Wednesday War Room – 09/10/2025

This Wednesday's threat landscape highlights how trusted infrastructure, AI platforms, and critical services are under active, strategic attack by advanced threat actors.

Author

J.W. Croley
September 10, 2025

In partnership with

Trusted by millions. Actually enjoyed by them too.

Most business news feels like homework. Morning Brew feels like a cheat sheet. Quick hits on business, tech, and finance—sharp enough to make sense, snappy enough to make you smile.

Try the newsletter for free and see why it’s the go-to for over 4 million professionals every morning.

Check it out

 

Multiple incidents reveal zero-day exploitation, supply chain risk, and global disruption, with implications for both operational continuity and long-term resilience planning.

Critical Sitecore Zero-Day Under Active Exploitation

Risk Level: Critical  

Business Impact: Remote code execution, data theft, network compromise

What You Need to Know: A critical zero-day vulnerability (CVE-2025-53690) in Sitecore's Experience Platform is being actively exploited in the wild, according to researchers at Google's Mandiant. The flaw, a deserialization vulnerability with a 9.0 CVSS score, allows unauthenticated remote code execution. Attackers are leveraging publicly disclosed ASP.NET machine keys from old Sitecore documentation to gain initial access. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive ordering federal agencies to patch by September 25, 2025.

Why This Matters:

  • Your web infrastructure may be vulnerable even if patched, due to insecure default configurations.

  • This attack demonstrates how outdated documentation can become a significant attack vector.

  • A successful exploit gives attackers a direct path to remote code execution and full network compromise.

Executive Actions:

🔍 Confirm where Sitecore is in use and immediately rotate all ASP.NET machine keys.

🔐 Ensure no systems are using default or example configuration keys from vendor documentation.

🧱 Verify that Sitecore instances are not unnecessarily exposed to the public internet.

🧪 Instruct IT to scan for indicators of compromise related to this threat.

Google Patches 120 Android Flaws, Including Two Actively Exploited Zero-Days

Risk Level: High

Business Impact: Mobile device compromise, privilege escalation, targeted espionage

What You Need to Know: Google's September 2025 Android security update patches 120 vulnerabilities, including two zero-days (CVE-2025-38352 and CVE-2025-48543) that are being actively exploited in targeted attacks. Both flaws allow for local privilege escalation without user interaction, potentially giving attackers full control over a compromised device. Google's Threat Analysis Group (TAG) discovered the flaws, suggesting they were likely used in sophisticated spyware campaigns.

  • Your employees’ mobile devices are a primary target for corporate espionage.

  • Privilege escalation vulnerabilities can bypass existing security controls on mobile devices.

  • The targeted nature of these exploits suggests that high-value individuals are at risk.

Executive Actions: 

📦 Ensure all corporate Android devices are updated to the latest security patch level immediately.

🔐 Review and enforce mobile device management (MDM) policies to restrict unauthorized software.

📊 Request a risk assessment of sensitive data accessible from mobile devices.

📜 Ensure your incident response plan covers mobile device compromise scenarios.

Salt Typhoon Espionage Campaign Reveals 5-Year Infrastructure

Risk Level: High

Business Impact: Long-term espionage, telecommunications targeting, and intellectual property theft

What You Need to Know: Security researchers have uncovered a vast network of 45 domains linked to the Chinese nation-state group Salt Typhoon (also known as UNC4841). The infrastructure dates back to May 2020, revealing a long-term, strategic espionage operation. The group is known for targeting U.S. telecommunications providers and has been linked to the exploitation of zero-day vulnerabilities in Barracuda Email Security Gateways.

Why This Matters: 

  • Your organization may have been a target of this long-running espionage campaign without knowing it.

  • Telecommunications infrastructure is a primary target for intelligence gathering.

  • This demonstrates the patience and persistence of nation-state actors.

Executive Actions: 

🔍 Instruct your security team to review DNS logs for the past five years for the indicators of compromise.

🧱 Verify that telecommunications and network infrastructure are properly segmented and monitored.

🧠 Request a briefing on the organization’s exposure to nation-state threats.

🔄 Review and update your threat intelligence program to include nation-state indicators.

Leadership Insight:

Cybersecurity is no longer about preventing every breach

It's about ensuring the business can function when controls fail. This week proves that even trusted vendors and infrastructure aren’t exempt from exploitation.

Build resilience, not just defenses.

Go from AI overwhelmed to AI savvy professional

AI will eliminate 300 million jobs in the next 5 years.

Yours doesn't have to be one of them.

Here's how to future-proof your career:

  • Join the Superhuman AI newsletter - read by 1M+ professionals

  • Learn AI skills in 3 mins a day

  • Become the AI expert on your team

Bridgestone Manufacturing Cyberattack Disrupts Operations

Risk Level: High

Business Impact: Manufacturing disruption, supply chain impact, operational continuity

What You Need to Know: Tire giant Bridgestone Americas confirmed a cyberattack that has disrupted manufacturing operations at several of its North American facilities. While the company states the attack was contained early, the incident highlights the vulnerability of industrial control systems (ICS) and operational technology (OT). This is the second major cyberattack on Bridgestone in recent years, following a LockBit ransomware attack in 2022.

Why This Matters:

  • Your supply chain is a potential vector for disruption, even if your own systems are secure.

  • Cyberattacks on manufacturing can have significant real-world consequences, including production halts and product shortages.

  • Operational technology (OT) is increasingly being targeted by cybercriminals.

Executive Actions: 

📦 Review and strengthen the security of your industrial control systems and OT networks.

📊 Assess your supply chain dependencies and identify alternative suppliers.

🧪 Test your business continuity and incident response plans for manufacturing disruptions.

📜 Ensure your cyber insurance policy covers operational disruptions from cyberattacks.

US Charges Ukrainian Ransomware Admin

Risk Level: High 

Business Impact: Law enforcement disruption, ransomware ecosystem impact

What You Need to Know: The U.S. Department of Justice has charged a Ukrainian national, Volodymyr Viktorovich Tymoshchuk, for his role as an administrator in the LockerGoga, MegaCortex, and Nefilim ransomware operations. Tymoshchuk is also linked to several other ransomware families. The U.S. is offering an $11 million reward for information leading to his arrest. This action is part of a broader international effort to dismantle ransomware gangs.

Why This Matters: 

  • Law enforcement is actively pursuing and disrupting ransomware operations.

  • International cooperation is increasing the pressure on cybercriminals.

  • This action may lead to a temporary reduction in ransomware activity from these specific groups.

Executive Actions:

🔍 Confirm that your organization has implemented defenses against the TTPs of these ransomware groups.

🔐 Ensure that your incident response plan includes procedures for notifying law enforcement.

🧠 Use this as an opportunity to reinforce cybersecurity awareness training with your employees.

📜 Review cyber insurance coverage and incident response procedures for data breaches.

Lovesac Furniture Company Confirms Data Breach After RansomHub Attack

Risk Level: Medium-High 

Business Impact: Customer data exposure, brand reputation, regulatory compliance

What You Need to Know: American furniture retailer Lovesac has confirmed a data breach resulting from a ransomware attack claimed by the RansomHub group. The breach exposed the personal information of an undisclosed number of customers. RansomHub, though now defunct, was a prolific ransomware-as-a-service operation with a history of high-profile victims. Lovesac is offering 24 months of credit monitoring to affected individuals.

Why This Matters: 

  • The retail sector remains a prime target for ransomware attacks and data extortion.

  • Customer data is a valuable asset for cybercriminals and a significant liability for your organization.

  • A data breach can have a lasting impact on brand reputation and customer trust.

Executive Actions:

📦 Review and enhance security measures for protecting customer data.

🔐 Ensure your ransomware preparedness plan includes strategies for data extortion.

📊 Assess your compliance with data protection regulations (e.g., GDPR, CCPA).

📜 Review and update your customer communication plan for data breach incidents.

⚙️ Immediate Leadership Checklist ⚙️

🔄 Confirm Sitecore and Android patching status organization-wide

📦 Review segmentation of web and mobile infrastructure and vendor patch policies

🧠 Instruct the CISO/CIO to assess business continuity for telecommunications and manufacturing disruptions

📊 Request a Q4 briefing on ransomware readiness and data extortion exposure

📜 Ensure your crisis communications plan includes zero-day and supply chain scenarios

💡 Stay vigilant, patch promptly, and remember that in cybersecurity, paranoia isn't a disorder – it's a job requirement. 💡

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

HR is lonely. But it doesn’t have to be.

The best HR advice comes from those in the trenches. That’s what this is: real-world HR insights delivered in a newsletter from Hebba Youssef, a Chief People Officer who’s been there. Practical, real strategies with a dash of humor. Because HR shouldn’t be thankless—and you shouldn’t be alone in it.