Get ready for the ISC Stormcast for October 23rd, 2025! In this episode, we dive into cyber weather forecasts that even your grandma could understand, and discuss the latest digital downpours and malware mist. Tune in for tech tidbits that make cybersecurity sound as easy as pie.

CISA has added a new vulnerability to its Known Exploited Vulnerabilities Catalog. CVE-2025-61932 in Motex LANSCOPE may cause federal network havoc if not addressed. While this directive targets federal agencies, CISA recommends everyone keep their cybersecurity shields up—because who needs a surprise cyberattack on their to-do list?

Our honeypots were hit with POST requests to “/cgi-bin/webctrl.cgi,” aiming to exploit an OS command injection vulnerability. Was it a new twist on CVE-2025-34033 or just an attacker pulling a Homer Simpson? Either way, validating it is trickier than explaining quantum physics to a cat.

Moroccan threat actors are jingling all the way to the bank with the Jingle Thief campaign. Targeting gift card systems during festive seasons, these cyber grinch impersonators steal credentials through phishing and smishing, bypassing Microsoft 365 defenses. Secure your holiday shopping, because these naughty list members are leaving no trace except sleigh bells.

Get ready for the ISC Stormcast podcast, where we break down the latest cybersecurity news with humor sharper than a firewall’s edge. Tune in on Wednesday, October 22nd, 2025, and discover why this podcast is the perfect blend of tech talk and laughs.

Oracle’s October 2025 Critical Patch Update has landed with 374 new security patches. Remember, there’s no prize for skipping updates – except maybe a starring role in a hacker’s success story! Stay on supported versions and apply these patches pronto to keep your systems secure.

EfficientLab WorkExaminer Professional is under siege with multiple vulnerabilities. Brace yourself for CVE-2025-10639, CVE-2025-10640, and CVE-2025-10641! It’s like a security breach party, and everyone’s invited.

The Verbatim Store ‘n’ Go Secure Portable HDD, despite its latest security update, can be cracked like a walnut at a squirrel convention. With offline brute-force attacks, your data could be as exposed as a streaker at a football game. Who knew “secure” could be so ironically insecure?

The Verbatim Store ‘n’ Go Secure Portable SSD, touted for its AES 256-bit encryption, faces an offline brute-force attack due to a risky cryptographic design. Despite a security update, the drive is as secure as a chocolate teapot, leaving data vulnerable to anyone persistent enough to play passcode bingo.

The Verbatim Keypad Secure USB drive, despite its AES 256-bit encryption, is vulnerable to offline brute-force attacks. With the latest update, it’s like locking your front door but leaving the windows open. The drive’s design flaw allows attackers to guess passcodes and access encrypted data, giving new meaning to “secured by design.”

Unleash your inner cyber-sleuth! The Malvuln MISP-compatible feed is now live, offering malware-vulnerability intelligence mapped to the MITRE ATT&CK framework. Perfect for researchers and CTI pipeline enthusiasts. Existing data is ready for exploration—new entries coming soon. Feedback welcome!

In a world where industrial control systems face more drama than a soap opera, CISA has dropped 10 new ICS advisories. They’re the ultimate plot twist in cybersecurity, revealing vulnerabilities and offering solutions. Don’t miss out!

Attention, science enthusiasts and tech wizards! Beware of the MinKNOW software’s vulnerabilities, giving hackers the opportunity to play God with your DNA sequencing. Remember, your network isn’t a dating site; don’t let strangers connect! For safety, upgrade to newer versions and keep the remote access on a tighter leash to avoid unwanted surprises.

Raisecomm’s RAX701-GC devices have a security flaw that lets remote attackers bypass authentication and gain root access. The vulnerability, with a CVSS v4 score of 9.3, allows SSH sessions without credentials. Raisecomm hasn’t responded to mitigation requests. Stay safe by securing your network and using updated VPNs. View CSAF for more details.

CloudEdge cameras may be a hacker’s dream, thanks to hard-coded credentials. The vulnerability allows cybercriminals to tune into your live video feed, turning your home into their favorite reality show. Users should update their systems and follow recommended security measures to avoid being the unwitting stars of “CloudEdge: Unplugged.”

Siemens RUGGEDCOM devices are under attack! Vulnerabilities in their cryptographic algorithms could let hackers join the party uninvited. If you’re running these devices, it’s time for a reboot—literally and figuratively. Check Siemens’ ProductCERT Security Advisories for the latest updates. The cyber world is a jungle, and Siemens is your guide.

CISA has pressed pause on updating Siemens product vulnerability advisories, leaving the latest plot twists to Siemens ProductCERT Security Advisories. Keep an eye on SIMATIC S7-1200 CPU vulnerabilities, where improper input validation and authentication bypass are headlining. Remember, even robots need TLC—tender loving cybersecurity!

View CSAF to discover the latest in vulnerability fashion: Uncaught Exception. It’s the must-have exploit of the season, scoring a dazzling CVSS v4 8.7. Ensure your Compact GuardLogix 5370 stays in vogue by updating to version 30.14. Remember, denial-of-service is only stylish when it’s not happening to you!

Brace yourself, tech aficionados! The 1783-NATR device by Rockwell Automation is under siege, with a CVSS v4 score of 9.9. Vulnerabilities include missing authentication, cross-site scripting, and cross-site request forgery. Upgrade to version 1.007 or later to dodge a denial-of-service or accidental admin account takeover. View CSAF for more laughs—or mitigations!

In the wake of the “Beijing Time Incident,” it’s time to talk about syncing your network’s clocks. Consider pool.ntp.org, where servers compete for top time-telling honors. While it’s reliable for most, those needing pinpoint precision might want local standards. Time waits for no one, but neither should your network!