- Mycomputerspot Security Newsletter
- Posts
- Market & Momentum - 09/29/2025
Market & Momentum - 09/29/2025
Cisco gear under siege, a zero-day in email gateways, and drones ghosting airports. The defense radar is lighting up... act now before breaches get measured in minutes.
J.W. Croley
September 29, 2025
In partnership with
Free email without sacrificing your privacy
Gmail is free, but you pay with your data. Proton Mail is different.
We don’t scan your messages. We don’t sell your behavior. We don’t follow you across the internet.
Proton Mail gives you full-featured, private email without surveillance or creepy profiling. It’s email that respects your time, your attention, and your boundaries.
Email doesn’t have to cost your privacy.
This week’s top alarms came from CISA’s Emergency Directive ED 25-03, ordering agencies to inspect and isolate vulnerable Cisco devices, and Libraesva’s emergency patch for an exploited command injection flaw in its email security gateway.
Meanwhile, drone sightings forced a 4-hour shutdown at Copenhagen Airport, a reminder that hybrid threat vectors now cross digital and physical domains seamlessly.
The perimeter isn’t just your network anymore; it’s every trust chain you lean on.
Trend (broad) | Likelihood (0–10) | Impact (0–10) | What to watch |
|---|---|---|---|
Cisco gear exploitation & persistence | 8 | 9 | Devices under CISA ED 25-03 scrutiny for active compromise |
Email gateway zero-day attacks | 7 | 8 | Command injection in Libraesva ESG (CVE-2025-59689) |
Drone / hybrid physical + cyber disruption | 6 | 8 | Suspicious UAV activity impacting airports and infrastructure |
Phishing campaign innovation | 7 | 7 | New multi-agent/phishing mitigation tools like PhishLumos |
Credential theft & stealth recon | 7 | 7 | AI-driven scanning, evasion of detection, lateral movement |
CISA issues Emergency Directive ED 25-03 — U.S. federal agencies are required to identify and mitigate active compromises of Cisco ASA/Firepower devices after discovery of a new exploit chain.
Libraesva patches CVE-2025-59689 — The email gateway vendor released an emergency fix for an exploited command injection vulnerability allowing remote code execution.
Copenhagen Airport shutdown — Flights were grounded for nearly four hours after repeated drone sightings in restricted airspace.
PhishLumos unveiled — A new multi-agent AI system demonstrated success at detecting phishing campaigns before victims receive malicious emails.
COLDRIVER expands malware arsenal — Russia-linked operators introduced lightweight stagers “BAITSWITCH” and “SIMPLEFIX” to extend persistence in ongoing credential-theft campaigns.
Core network gear is now front-line risk: Cisco devices under directive means attackers are aiming higher in infrastructure.
Email gateways remain attack vectors: Libraesva’s flaw shows even security stacks are not safe.
Hybrid disruption is real: Drones + IT outages signal coordinated physical and digital vectors.
Defense goes upstream: Tools like PhishLumos invert attacker advantage — find campaigns before victims click.
Payload minimalism returns: COLDRIVER’s shifts suggest attackers prefer lightweight, pivotable malware over bloat.
Cisco Directive (ED 25-03): Immediately inventory and segment all Cisco ASA/Firepower devices; apply CISA-recommended isolation/remediation steps.
Libraesva zero-day: Deploy the patch for CVE-2025-59689 across all email gateway instances; validate no fallback exposures remain.
Drone disruption readiness: Test fallback operations for airports, utilities, and physical infrastructure; ensure scalable incident escalation.
PhishLumos strategy: Experiment with analogous proactive phishing-campaign detection tools; begin pilot deployments.
Threat actor minimalism: Tune EDR/EDR rules to detect minimal footprint malware (memory-only, fileless) and beaconing from stubs like COLDRIVER.
When CISA issued ED 25-03, defenders scrambled, and within 48 hours, multiple agencies submitted attestation reports to show remediation.
The window isn’t weeks, it's days.
Those who defend the plumbing (Cisco, mail, drones) today are the ones who survive tomorrow’s breach. Speed + upstream vigilance wins.
J.W.
(P.S. Check out our partners! It goes a long way to support this newsletter!)
Privacy-first email. Built for real protection.
End-to-end encrypted, ad-free, and open-source. Proton Mail protects your inbox with zero data tracking.