Wednesday War Room – 10/08/2025

This week, the threat landscape has been dominated by a series of high-impact breaches that underscore the fragility of our interconnected digital ecosystem.

Author

J.W. Croley
October 08, 2025

In partnership with

Privacy-first email. Built for real protection.

Proton Mail offers what others won’t:

  • End-to-end encryption by default

  • Zero access to your data

  • Open-source and independently audited

  • Based in Switzerland with strong privacy laws

  • Free to start, no ads

We don’t scan your emails. We don’t sell your data. And we don’t make you dig through settings to find basic security. Proton is built for people who want control, not compromise.

Simple, secure, and free.

From major enterprise software providers to critical infrastructure and even the tools we use to build the next generation of software, no sector has been spared.

The past 72 hours have been a brutal reminder that the attack surface is vast and the adversaries are relentless.

Red Hat GitLab Breach: A Supply Chain Nightmare

Risk Level: Critical

Business Impact: Massive supply chain compromise, exposure of sensitive government and financial data

What You Need to Know: Red Hat confirmed on October 8th that its consulting GitLab instance was breached by the "Crimson Collective" threat group. Security researchers reported that the attackers claim to have stolen 570GB of data from over 28,000 repositories, affecting more than 800 organizations, including Bank of America, JPMorgan Chase, Verizon, AT&T, the U.S. Navy, the U.S. Senate, and the National Security Agency.

Why This Matters:

  • This is a catastrophic supply chain attack with potential national security implications.

  • The breach of a major open-source provider like Red Hat gives adversaries a treasure trove of information to launch further attacks.

  • The high-profile nature of the victims guarantees intense scrutiny from regulators and the public.

Executive Actions:

📦 Immediately assess your organization's relationship with Red Hat and determine potential exposure.

🔐 Review all credentials and access permissions related to Red Hat consulting engagements.

🧱 Monitor for any suspicious activity related to Red Hat products or services in your environment.

📊 Prepare for potential third-party risk management inquiries from your customers and partners.

GoAnywhere Zero-Day: Medusa Ransomware Unleashed

Risk Level: Critical

Business Impact: Remote code execution, data encryption, business disruption

What You Need to Know: Security researchers disclosed a critical zero-day vulnerability (CVE-2025-10035) in GoAnywhere Managed File Transfer (MFT) software being actively exploited by the Storm-1175 threat group to deploy Medusa ransomware. Microsoft researchers confirmed that the flaw allows unauthenticated remote code execution, giving attackers full control of vulnerable systems, with infections confirmed across multiple organizations.

Why This Matters: 

  • This is another example of a vulnerability in a widely used enterprise product being exploited as a zero-day.

  • The lack of an authentication requirement makes this vulnerability incredibly easy to exploit.

  • The use of Medusa ransomware indicates that the attackers are financially motivated and will likely demand significant ransoms.

Executive Actions: 

📦 Patch all GoAnywhere MFT instances to the latest version on an emergency basis.

🔐 Restrict outbound connections from GoAnywhere servers to only approved endpoints.

🧱 Enable Endpoint Detection and Response (EDR) solutions in block mode to prevent the execution of malicious payloads.

📊 Monitor for indicators of compromise (IOCs) such as unauthorized .jsp files and suspicious PowerShell activity.

Figma Vulnerability: A Threat to AI-Powered Development

Risk Level: High

Business Impact: Remote code execution in developer environments, potential for data exposure

What You Need to Know: Cybersecurity researchers disclosed a command injection vulnerability (CVE-2025-53967) in the Figma Model Context Protocol (MCP) server on October 8th. Imperva researchers discovered the flaw, with a CVSS score of 7.5, could allow attackers to achieve remote code execution. The vulnerability affects AI-powered coding agents like Cursor that interact with Figma, putting developers at risk.

Why This Matters: 

  • This vulnerability highlights the emerging security risks associated with AI-powered development tools.

  • Developer environments are a prime target for attackers, as they often contain sensitive code, credentials, and intellectual property.

  • The use of indirect prompt injection as a potential attack vector is a novel and concerning development.

Executive Actions: 

📦 Ensure that all developers using Figma have updated to the patched version (0.6.3) of figma-developer-mcp.

🔐 Review and harden the security of your developer environments, including access controls and network segmentation.

🧱 Educate developers about the risks of prompt injection and other AI-related security threats.

📊 Evaluate the security of all AI-powered tools used in your organization's development lifecycle.

Leadership Insight:

The events of the past 72 hours demonstrate that the cyber threat landscape is becoming more complex and interconnected than ever before.

We are no longer just defending our own networks; we are defending against the vulnerabilities in our software, the weaknesses in our supply chain, and the ambitions of nation-states.

A proactive, risk-based approach to cybersecurity is no longer a luxury; it is a fundamental requirement for survival in the digital age.

Go from AI overwhelmed to AI savvy professional

AI will eliminate 300 million jobs in the next 5 years.

Yours doesn't have to be one of them.

Here's how to future-proof your career:

  • Join the Superhuman AI newsletter - read by 1M+ professionals

  • Learn AI skills in 3 mins a day

  • Become the AI expert on your team

Veradigm Breach: Third-Party Healthcare Scare

Risk Level: High

Business Impact: Exposure of patient PII and PHI, regulatory fines, reputational damage

What You Need to Know: Veradigm, a major healthcare technology company, disclosed that a third-party breach has affected over 65,000 individuals. Security analysts reported that the breach, which occurred in December 2024, exposed a trove of sensitive data, including names, dates of birth, Social Security numbers, medical records, and health insurance details.

Why This Matters:

  • This incident is a stark reminder of the significant risks associated with third-party vendors in the healthcare industry.

  • The delay between the breach and its disclosure raises serious questions about Veradigm's incident response and vendor management processes.

  • The exposure of both PII and PHI creates a perfect storm for identity theft and medical fraud.

Executive Actions: 

📦 Conduct a thorough review of all third-party vendors with access to sensitive patient data.

🔐 Implement stricter data access controls and monitoring for all third-party connections.

🧱 Ensure that your business associate agreements (BAAs) include clear and stringent security requirements.

📊 Review your cyber insurance policy to ensure adequate coverage for third-party breaches.

Motility Software Ransomware: A Blow to the Automotive Sector

Risk Level: High 

Business Impact: Massive PII exposure, disruption to automotive dealerships, reputational damage

What You Need to Know: Motility Software Solutions, a provider for over 7,000 automotive dealerships, disclosed a ransomware attack that exposed the personal information of 766,000 individuals. Security experts confirmed that the breach, which occurred in August, compromised names, dates of birth, contact details, Social Security numbers, and driver's license numbers.

Why This Matters: 

  • This attack highlights the increasing targeting of specialized software providers as a way to access a large number of downstream victims.

  • The theft of a massive amount of PII creates a significant risk of identity theft and fraud for a large number of people.

  • The automotive sector is a critical part of the economy, and disruptions to dealerships can have a ripple effect.

Executive Actions:

📦 If your organization uses Motility Software, immediately contact them to understand the impact of the breach.

🔐 Review the security of all specialized software providers in your supply chain.

🧱 Implement enhanced monitoring for suspicious activity on systems that interact with third-party software.

📊 Offer credit monitoring and identity theft protection services to any employees or customers who may have been affected.

Chinese Hackers Target Major US Law Firms

Risk Level: Critical

Business Impact: Exposure of sensitive legal data, potential for insider trading, national security implications

What You Need to Know: Intelligence sources reported that Chinese hackers have infiltrated the computer systems of several major US law firms, including the high-profile Washington-based firm Williams & Connolly. Cybersecurity analysts believe the attacks are part of a broader campaign to gain access to sensitive information related to corporate litigation, mergers and acquisitions, and government investigations.

Why This Matters: 

  • This is a classic example of nation-state espionage targeting the legal sector to gain an economic and political advantage.

  • The theft of sensitive legal data can have devastating consequences for clients, including the loss of intellectual property and the compromise of legal strategies.

  • The targeting of high-profile firms like Williams & Connolly indicates a high level of sophistication and determination on the part of the attackers.

Executive Actions:

📦 If your organization works with external legal counsel, inquire about their cybersecurity practices and any potential exposure to this campaign.

🔐 Implement enhanced security controls for all communications and data sharing with external law firms.

🧱 Monitor for any suspicious activity related to your organization's legal matters.

📊 Consider the potential for insider trading or other market manipulation based on stolen legal data.

⚙️ Immediate Leadership Checklist ⚙️

🔄 Review Your Supply Chain Risk: Immediately initiate a review of your organization’s supply chain risk management program, with a focus on software vendors.

📦 Verify Your Patching Cadence: Confirm that your organization has a robust and rapid patching process for critical vulnerabilities.

🧠 Assess Your AI Security Posture: Evaluate the security of all AI-powered tools used in your organization and develop a plan to mitigate the associated risks.

📊 Enhance Your Third-Party Monitoring: Implement enhanced monitoring for all third-party connections and data sharing.

📜 Strengthen Your Legal Sector Defenses: If your organization works with external law firms, implement enhanced security controls for all communications and data sharing.

💡 Stay vigilant, patch promptly, and remember that in cybersecurity, paranoia isn't a disorder – it's a job requirement. 💡

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)

Privacy-first email. Built for real protection.

End-to-end encrypted, ad-free, and open-source. Proton Mail protects your inbox with zero data tracking.