Like a tsunami washing over the cybersecurity landscape, in recent weeks we have seen an onslaught of alarming vulnerabilities and exploits. These threats are complex and are serious threats to all software and systems. Our Common Vulnerabilities and Exposures (CVE) list has skyrocketed. We’ve since added substantial entries affecting Docker Compose, Google Messages for Wear OS, and many other plugins.
We have seen a sharp increase in exploitation by cybercriminal groups, such as the Kinsing hackers, after public disclosures of these vulnerabilities. Recently, advanced new tools and tactics used by malicious actors to target sensitive information and devices have come to light, causing concern among security professionals. Recent attacks have highlighted the vulnerabilities in our industrial control systems. High-profile lawsuits have done real damage to the oil and gas industry.
Notable Vulnerabilities Impacting Software and Plugins
These vulnerabilities are the latest to have received CVE identifiers, and the cybersecurity community is working hard to track and remediate them. CVE-2025-62725 is particularly concerning as it affects Docker Compose, a widely used tool that can expose systems to various attacks. Likewise, CVE-2025-12080 presents risks in Google Messages for Wear OS and can allow attackers to compromise user data.
The LiteSpeed Cache plugin has a serious security flaw, designated as CVE-2025-12450, which can allow attackers to access private and sensitive information. CVE-2025-11705 impacts the Anti-Malware Security and Brute-Force Firewall plugin. These vulnerabilities are a sobering reminder of the importance of security consciousness in plugin development and use.
“Using these vulnerabilities, a malicious actor with access to storage disks can extract all confidential data stored on that disk and can modify the contents of the disk arbitrarily.” – Tjaden Hess
To add to the severity, CVE-2025-55680 impacts the Microsoft Cloud Files Minifilter driver, a component that is crucial to the handling of files and folders. CVE-2025-6325 and CVE-2025-6327 are aimed at King Addons for Elementor plugin users, and CVE-2025-55315 affects QNAP NetBak PC Agent. The vulnerabilities represent a growing trend in which attackers are using holes in widely-used software to take over systems undetected.
Exploits and New Threats in Cybersecurity
The Kinsing hackers have achieved a kind of dark fame for using freshly disclosed vulns in incredibly short order. While painful, their recent attacks have made it obvious that a pattern exists and it is one well-known in cybersecurity. When the public finds out about a vulnerability, attempts to exploit it often skyrocket.
Introduced below are twelve malicious Visual Studio Code extensions that were recently discovered to be engaged in nefarious activity and reported to Microsoft. They are stealing proprietary and sensitive information and putting in backdoors in development environments. This case serves as a reminder about the developing threat of malware built into integrated development environments (IDEs).
“Malware in IDE plugins is a supply chain attack channel that enterprise security teams need to take seriously.” – HelixGuard
Additionally, four new RATs were recently found using Discord for their C2 operations. This striking tactic gives attackers a new way to bypass detection and other security approaches by embedding hostile activity within communications channels that are otherwise understood and trusted.
Industrial Control Systems at Risk
Recent reports indicate that a Canadian oil and gas company fell victim to an incident involving Automated Tank Gauge (ATG) manipulation. This case is a representation of the increasing worry about industrial control systems (ICS) and their susceptibility against cyber threats. As more and more industrial equipment becomes interlinked and interconnected, the potential harm that a cyberattack on our critical infrastructure could cause only increases.
MITRE is bringing a positive impact to these challenges. Asset objects are an area of expansion. This improvement will further enable the modeling of industrial equipment to be represented within their ATT&CK framework. The new models seek to better bridge the gaps between siloed, sector-specific terminology and help all stakeholders better understand how an attack may play out.
“And in ICS, new and updated Asset objects expand the range of industrial equipment and attack scenarios ATT&CK can represent, including improved connections across sector-specific terminology through Related Assets.” – MITRE
Beyond the conventional external threats, cybercriminals are going directly after your employees via social media sites such as LinkedIn. Security experts have noted that phishing lures delivered via these channels can be disturbingly powerful. They hook people in settings where they expect to be getting a normal, legit message.
“Sending phishing lures via social media apps like LinkedIn is a great way to reach employees in a place that they expect to be contacted by people outside of their organization.” – Push Security