A key first step is to run a scan focused on public-facing storage and insecure network rules to identify and remediate the most common initial access vectors.

Source: https://kexa.io/ ↗

DETECTION & RESPONSE KIT

⚠️ Disclaimer: Test all detection logic in non-production environments before deployment.

1. Vendor Platform Configuration - Kexa.io

# Actionable Guidance for Kexa.io Open-Source Scanner
# Goal: Perform a baseline scan for common cloud misconfigurations.

# 1. Install Kexa.io CLI tool (refer to official documentation for specifics)
# Example using npm:
# npm install -g kexa

# 2. Configure cloud provider credentials
# Ensure the environment where you run Kexa has the necessary read-only permissions
# for your AWS, Azure, or GCP environment.
# export AWS_ACCESS_KEY_ID='YOUR_KEY'
# export AWS_SECRET_ACCESS_KEY='YOUR_SECRET'
# export AWS_REGION='us-east-1'

# 3. Run a scan using a predefined ruleset (e.g., CIS benchmarks)
# The command will vary based on the tool's syntax.
# kexa scan --provider aws --ruleset cis-v1.4

# 4. Review the output for high-priority findings
# Focus on publicly exposed resources, missing encryption, and permissive IAM roles.

# 5. Integrate into CI/CD pipeline for continuous monitoring
# Add the scan command as a step in your deployment pipeline to catch
# misconfigurations before they reach production.

2. YARA Rule for Singularity LKM Rootkit

rule Linux_Rootkit_Singularity_LKM {
meta:
description = "Detects strings associated with the Singularity Linux Kernel Module (LKM) rootkit."
author = "Threat Rundown"
date = "2025-10-02"
reference = "https://github.com/MatheuZSecurity/Singularity"
severity = "high"
tlp = "white"
strings:
$s1 = "MatheuZSecurity/Singularity" ascii wide
$s2 = "Singularity: Hiding process with PID"
$s3 = "syscall-level filtering of /proc"
$s4 = "Environment-triggered privilege elevation"
condition:
any of ($s*)
}

3. SIEM Query — Potential IIS SEO Fraud (UAT-8099)

index=web sourcetype="iis" http_method="POST"
(uri_path="*/web.config" OR uri_path="*/global.asax" OR uri_path="*/appsettings.json")
| stats count by src_ip, user_agent, uri_path
| where count > 10
| eval risk_score=case(
match(user_agent, "(python|curl|wget)"), 100,
count > 50, 75,
1==1, 50)
| where risk_score >= 75
| table _time, src_ip, user_agent, uri_path, count, risk_score
| sort -risk_score, -count

4. PowerShell Script — Check for Vulnerable OpenSSL Versions

# This script checks for the presence of OpenSSL DLLs and attempts to read their version.
# Note: This is a best-effort check and may not be 100% accurate for all installations.

$searchPaths = $env:Path -split ';', 'C:\Program Files\', 'C:\Program Files (x86)\'
$dllNames = "libcrypto-*.dll", "libssl-*.dll"
$vulnerableVersions = @("3.0.0", "3.0.1") # Example versions, update as needed

Write-Host "Searching for OpenSSL DLLs..."

foreach ($path in $searchPaths) {
if (Test-Path $path -PathType Container) {
Get-ChildItem -Path $path -Include $dllNames -Recurse -ErrorAction SilentlyContinue | ForEach-Object {
try {
$versionInfo = (Get-Item $_.FullName).VersionInfo
if ($versionInfo.ProductVersion) {
Write-Host "Found: $($_.FullName) - Version: $($versionInfo.ProductVersion)"
# Add logic here to compare against known vulnerable versions
}
} catch {
# Unable to get version info
}
}
}
}

Write-Host "Search complete. Manually verify versions against OpenSSL advisories for CVE-2025-9230, CVE-2025-9231, CVE-2025-9232."

This rundown should provide a solid overview of the current threat landscape. Thank you to all our cyberheroes for your diligence and hard work. Stay vigilant!

{ "type": "bundle", "id": "bundle--c2ad27a9-b430-430e-a479-3002c1a5f5c8", "objects": [ { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487", "created": "2022-10-01T00:00:00.000Z", "definition_type": "tlp:2.0", "name": "TLP:CLEAR", "definition": { "tlp": "clear" } }, { "type": "identity", "spec_version": "2.1", "id": "identity--3baebf9b-b8f2-414b-844c-b8cea0871a62", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "name": "MikeGPT Intelligence Platform", "description": "AI-powered threat intelligence collection and analysis platform providing automated cybersecurity intelligence feeds", "identity_class": "organization", "sectors": [ "technology", "defense" ], "contact_information": "Website: https://mikegptai.com | Email: intel@mikegptai.com", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "report", "spec_version": "2.1", "id": "report--1ec55575-e2b3-496f-96e2-019e4198e98a", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "name": "Threat Intelligence Report - 2025-10-02", "description": "Threat Intelligence Report - 2025-10-02\n\nThis report consolidates actionable cybersecurity intelligence from 89 sources, processed through automated threat analysis and relationship extraction.\n\nKEY FINDINGS:\n• UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud (Score: 100)\n• Cybercriminals Claim Theft of Data From Oracle E-Business Suite Customers (Score: 100)\n• Moline-Coal Valley School District Shifts from Reactive to Proactive Student Safety & Google Securit (Score: 100)\n• OpenSSL patches 3 vulnerabilities, urging immediate updates (Score: 100)\n• ZDI-25-925: Viessmann Vitogate 300 BN/MB vitogate.cgi form-0-2 Command Injection Remote Code Executi (Score: 100)\n\nEXTRACTED ENTITIES:\n• 23 Attack Pattern(s)\n• 6 Campaign(s)\n• 6 Course Of Action(s)\n• 3 Domain Name(s)\n• 6 Indicator(s)\n• 1 Marking Definition(s)\n• 18 Relationship(s)\n• 3 Url(s)\n• 6 Vulnerability(s)\n\nCONFIDENCE ASSESSMENT:\nVariable confidence scoring applied based on entity type and intelligence source reliability. Confidence ranges from 30-95% reflecting professional intelligence assessment practices.\n\nGENERATION METADATA:\n- Processing Time: Automated\n- Validation: Three-LLM consensus committee\n- Standards Compliance: STIX 2.1\n", "published": "2025-10-02T12:37:26.752Z", "object_refs": [ "identity--3baebf9b-b8f2-414b-844c-b8cea0871a62", "identity--37a6c73b-081d-4c71-a467-5ccabd7ab329", "identity--cba0f55e-7bb3-4ae6-b0f8-048dae21e7f3", "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "attack-pattern--34177d94-d555-46fa-bc10-fc252443e223", "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "attack-pattern--f1669470-d352-4943-bd4a-70c7740b6d39", "attack-pattern--75a38270-146f-445a-bb30-589accfe0eb3", "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "attack-pattern--8dd2a740-fa1b-4f41-be82-018bed51553e", "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "attack-pattern--8b825070-d031-4677-bf40-7fed85cc24ee", "attack-pattern--0ec57ff0-0257-4287-888c-8f20c7e08c6b", "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "attack-pattern--9f6c52f6-cc63-4397-b485-099a2ca6acf9", "attack-pattern--85046086-7972-4f9c-a91e-9787bb485bb0", "vulnerability--d4dc01cb-4a14-446d-9cd3-fdd1cefd029a", "vulnerability--d28d89aa-cbf2-4082-8c7d-f12e4cbbc1e5", "vulnerability--55547e99-c350-4537-8c25-1bd1363bd872", "vulnerability--4c0e5b1c-7ed9-414a-b381-b80d47d79f7b", "vulnerability--34e8c78f-763a-4e0d-8e9f-b4459433b291", "vulnerability--121c73a0-7bb7-4206-b7cf-6b969ee98b7e", "campaign--4464e331-e76f-4c64-8e2c-b8412b393d47", "campaign--b4114e74-ca8f-438c-9772-c67367966eb5", "campaign--8938bb37-2b94-4067-ae5b-a1d25d26c1bd", "campaign--31a29fa4-155f-4596-b05f-ddf4b8b9a0cc", "campaign--f2e79206-0761-4eaa-9265-6e3897bf3290", "campaign--1fd27f3f-e96d-4c27-80ea-f11dea0f52b6", "course-of-action--1c85d0cb-4e45-47a7-9dd3-54152a8e9b2a", "course-of-action--27a72a52-6f78-4d07-a84c-7aa133c190e5", "course-of-action--773cc031-ad20-41cb-8131-c53dd418ce97", "course-of-action--c764c9c5-e60d-47fe-8e6a-6582be115438", "course-of-action--8248ee55-1a23-4017-9c95-78df4b2c8253", "course-of-action--e53bd24f-66b3-4217-995e-cd1cf7395a54", "domain-name--fcb3a04c-385c-42eb-b705-182a6b5aa115", "url--3cb44dd1-b159-43b9-923a-24005c504df0", "domain-name--f51e922d-73f0-4f29-bb26-dd0b1e987a8f", "url--9e99c118-4ffb-41bf-81b9-1a35608f4ff1", "domain-name--07ac3040-cb4b-460a-a956-4b3c44124fc1", "url--48a8cd38-1c63-4947-8351-663f9aa7a606", "indicator--1c28e84b-097f-4733-993a-7ac87e21683f", "relationship--a41ed059-a67a-4e76-a8a0-92d54b3c1c5a", "indicator--0a3a2dbd-7106-4664-be11-1337bbf604ad", "relationship--46e6607e-70c9-49ee-a0de-debcc4232709", "indicator--f18a7b53-4af9-47c1-9b7c-ea719df488da", "relationship--6bc16616-ea7e-41b5-816c-aa3e592c9f9c", "indicator--39969e0e-6a42-48f8-86c4-016ced525745", "relationship--6d2dfd5c-7fb4-4af8-8211-33bc6736686d", "indicator--fc536668-6252-43b3-9790-691d15dab976", "relationship--bfa54401-8db5-4904-881e-bc0f50122e0d", "indicator--89af12a8-a0b5-489f-a918-891f77ba60a7", "relationship--4c5e6a1c-70ab-4e7a-b771-bf1a089778a0", "relationship--3ccf4643-404c-417d-85bc-0b368b1ce945", "relationship--0ef57a6f-17d1-4a91-8c00-2a17f19717a4", "relationship--bf8e0624-2739-44a5-ab55-a45f8d72aeb4", "relationship--2582a70a-8ba8-43cd-bb0e-ee984c8a4837", "relationship--fc9e10eb-13e7-4f8d-bfdd-4437634fc80d", "relationship--1012210f-d3b5-4cf9-bd27-e78586a555f2", "relationship--1679d184-a468-4923-bdad-487a1525abcd", "relationship--a0f06376-d22b-431b-8f26-0d89a112007c", "relationship--e5abe450-b48d-458e-b801-a4aa1d57cde7", "relationship--a2273d2d-ad57-42f5-8b7a-779775acce66", "relationship--1e11d74a-f2b6-4b11-b90b-c4f9ab5cfb84", "relationship--64be3b33-82f2-4648-bf37-0ac1404e0cf4" ], "labels": [ "threat-report", "threat-intelligence" ], "created_by_ref": "identity--3baebf9b-b8f2-414b-844c-b8cea0871a62", "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.082Z", "modified": "2025-10-02T12:37:26.082Z", "confidence": 95, "type": "identity", "id": "identity--37a6c73b-081d-4c71-a467-5ccabd7ab329", "name": "ZDI", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.082Z", "modified": "2025-10-02T12:37:26.082Z", "confidence": 95, "type": "identity", "id": "identity--cba0f55e-7bb3-4ae6-b0f8-048dae21e7f3", "name": "Proofpoint", "identity_class": "organization", "labels": [ "organization" ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.082Z", "modified": "2025-10-02T12:37:26.082Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--771ed4e5-6dde-43a8-9c72-d006b0c83e3d", "name": "Command and Scripting Interpreter", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1059", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1059/", "external_id": "T1059" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--e5974f70-5745-450a-908a-6483ad9c4678", "name": "Exploitation for Client Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "execution" } ], "x_mitre_id": "T1203", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1203/", "external_id": "T1203" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--280ebd89-59bc-4ae2-a9db-1c01a56e50dc", "name": "Exploit Public-Facing Application", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1190", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1190/", "external_id": "T1190" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--06cf8802-38e4-4421-a699-33a0bae74d96", "name": "System Information Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1082", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1082/", "external_id": "T1082" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2e52cc86-c2ef-43d7-9f1e-2fc59c4845ee", "name": "File and Directory Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1083", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1083/", "external_id": "T1083" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--943edc6f-c0f9-48f1-b8d4-4666aa0abae1", "name": "Process Discovery", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "discovery" } ], "x_mitre_id": "T1057", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1057/", "external_id": "T1057" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--2da268b5-7100-4dbc-b23b-d5deafdf268c", "name": "Spearphishing Attachment", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/001/", "external_id": "T1566.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--baad7d00-8591-4c49-8f48-fabb6a35df65", "name": "Spearphishing Link", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/002/", "external_id": "T1566.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--c627c29c-1385-4d76-9046-9c2db86dab11", "name": "Spearphishing via Service", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1566.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1566/003/", "external_id": "T1566.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--34177d94-d555-46fa-bc10-fc252443e223", "name": "System Binary Proxy Execution", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1218", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1218/", "external_id": "T1218" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--13fc9cbe-9444-4eba-872b-a44565ae3ab7", "name": "Supply Chain Compromise", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/", "external_id": "T1195" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 90, "type": "attack-pattern", "id": "attack-pattern--f1669470-d352-4943-bd4a-70c7740b6d39", "name": "Compromise Software Supply Chain", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195.002", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/002/", "external_id": "T1195.002" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 85, "type": "attack-pattern", "id": "attack-pattern--75a38270-146f-445a-bb30-589accfe0eb3", "name": "System Shutdown/Reboot", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "impact" } ], "x_mitre_id": "T1529", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1529/", "external_id": "T1529" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 79, "type": "attack-pattern", "id": "attack-pattern--0b9d5f9a-d372-4a5d-8f9f-e62f6d5e8719", "name": "Vulnerabilities", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/006/", "external_id": "T1588.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 78, "type": "attack-pattern", "id": "attack-pattern--8dd2a740-fa1b-4f41-be82-018bed51553e", "name": "Safe Mode Boot", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1562.009", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1562/009/", "external_id": "T1562.009" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 75, "type": "attack-pattern", "id": "attack-pattern--648fba01-e867-4fc6-96df-cc8f6217bee6", "name": "Artificial Intelligence", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "resource-development" } ], "x_mitre_id": "T1588.007", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1588/007/", "external_id": "T1588.007" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 74, "type": "attack-pattern", "id": "attack-pattern--8b825070-d031-4677-bf40-7fed85cc24ee", "name": "SMS Pumping", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "impact" } ], "x_mitre_id": "T1496.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1496/003/", "external_id": "T1496.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 71, "type": "attack-pattern", "id": "attack-pattern--0ec57ff0-0257-4287-888c-8f20c7e08c6b", "name": "Cloud Secrets Management Stores", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" } ], "x_mitre_id": "T1555.006", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1555/006/", "external_id": "T1555.006" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--d2a77ce3-d278-4f77-97f0-227b744a33d3", "name": "Archive via Utility", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1560.001", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1560/001/", "external_id": "T1560.001" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--a6ff86fe-f269-42e5-9428-ab17d04e30e2", "name": "Screen Capture", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1113", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1113/", "external_id": "T1113" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 70, "type": "attack-pattern", "id": "attack-pattern--e8d516a9-a107-4c4b-806f-bc9c612eef18", "name": "Adversary-in-the-Middle", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "credential-access" }, { "kill_chain_name": "mitre-attack", "phase_name": "collection" } ], "x_mitre_id": "T1557", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1557/", "external_id": "T1557" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 67, "type": "attack-pattern", "id": "attack-pattern--9f6c52f6-cc63-4397-b485-099a2ca6acf9", "name": "Compromise Hardware Supply Chain", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "initial-access" } ], "x_mitre_id": "T1195.003", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1195/003/", "external_id": "T1195.003" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "spec_version": "2.1", "created": "2025-10-02T12:37:26.751Z", "modified": "2025-10-02T12:37:26.751Z", "confidence": 67, "type": "attack-pattern", "id": "attack-pattern--85046086-7972-4f9c-a91e-9787bb485bb0", "name": "Email Hiding Rules", "kill_chain_phases": [ { "kill_chain_name": "mitre-attack", "phase_name": "defense-evasion" } ], "x_mitre_id": "T1564.008", "external_references": [ { "source_name": "MITRE ATT&CK", "url": "https://attack.mitre.org/techniques/T1564/008/", "external_id": "T1564.008" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "mitre-attack" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--d4dc01cb-4a14-446d-9cd3-fdd1cefd029a", "created": "2025-10-02T12:37:26.075Z", "modified": "2025-10-02T12:37:26.075Z", "name": "CVE-2025-9232", "description": "Vulnerability CVE-2025-9232", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-9232", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--d28d89aa-cbf2-4082-8c7d-f12e4cbbc1e5", "created": "2025-10-02T12:37:26.075Z", "modified": "2025-10-02T12:37:26.075Z", "name": "CVE-2025-9230", "description": "Vulnerability CVE-2025-9230", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-9230", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--55547e99-c350-4537-8c25-1bd1363bd872", "created": "2025-10-02T12:37:26.075Z", "modified": "2025-10-02T12:37:26.075Z", "name": "CVE-2025-9231", "description": "Vulnerability CVE-2025-9231", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-9231", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9231" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--4c0e5b1c-7ed9-414a-b381-b80d47d79f7b", "created": "2025-10-02T12:37:26.075Z", "modified": "2025-10-02T12:37:26.075Z", "name": "CVE-2025-9494", "description": "Vulnerability CVE-2025-9494", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-9494", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9494" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--34e8c78f-763a-4e0d-8e9f-b4459433b291", "created": "2025-10-02T12:37:26.075Z", "modified": "2025-10-02T12:37:26.075Z", "name": "CVE-2025-58321", "description": "Vulnerability CVE-2025-58321", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-58321", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58321" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "type": "vulnerability", "spec_version": "2.1", "id": "vulnerability--121c73a0-7bb7-4206-b7cf-6b969ee98b7e", "created": "2025-10-02T12:37:26.075Z", "modified": "2025-10-02T12:37:26.075Z", "name": "CVE-2025-58320", "description": "Vulnerability CVE-2025-58320", "external_references": [ { "source_name": "cve", "external_id": "CVE-2025-58320", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58320" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ], "labels": [ "vulnerability" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--4464e331-e76f-4c64-8e2c-b8412b393d47", "created": "2025-10-02T12:37:26.077Z", "modified": "2025-10-02T12:37:26.077Z", "name": "CVE-2025-9232 Exploitation Campaign", "description": "Coordinated exploitation activity targeting CVE-2025-9232", "first_seen": "2025-10-01T20:15:47.000Z", "last_seen": "2025-10-01T20:15:47.000Z", "objective": "Exploitation of CVE-2025-9232 for unauthorized access", "confidence": 75, "external_references": [ { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--b4114e74-ca8f-438c-9772-c67367966eb5", "created": "2025-10-02T12:37:26.077Z", "modified": "2025-10-02T12:37:26.077Z", "name": "CVE-2025-9230 Exploitation Campaign", "description": "Coordinated exploitation activity targeting CVE-2025-9230", "first_seen": "2025-10-01T20:15:47.000Z", "last_seen": "2025-10-01T20:15:47.000Z", "objective": "Exploitation of CVE-2025-9230 for unauthorized access", "confidence": 75, "external_references": [ { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--8938bb37-2b94-4067-ae5b-a1d25d26c1bd", "created": "2025-10-02T12:37:26.077Z", "modified": "2025-10-02T12:37:26.077Z", "name": "CVE-2025-9231 Exploitation Campaign", "description": "Coordinated exploitation activity targeting CVE-2025-9231", "first_seen": "2025-10-01T20:15:47.000Z", "last_seen": "2025-10-01T20:15:47.000Z", "objective": "Exploitation of CVE-2025-9231 for unauthorized access", "confidence": 75, "external_references": [ { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--31a29fa4-155f-4596-b05f-ddf4b8b9a0cc", "created": "2025-10-02T12:37:26.077Z", "modified": "2025-10-02T12:37:26.077Z", "name": "CVE-2025-9494 Exploitation Campaign", "description": "Coordinated exploitation activity targeting CVE-2025-9494", "first_seen": "2025-10-01T05:00:00.000Z", "last_seen": "2025-10-01T05:00:00.000Z", "objective": "Exploitation of CVE-2025-9494 for unauthorized access", "confidence": 75, "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--f2e79206-0761-4eaa-9265-6e3897bf3290", "created": "2025-10-02T12:37:26.077Z", "modified": "2025-10-02T12:37:26.077Z", "name": "CVE-2025-58321 Exploitation Campaign", "description": "Coordinated exploitation activity targeting CVE-2025-58321", "first_seen": "2025-10-01T05:00:00.000Z", "last_seen": "2025-10-01T05:00:00.000Z", "objective": "Exploitation of CVE-2025-58321 for unauthorized access", "confidence": 75, "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "campaign", "spec_version": "2.1", "id": "campaign--1fd27f3f-e96d-4c27-80ea-f11dea0f52b6", "created": "2025-10-02T12:37:26.077Z", "modified": "2025-10-02T12:37:26.077Z", "name": "CVE-2025-58320 Exploitation Campaign", "description": "Coordinated exploitation activity targeting CVE-2025-58320", "first_seen": "2025-10-01T05:00:00.000Z", "last_seen": "2025-10-01T05:00:00.000Z", "objective": "Exploitation of CVE-2025-58320 for unauthorized access", "confidence": 75, "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "course-of-action", "spec_version": "2.1", "id": "course-of-action--1c85d0cb-4e45-47a7-9dd3-54152a8e9b2a", "created": "2025-10-02T12:37:26.080Z", "modified": "2025-10-02T12:37:26.080Z", "name": "Mitigate CVE-2025-9232", "description": "Apply security updates and patches to address CVE-2025-9232", "action_type": "remediate", "external_references": [ { "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9232", "description": "NVD entry with patch information" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "course-of-action", "spec_version": "2.1", "id": "course-of-action--27a72a52-6f78-4d07-a84c-7aa133c190e5", "created": "2025-10-02T12:37:26.080Z", "modified": "2025-10-02T12:37:26.080Z", "name": "Mitigate CVE-2025-9230", "description": "Apply security updates and patches to address CVE-2025-9230", "action_type": "remediate", "external_references": [ { "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "description": "NVD entry with patch information" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "course-of-action", "spec_version": "2.1", "id": "course-of-action--773cc031-ad20-41cb-8131-c53dd418ce97", "created": "2025-10-02T12:37:26.080Z", "modified": "2025-10-02T12:37:26.080Z", "name": "Mitigate CVE-2025-9231", "description": "Apply security updates and patches to address CVE-2025-9231", "action_type": "remediate", "external_references": [ { "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "description": "NVD entry with patch information" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "course-of-action", "spec_version": "2.1", "id": "course-of-action--c764c9c5-e60d-47fe-8e6a-6582be115438", "created": "2025-10-02T12:37:26.080Z", "modified": "2025-10-02T12:37:26.080Z", "name": "Mitigate CVE-2025-9494", "description": "Apply security updates and patches to address CVE-2025-9494", "action_type": "remediate", "external_references": [ { "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9494", "description": "NVD entry with patch information" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "course-of-action", "spec_version": "2.1", "id": "course-of-action--8248ee55-1a23-4017-9c95-78df4b2c8253", "created": "2025-10-02T12:37:26.080Z", "modified": "2025-10-02T12:37:26.080Z", "name": "Mitigate CVE-2025-58321", "description": "Apply security updates and patches to address CVE-2025-58321", "action_type": "remediate", "external_references": [ { "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58321", "description": "NVD entry with patch information" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "course-of-action", "spec_version": "2.1", "id": "course-of-action--e53bd24f-66b3-4217-995e-cd1cf7395a54", "created": "2025-10-02T12:37:26.080Z", "modified": "2025-10-02T12:37:26.080Z", "name": "Mitigate CVE-2025-58320", "description": "Apply security updates and patches to address CVE-2025-58320", "action_type": "remediate", "external_references": [ { "source_name": "nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58320", "description": "NVD entry with patch information" }, { "source_name": "article", "url": "https://securityaffairs.com/?p=182845", "description": "OpenSSL patches 3 vulnerabilities, urging immediate updates" } ], "object_marking_refs": [ "marking-definition--94868c89-83c2-464b-929b-a1a8aa3c8487" ] }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--fcb3a04c-385c-42eb-b705-182a6b5aa115", "value": "engseclabs.com" }, { "type": "url", "spec_version": "2.1", "id": "url--3cb44dd1-b159-43b9-923a-24005c504df0", "value": "https://engseclabs.com/blog/refocusing-vendor-security-on-risk-reduction/" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--f51e922d-73f0-4f29-bb26-dd0b1e987a8f", "value": "semgrep.dev" }, { "type": "url", "spec_version": "2.1", "id": "url--9e99c118-4ffb-41bf-81b9-1a35608f4ff1", "value": "https://semgrep.dev/blog/2025/a-security-engineers-guide-to-mcp/" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--07ac3040-cb4b-460a-a956-4b3c44124fc1", "value": "controlpaths.com" }, { "type": "url", "spec_version": "2.1", "id": "url--48a8cd38-1c63-4947-8351-663f9aa7a606", "value": "https://www.controlpaths.com/2025/09/14/security-privacy-fpga/" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--1c28e84b-097f-4733-993a-7ac87e21683f", "created": "2025-10-02T12:37:26.061Z", "modified": "2025-10-02T12:37:26.061Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'engseclabs.com']", "pattern_type": "stix", "valid_from": "2025-10-02T12:37:26.061Z", "labels": [ "malicious-activity" ], "confidence": 90 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a41ed059-a67a-4e76-a8a0-92d54b3c1c5a", "created": "2025-10-02T12:37:26.061Z", "modified": "2025-10-02T12:37:26.061Z", "relationship_type": "based-on", "source_ref": "indicator--1c28e84b-097f-4733-993a-7ac87e21683f", "target_ref": "domain-name--fcb3a04c-385c-42eb-b705-182a6b5aa115" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--0a3a2dbd-7106-4664-be11-1337bbf604ad", "created": "2025-10-02T12:37:26.063Z", "modified": "2025-10-02T12:37:26.063Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://engseclabs.com/blog/refocusing-vendor-security-on-risk-reduction/']", "pattern_type": "stix", "valid_from": "2025-10-02T12:37:26.063Z", "labels": [ "malicious-activity" ], "confidence": 90 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--46e6607e-70c9-49ee-a0de-debcc4232709", "created": "2025-10-02T12:37:26.063Z", "modified": "2025-10-02T12:37:26.063Z", "relationship_type": "based-on", "source_ref": "indicator--0a3a2dbd-7106-4664-be11-1337bbf604ad", "target_ref": "url--3cb44dd1-b159-43b9-923a-24005c504df0" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--f18a7b53-4af9-47c1-9b7c-ea719df488da", "created": "2025-10-02T12:37:26.064Z", "modified": "2025-10-02T12:37:26.064Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'semgrep.dev']", "pattern_type": "stix", "valid_from": "2025-10-02T12:37:26.064Z", "labels": [ "malicious-activity" ], "confidence": 90 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6bc16616-ea7e-41b5-816c-aa3e592c9f9c", "created": "2025-10-02T12:37:26.064Z", "modified": "2025-10-02T12:37:26.064Z", "relationship_type": "based-on", "source_ref": "indicator--f18a7b53-4af9-47c1-9b7c-ea719df488da", "target_ref": "domain-name--f51e922d-73f0-4f29-bb26-dd0b1e987a8f" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--39969e0e-6a42-48f8-86c4-016ced525745", "created": "2025-10-02T12:37:26.065Z", "modified": "2025-10-02T12:37:26.065Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://semgrep.dev/blog/2025/a-security-engineers-guide-to-mcp/']", "pattern_type": "stix", "valid_from": "2025-10-02T12:37:26.065Z", "labels": [ "malicious-activity" ], "confidence": 90 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--6d2dfd5c-7fb4-4af8-8211-33bc6736686d", "created": "2025-10-02T12:37:26.065Z", "modified": "2025-10-02T12:37:26.065Z", "relationship_type": "based-on", "source_ref": "indicator--39969e0e-6a42-48f8-86c4-016ced525745", "target_ref": "url--9e99c118-4ffb-41bf-81b9-1a35608f4ff1" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--fc536668-6252-43b3-9790-691d15dab976", "created": "2025-10-02T12:37:26.066Z", "modified": "2025-10-02T12:37:26.066Z", "name": "Malicious domain-name indicator", "description": "Malicious domain-name identified in threat intelligence", "pattern": "[domain-name:value = 'controlpaths.com']", "pattern_type": "stix", "valid_from": "2025-10-02T12:37:26.066Z", "labels": [ "malicious-activity" ], "confidence": 90 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bfa54401-8db5-4904-881e-bc0f50122e0d", "created": "2025-10-02T12:37:26.066Z", "modified": "2025-10-02T12:37:26.066Z", "relationship_type": "based-on", "source_ref": "indicator--fc536668-6252-43b3-9790-691d15dab976", "target_ref": "domain-name--07ac3040-cb4b-460a-a956-4b3c44124fc1" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--89af12a8-a0b5-489f-a918-891f77ba60a7", "created": "2025-10-02T12:37:26.067Z", "modified": "2025-10-02T12:37:26.067Z", "name": "Malicious url indicator", "description": "Malicious url identified in threat intelligence", "pattern": "[url:value = 'https://www.controlpaths.com/2025/09/14/security-privacy-fpga/']", "pattern_type": "stix", "valid_from": "2025-10-02T12:37:26.067Z", "labels": [ "malicious-activity" ], "confidence": 90 }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--4c5e6a1c-70ab-4e7a-b771-bf1a089778a0", "created": "2025-10-02T12:37:26.067Z", "modified": "2025-10-02T12:37:26.067Z", "relationship_type": "based-on", "source_ref": "indicator--89af12a8-a0b5-489f-a918-891f77ba60a7", "target_ref": "url--48a8cd38-1c63-4947-8351-663f9aa7a606" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--3ccf4643-404c-417d-85bc-0b368b1ce945", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--d4dc01cb-4a14-446d-9cd3-fdd1cefd029a", "target_ref": "course-of-action--1c85d0cb-4e45-47a7-9dd3-54152a8e9b2a", "description": "CVE-2025-9232 is mitigated by Mitigate CVE-2025-9232" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--0ef57a6f-17d1-4a91-8c00-2a17f19717a4", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--d28d89aa-cbf2-4082-8c7d-f12e4cbbc1e5", "target_ref": "course-of-action--27a72a52-6f78-4d07-a84c-7aa133c190e5", "description": "CVE-2025-9230 is mitigated by Mitigate CVE-2025-9230" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--bf8e0624-2739-44a5-ab55-a45f8d72aeb4", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--55547e99-c350-4537-8c25-1bd1363bd872", "target_ref": "course-of-action--773cc031-ad20-41cb-8131-c53dd418ce97", "description": "CVE-2025-9231 is mitigated by Mitigate CVE-2025-9231" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--2582a70a-8ba8-43cd-bb0e-ee984c8a4837", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--4c0e5b1c-7ed9-414a-b381-b80d47d79f7b", "target_ref": "course-of-action--c764c9c5-e60d-47fe-8e6a-6582be115438", "description": "CVE-2025-9494 is mitigated by Mitigate CVE-2025-9494" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--fc9e10eb-13e7-4f8d-bfdd-4437634fc80d", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--34e8c78f-763a-4e0d-8e9f-b4459433b291", "target_ref": "course-of-action--8248ee55-1a23-4017-9c95-78df4b2c8253", "description": "CVE-2025-58321 is mitigated by Mitigate CVE-2025-58321" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1012210f-d3b5-4cf9-bd27-e78586a555f2", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "mitigated-by", "source_ref": "vulnerability--121c73a0-7bb7-4206-b7cf-6b969ee98b7e", "target_ref": "course-of-action--e53bd24f-66b3-4217-995e-cd1cf7395a54", "description": "CVE-2025-58320 is mitigated by Mitigate CVE-2025-58320" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1679d184-a468-4923-bdad-487a1525abcd", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "targets", "source_ref": "campaign--4464e331-e76f-4c64-8e2c-b8412b393d47", "target_ref": "vulnerability--d4dc01cb-4a14-446d-9cd3-fdd1cefd029a", "description": "CVE-2025-9232 Exploitation Campaign targets CVE-2025-9232" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a0f06376-d22b-431b-8f26-0d89a112007c", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "targets", "source_ref": "campaign--b4114e74-ca8f-438c-9772-c67367966eb5", "target_ref": "vulnerability--d28d89aa-cbf2-4082-8c7d-f12e4cbbc1e5", "description": "CVE-2025-9230 Exploitation Campaign targets CVE-2025-9230" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--e5abe450-b48d-458e-b801-a4aa1d57cde7", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "targets", "source_ref": "campaign--8938bb37-2b94-4067-ae5b-a1d25d26c1bd", "target_ref": "vulnerability--55547e99-c350-4537-8c25-1bd1363bd872", "description": "CVE-2025-9231 Exploitation Campaign targets CVE-2025-9231" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--a2273d2d-ad57-42f5-8b7a-779775acce66", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "targets", "source_ref": "campaign--31a29fa4-155f-4596-b05f-ddf4b8b9a0cc", "target_ref": "vulnerability--4c0e5b1c-7ed9-414a-b381-b80d47d79f7b", "description": "CVE-2025-9494 Exploitation Campaign targets CVE-2025-9494" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--1e11d74a-f2b6-4b11-b90b-c4f9ab5cfb84", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "targets", "source_ref": "campaign--f2e79206-0761-4eaa-9265-6e3897bf3290", "target_ref": "vulnerability--34e8c78f-763a-4e0d-8e9f-b4459433b291", "description": "CVE-2025-58321 Exploitation Campaign targets CVE-2025-58321" }, { "type": "relationship", "spec_version": "2.1", "id": "relationship--64be3b33-82f2-4648-bf37-0ac1404e0cf4", "created": "2025-10-02T12:37:26.752Z", "modified": "2025-10-02T12:37:26.752Z", "relationship_type": "targets", "source_ref": "campaign--1fd27f3f-e96d-4c27-80ea-f11dea0f52b6", "target_ref": "vulnerability--121c73a0-7bb7-4206-b7cf-6b969ee98b7e", "description": "CVE-2025-58320 Exploitation Campaign targets CVE-2025-58320" } ] }

Playbook for the Secure Enterprise