Featured image of post Cybersecurity Week in Review: October 28, 2025 – November 3, 2025
NEWS

Cybersecurity Week in Review: October 28, 2025 – November 3, 2025

Cyberattacks, data breaches, zero-days, and global responses—discover the biggest cybersecurity headlines of this week.

By Senthorus SOC

Major Data Breaches

The week was marked by a series of impactful data breaches and ransomware incidents affecting both private and public sectors. A significant campaign exploited vulnerabilities in on-premises Microsoft SharePoint servers, resulting in widespread compromises. Microsoft responded by releasing urgent patches for all on-premises SharePoint Servers, as the attacks—some attributed to China-based threat actors—were linked to the “ToolShell” malware.

A major breach at the U.S. Treasury Department was disclosed, attributed to a China state-sponsored APT actor. This incident compromised multiple offices within the department and was tied to the exploitation of BeyondTrust’s remote support tool, a vulnerability first revealed in December. Additional attacks targeted Ivanti VPN devices, and United Natural Foods suffered a cyberattack that led to supply shortages at retailers including Whole Foods1.

Significant Cyberattacks

Several high-profile cyberattacks unfolded during this period:

  • Microsoft SharePoint Exploitation: Attackers continued to operationalize vulnerabilities in Microsoft SharePoint servers, using them as a springboard for further breaches.
  • Scattered Spider Campaigns: The notorious Scattered Spider group targeted major companies in retail, insurance, and aviation, causing significant operational disruption.
  • SafePay Ransomware Surge: The SafePay ransomware group accelerated its activity, notably disrupting IT distribution giant Ingram Micro.
  • Ivanti VPN and United Natural Foods: Attacks on Ivanti VPN devices and United Natural Foods underscored the broad impact and reach of cyber threats during the week1.

Critical Vulnerabilities & CVEs

A critical vulnerability in Cisco IOS XE devices (CVE-2023-20198, CVSS 10.0) was actively exploited. This flaw allows remote, unauthenticated attackers to create privileged accounts and seize control of affected systems. The Australian Signals Directorate (ASD) reported ongoing attacks using a previously undocumented implant, BADCANDY, with hundreds of devices in Australia compromised since July 2025. Variants of BADCANDY have been observed since October 2023, and new attacks continued into late 2025. China-linked threat actors, such as Salt Typhoon, weaponized this vulnerability to breach telecommunications providers2.

CISA released new advisories and added several vulnerabilities to its Known Exploited Vulnerabilities Catalog, emphasizing the urgency of patching and mitigation3.

Government Cybersecurity Advisories & CISA Alerts

CISA was active throughout the week, issuing multiple alerts and advisories:

  • October 30, 2025: Two new known exploited vulnerabilities were added to the CISA catalog.
  • Industrial Control Systems: Two ICS advisories were released on the same day.
  • Microsoft Exchange Guidance: New best practices for Exchange Server security were published.
  • Windows Server Update Service: An out-of-band update was released to address CVE-2025-59287 on October 24, 2025.
  • Threat Intelligence: CISA provided detailed information on current cyber threats, including tactics, techniques, and recommended detection and mitigation actions3.

FBI Cyber Warnings

While no specific FBI cyber warnings were detailed in the available sources for this week, the ongoing reporting of state-sponsored and ransomware attacks, along with government advisories, highlights the elevated threat environment and the need for continued vigilance13.

Cybersecurity Conferences

No major cybersecurity conferences were reported within the specified date range in the available sources.

New Security Tools

OpenAI announced the launch of “Aardvark,” an agentic security researcher powered by its GPT-5 large language model. This autonomous agent is designed to emulate a human security expert, capable of scanning, understanding, and patching code to help developers and security teams identify and remediate vulnerabilities at scale2.

Summary

The week of October 28 to November 3, 2025, was defined by persistent ransomware campaigns, major data breaches, and the exploitation of critical vulnerabilities—most notably in Cisco IOS XE and Microsoft SharePoint. Government agencies, particularly CISA, responded with a series of advisories and urgent guidance. The introduction of advanced AI-powered security tools like OpenAI’s Aardvark signals ongoing innovation in the field, while the breadth and velocity of attacks reinforce the necessity for robust incident response and proactive security measures231.

Sources:

  • 1: Weekly Cybersecurity Roundup, October 28 – November 3, 2025
  • 2: Security advisories and vulnerability reports, October–November 2025
  • 3: CISA Alerts and Government Advisories, October–November 2025

For further details and direct source URLs, please refer to the original reporting and advisories cited above.

© 2025 Senthorus Blog