Cyber Briefing: 2025.09.25

Libraesva flaw exploited, ShadowV2 botnet rises, Cisco zero-day patched, AZ schools & MD transit breached, Ukraine hacks Crimea, police bust crypto fraud, UK arrests RTX suspect, Interpol seizes $439M

Sep 25, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Hackers Target Libraesva Email Flaw

Libraesva has released a security update to patch a medium-severity vulnerability in its Email Security Gateway solution. The flaw, which has a CVSS score of 6.1, has been actively exploited by what the company believes to be a state-sponsored threat actor.

2. ShadowV2 Botnet Targets Misconfigured AWS

A new botnet, dubbed ShadowV2, is being sold as a DDoS-for-hire service. It leverages misconfigured Docker containers on Amazon Web Services (AWS) to deploy malware, using a sophisticated toolkit to launch powerful Distributed Denial-of-Service (DDoS) attacks.

3. Cisco Warns Of IOS Zero Day Bug

Cisco recently issued security patches for a significant zero-day vulnerability in its IOS and IOS XE Software, which is currently being actively exploited. This flaw, a stack-based buffer overflow, allows both low- and high-privileged attackers to cause denial-of-service or even gain full system control.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Arizona School District Data Breach

Madison Elementary School District 38 is notifying 35,000 individuals of a data breach that occurred in April 2025 after a ransomware attack by a group called Interlock, which reportedly stole 75 GB of data. The district is offering free identity protection services, which indicates that sensitive personal or financial information may have been compromised.

5. Ransomware Gang Claims Maryland Breach

The Rhysida ransomware gang has claimed responsibility for a late-August data breach at the Maryland Transit Administration (MTA), demanding a ransom of $3.4 million. The group has posted what it says are stolen documents, including personal identification, to prove its claim.

6. Ukrainian Hackers Breach Crimean Servers

In an operation that yielded over 100 terabytes of data, Ukrainian cyber specialists successfully infiltrated the computer systems of the Russian-backed authorities in occupied Crimea. This intelligence haul includes critical information on war crimes, such as the abduction of Ukrainian children, as well as documents related to Russian military personnel and the internal struggles of the occupation government.

For more incidents, click here!

Click to Report

📢 Cyber News

7. Police Dismantle Crypto Fraud Ring

European law enforcement has arrested five suspects in connection with a cryptocurrency fraud ring that stole over €100 million from more than 100 victims. The group used professionally designed online platforms to promise high returns, but instead, they funneled victims’ funds into their own bank accounts.

8. UK Arrests Suspect In RTX Ransomware

The UK’s National Crime Agency (NCA) has arrested a man in connection with a ransomware attack that’s causing major disruptions at European airports. The attack targeted Collins Aerospace’s Multi-User System Environment (MUSE) software, which is used by airlines to share check-in and gate resources.

9. Police Seize 439 Million In Cybercrime

Led by Interpol, a five-month global police operation called Operation HAECHI VI seized over $439 million in illicit funds, including cash and cryptocurrency, from cybercriminals. The joint effort involving 40 countries led to the arrest of 45 suspects and the freezing of thousands of bank accounts and cryptocurrency wallets tied to various financial crimes.

For more news, click here!

Check Events

📈Cyber Stocks

On Thursday, September 25, 2025, cybersecurity stocks continued to face downward pressure in line with the broader technology sector, as investors weighed high valuations, macroeconomic headwinds, and competitive dynamics. Despite resilient long-term demand for AI-driven security solutions, the day’s trading reflected cautious sentiment across the industry.

Cloudflare (NET) closed at $217.57, down 2.57%, as selling pressure in high-growth tech outweighed optimism about its AI and edge networking expansion.
CrowdStrike (CRWD) finished at $476.33, down 1.61%, as profit-taking followed recent upbeat guidance while broader macroeconomic concerns dampened momentum.
Okta (OKTA) ended at $89.87, down 2.55%, with competitive challenges in identity management continuing to weigh on investor confidence.
SentinelOne (S) settled at $18.19, down 1.46%, reflecting sector-wide volatility and tempered expectations despite steady adoption of its AI-powered endpoint security.
Rapid7 (RPD) closed at $19.43, down 1.09%, as enthusiasm cooled after recent gains and attention shifted toward execution risks and sustainability of demand.

💡 Cyber Tip

📧 Hackers Exploit Flaw in Libraesva Email Security Gateway

Libraesva has patched a vulnerability in its Email Security Gateway (ESG) that was already being exploited by a suspected state-sponsored group. The flaw allowed attackers to execute commands by sending malicious compressed attachments, giving them a way into targeted networks.

✅ What you should do

Update Libraesva ESG to the latest patched version immediately
If running older, unsupported versions, upgrade to a supported release before patching
Monitor mail servers for unusual activity linked to compressed attachments
Apply strict attachment scanning and sandboxing policies

🔒 Why this matters

This flaw is already being used in real-world attacks by advanced actors. Email gateways are a frontline defense for most organizations, and unpatched systems give attackers a direct route into your network. Fast patching is essential.