Mishcon de Reya page structure
Site header
Menu
Main content section

Monthly Cyber Threats Report - October 2025

Issue 10: October 2025

Monthly Cyber Threats Report - October 2025

Editor's note

Mark Tibbs
Mark Tibbs

Our monthly report prepares cybersecurity practitioners to make better tactical, operational and strategic decisions. We have distilled analysis of key events from the previous month which have learning points that can be actioned to improve security.

News
a black background with orange and blue lights

Cisco under siege: critical firewall vulnerabilities exploited

In September 2025, Cisco released urgent security updates for two newly discovered vulnerabilities affecting both its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) solutions, confirming “attempted exploitation” of both CVE-2025-20333 (severity 9.9) and CVE-2025-20362 (severity 6.5) in the wild.

News
a blue lines and dots

Microsoft fixes Entra ID global admin impersonation flaw

In September 2025, Microsoft released an emergency fix for CVE 2025 55241, a critical flaw in Entra ID (formerly Azure Active Directory). The vulnerability, rated the maximum severity score of 10.0, could have allowed attackers to impersonate any user, including Global Administrators, across tenants.

News
Abstract AI lights

Free VPN Apps: a threat to enterprise and consumer security

A recent study by Zimperium zLabs has exposed significant privacy and security flaws in a large number of free VPN apps. Researchers analysed 800 VPN apps for Android and iOS, and found that many failed to deliver the protection users expect, creating serious risks for any organisations operating a "bring your own device" (BYOD) policy.

Subscribe

Never miss a publication by signing up to our mailing list

Monthly Cyber Threats Report - October 2025 Issues

How can we help you?
Help

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

I'm a client

I'm looking for advice

Something else