- Mycomputerspot Security Newsletter
- Posts
- Market & Momentum - 10/03/2025
Market & Momentum - 10/03/2025
New Exchange zero-day, ransomware revival, and a CISA alert on critical Fortinet flaws... This week’s cyber weather is all high pressure.
J.W. Croley
November 03, 2025
In partnership with
Will A Book Grow Your Business?
No one buys a beach house from selling a book. They buy the beach house from the opportunities the book gets them.
Author.Inc helps experts, executives, and entrepreneurs turn expertise into world‑class books that build revenue, reputation, and reach.
Their team—behind projects with Tim Ferriss and Codie Sanchez—cuts through uncertainty to show whether your book can realistically hit those targets.
Schedule a complimentary 15‑minute call with Author.Inc’s co‑founder to quantify potential ROI from your offers, speaking engagements, royalties, and more.
This isn’t writing advice. It’s a strategic consultation to decide whether now is the right time to put pen to paper.
If it’s a go, they’ll show you how to write and publish it at a world-class level. If it’s a wait, you just avoided wasting time and money.
Since late Friday, the Open VSX registry rotated tokens after a supply-chain misuse attempt, CISA directed patching for exploited VMware Aria/Tools flaws via KEV, researchers detailed active zero-day abuse of Lanscope Endpoint Manager, and a University of Pennsylvania donor data breach claim began fueling targeted phishing. Expect CI/CD hygiene and access control work to lead your week.
Trend (macro) | Global Likelihood | Direction | Commentary |
|---|---|---|---|
Supply-chain registry tampering (dev ecosystems) | 72% | 🔺 Rising | Token exposure at Open VSX shows how quickly packages/plugins become delivery vehicles. |
Enterprise management stack exploitation (VMware Aria/Tools) | 64% | 🔺 Rising | CISA ordering patches after confirmed in-the-wild use suggests copycat waves this week. |
Endpoint/admin console zero-days (Lanscope) | 61% | 🔺 Rising | China-linked activity abusing CVE-2025-61932; expect scanning and opportunistic hits. |
Credential abuse & tailored phishing after breach claims | 56% | ➡ Stable | UPenn donor data claim likely fuels spear-phish against alumni and affiliated orgs. |
Patch-fatigue / change-management errors | 49% | 🔺 Rising | Multiple urgent advisories in one window increase the odds of mis-sequenced changes. |
Open VSX token rotation after supply-chain attack attempt — Registry owners shortened token lifetimes and tightened revocation following malicious extension activity.
CISA KEV flags exploited VMware Aria/Tools flaws — Agencies ordered to patch; private sector should mirror timelines for Aria-managed Tools privilege escalation.
BRONZE BUTLER (Tick) exploiting Lanscope zero-day — Sophos details targeting of Japanese enterprises and the admin-console vectors in play.
Lanscope CVE-2025-61932 confirmed as in-the-wild zero-day — Additional actor/TTP specifics and exploitation window reinforce urgency.
UPenn donor breach claim (1.2M records) under review — Data-theft claim likely to catalyze targeted phishing; monitor for list reuse.
Free email without sacrificing your privacy
Gmail tracks you. Proton doesn’t. Get private email that puts your data — and your privacy — first.
Registry trust erosion: Exposed tokens + quick weaponization = extend SBOM checks to plugin registries, not just package managers.
“Manage-the-managers” risk: Aria/Tools and similar stacks bridge on-prem and cloud—one foothold spans many tenants.
Console zero-days = admin takeover: Lanscope exploitation delivers SYSTEM-level control; credential rotation alone won’t save you.
Breach-to-phish pipeline endures: High-value donor/exec lists are prime lure fuel for BEC and vendor impersonation.
Supply-chain (Open VSX): Freeze extension updates; compare current manifests to known-good hashes; rebuild CI with fresh tokens and scoped permissions.
VMware Aria/Tools: Patch per KEV, restrict mgmt interfaces, monitor for anomalous Aria/Tools API calls, and unexpected Tools guest ops.
Lanscope (CVE-2025-61932): Patch/disable vulnerable versions; review admin audit logs; hunt for backdoor indicators noted by Sophos/JPCERT.
UPenn breach fallout: If you intersect with UPenn donors/alumni, set MFA step-up on unusual geography/devices and run a targeted phish drill.
Ops pacing: Sequence changes by exploit-confirmed first, then internet-facing exposure, then internal. Document risk accepts for anything deferred.
Speed beats scope. Ship the few patches that matter most, then widen the aperture.
Exploited first means patched first.
Velocity defines resilience. Patching is not a project; it’s a pulse.
J.W.
(P.S. Forward to your CISO / Add to Board Briefing!)
Business news as it should be.
Join 4M+ professionals who start their day with Morning Brew—the free newsletter that makes business news quick, clear, and actually enjoyable.
Each morning, it breaks down the biggest stories in business, tech, and finance with a touch of wit to keep things smart and interesting.