In partnership with
Cloudflare blocked the largest DDoS on record, Cisco rushed fixes for an IOS/IOS XE SNMP zero‑day under exploitation, WestJet disclosed passenger data exposure, and Medusa claims a Comcast breach. Patch fast, lock down SNMP, and stress‑test DDoS playbooks.
🚨 Top Stories
Cloudflare blocks record 22.2 Tbps / 10.6 Bpps DDoS
Cloudflare mitigated a hyper‑volumetric attack peaking at 22.2 Tbps and 10.6 billion pps—about double the previous record—autonomously filtered within ~40 seconds. Reports point to a European infra target and possible “Aisuru” botnet sources. SecurityWeek💡 Key Takeaway: Prepare for packet‑rate saturation. Ensure upstream scrubbing with anycast capacity, enforce L4/L7 rate limits, and test fail‑open/fail‑closed modes with real traffic.
Cisco SNMP zero‑day in IOS/IOS XE actively exploited (CVE‑2025‑20352)
A stack overflow in the SNMP subsystem allows low‑priv DoS; with higher privileges, RCE as root is possible. Cisco shipped patches in its Sept 24 bundle; exploitation is confirmed. Cisco💡 Key Takeaway: Patch immediately; if you can’t, restrict SNMP to management networks, disable v1/v2c, and rotate SNMPv3 creds. Validate against Meraki MS390/Catalyst 9300 on CS 17, too.
WestJet discloses passenger data exposure
The airline said a June breach by a “sophisticated criminal third party” exposed some passenger data (no payment data), coordinating with law enforcement and cyber authorities. Reuters💡 Key Takeaway: Airlines and travel tech remain high‑value targets—tighten vendor risk and ensure DPIA/PIA coverage for reservation systems.
Medusa claims Comcast breach (not yet confirmed)
The Medusa ransomware group posted a claim to have exfiltrated ~834 GB from Comcast and is demanding $1.2M; Comcast has not confirmed as of press time. Cybernews💡 Key Takeaway: Treat unconfirmed claims as potential exposure—start intel collection, search for leaked samples, and prep comms/legal in case verification lands.
🛠️ Vulnerability Spotlight
Cisco IOS/IOS XE SNMP (CVE‑2025‑20352)
Impact: DoS (low‑priv) → potential RCE as root (high‑priv).
Scope: IOS/IOS XE with SNMP enabled; included in Cisco’s Sept advisory bundle.
Fix: Apply Cisco updates; restrict SNMP; move to v3; ACL management interfaces. Cisco💡 Key Takeaway: SNMP remains a high‑risk legacy surface—shrink exposure and monitor SNMP auth failures aggressively.
Chrome zero‑day (CVE‑2025‑10585, V8 type confusion)
Status: Exploited in the wild; stable channel updates released (Chrome 140.0.7339.185/.186).
Action: Force enterprise update & browser restart; validate via fleet telemetry. Chrome Releases💡 Key Takeaway: Treat browser zero‑days like OS patches—SLA in hours, not days.
📊 Trend to Watch
Hyper‑volumetric DDoS (pps is the killer)
Recent attacks emphasize packet‑rate over bandwidth, overwhelming routers/firewalls and state tables even when Mbps seems “manageable.” Expect botnets to blend IoT + cloud sources with short‑burst spikes. SecurityWeek💡 Key Takeaway: Tune capacity and controls for pps: offload to scrubbing providers, deploy SYN/UDP amplification protections, and enable adaptive L7 rate limiting with per‑path circuit breakers.
🏛️ Policy & Regulation Watch
DHS & CISA kick off Cybersecurity Awareness Month (Oct 2025)
Federal focus will amplify basic cyber hygiene and critical infrastructure resilience messaging through October. U.S. Department of Homeland Security💡 Key Takeaway: Use the moment—run tabletop exercises and enterprise‑wide phishing + patch campaigns.
UK Data (Use and Access) Act—Section 124 in force Sept 30
Commencement Regs bring an Ofcom duty around information retention tied to investigations—part of the UK’s evolving data framework. Osborne Clarke💡 Key Takeaway: UK operators: review retention/governance policies and ensure discovery workflows align with new obligations.
SEC cyber disclosure regime remains in effect
Public companies must disclose material incidents within 4 business days and detail cyber risk management in periodic reports; enforcement momentum continues. SEC💡 Key Takeaway: Tighten incident materiality playbooks and board‑level oversight documentation.
🧰 Tool / Resource of the Week
CISA: Lessons Learned from an Incident Response Engagement (Sept 23, 2025)
New advisory distills practical IR lessons—alert triage, containment sequencing, credential hygiene, and log retention pitfalls. Useful as a tabletop checklist. CISA💡 Key Takeaway: Convert lessons to controls: codify isolation steps, golden image integrity, and post‑incident hardening tasks
⚡ Quick Hits
Arrest linked to EU airport disruptions: UK authorities arrested a suspect tied to the Collins Aerospace software incident impacting check‑in systems; investigation ongoing. AP News💡 Key Takeaway: Vendor single points of failure = operational risk; rehearse manual fallbacks.
LockBit 5.0 ramps up (Windows/Linux/ESXi): Researchers track active distribution with heavier anti‑analysis and cross‑platform reach. www.trendmicro.com
💡 Key Takeaway: Harden hypervisors; isolate backup systems; enforce MFA on management planes.
Atlassian Sept bulletin: Multiple high‑severity fixes across Data Center products—patch if self‑hosted. Atlassian Documentation💡 Key Takeaway: Treat collaboration suites as Tier‑1 apps; they’re common initial access paths.
Android Sept 2025 security bulletin: Apply 2025‑09‑05+ patch level. Android Open Source Project💡 Key Takeaway: Push mobile OS updates under an enterprise MDM with enforced reboot.
Microsoft Patch Tuesday (Sept): ~80–84 CVEs addressed, including two zero‑days per multiple vendors’ counts. BleepingComputer💡 Key Takeaway: Prioritize Hyper‑V/Graphics/SharePoint fixes; validate after reboot.
XCSSET macOS malware variant targets developers: Expanded data theft, new persistence; Microsoft flagged malicious repos. TechRadar💡 Key Takeaway: Developer endpoints need EDR, build‑chain integrity checks, and signed dependencies.
🛡️ Actionable Defense Move of the Week
Two‑front hardening: DDoS readiness + SNMP exposure reduction
DDoS: Confirm upstream scrubbing SLAs for >10 Bpps; enable BGP Flowspec or provider‑side filters; throttle HTTP/2/3 abuse (RPS caps, connection limits); pre‑stage CDN/WAF failover.
SNMP: Disable v1/v2c; restrict to mgmt VLANs with ACLs; rotate v3 creds; monitor
snmpprocess restarts and auth failures; patch IOS/IOS XE per Cisco bundle. Cisco💡 Key Takeaway: Packet floods and device‑plane bugs are converging—treat network edge like Tier‑0.
📝 Final Word
Attackers are scaling breadth (botnets) and depth (device‑plane vulns) at once. Your best defense this week: reduce exposure you don’t need (SNMP, open mgmt), and practice for the flood you hope never arrives.
That’s it for this week — stay sharp. Share InfoSec.Watch with a teammate so they don’t fall behind.
Build powerful Salesforce segments quickly, no coding or IT support needed.
Build powerful Salesforce segments with ease, no coding or IT support required. Accelerate your marketing campaigns using drag-and-drop tools for smart segmentation.
Empower your team to target the right audience efficiently. Try DESelect Segment now and revolutionize your marketing campaigns!