F5 is a Seattle-based company known for its networking software. Its products are used by numerous Fortune 500 companies and the US federal government, with the company claiming its BIG-IP line of server appliances alone is used by 48 of the world’s top 50 corporations.
We bring this up because, as we were writing this cybersecurity news roundup (October 15), the company disclosed a serious breach followed by an emergency directive from CISA (Cybersecurity and Infrastructure Security Agency).
An unnamed nation-state actor is believed to be behind it, and has been dwelling for the “long-term,” which researchers take to mean years. The attackers are known to have obtained configuration settings some customers use within their networks, which, along with the source code, gives them the capacity to launch supply-chain attacks on potentially thousands of networks.
Both F5 and outside analysts told Ars Technica’s Dan Goodin that there’s a significant risk of sensitive credentials being abused as a result of this incident.
Investigators from firms including Google Mandiant and CrowdStrike haven’t found evidence of data compromises yet, and F5 has rotated certificates and released updates, but CISA stressed the “imminent risk” and need for “emergency action.”
Per CISA, the attack “could allow the threat actor to move laterally within an organization’s network, exfiltrate sensitive data, and establish persistent system access, potentially leading to a full compromise of targeted information systems.”
This introduces our bi-monthly cybercrime roundup, which was shifted back to mid-month to accommodate the pace of AI changes.
In today’s article, we cover the 2025 Defcon hacker convention, AI cybersecurity updates, the US court system breach, reports on phishing training effectiveness, and a quick roundup of malware and ransomware trends making the news for this period.
But first, we spotlight two of the biggest stories: the NPM worm and the ongoing attacks on company Salesforce instances.
The Headliners: NPM Package Malware Attack and Salesforce Instance Data Breaches
NPM (initially npm for node package manager) was originally a community-built package manager for the Node.js JavaScript runtime environment.
Today it’s massive, and run by GitHub, and in September we learned that 18 of its most popular packages (with over two billion weekly downloads) had been updated to include malicious code.
There were actually two incidents here, one focused on malware to redirect crypto transactions in browsers, and the second a self-replicating worm that became far more dramatic and problematic.
The former was quickly contained, resulting in a reported loss of only around $1000 over four days.
But the latter, called Shai-Hulud after the giant worms in Dune, ran wild before containment. Self-replicating, it searched over available resources for credentials and ultimately infected more than 500 packages (per CISA updates). As reported by KrebsonSecurity, it even briefly infected a number of packages used by CrowdStrike, publishing stolen credentials to a public GitHub repository.
In cloud-specific configurations, the malware even used AWS, Azure, and Google Cloud Platform secrets. International Computer Science Institute researcher Nicholas Weaver called the worm “a supply chain attack that conducts a supply chain attack,” and said that all such package repository models must adopt MFA and require explicit human consent as a result of this attack.
“Allowing purely automated processes to update the published packages is now a proven recipe for disaster.”
In late September, GitHub removed the infected packages and announced updates that will require MFA from now on for local publishing.
This attack initially began with phishing, using extremely effective emails (claiming to be from NPM) convincing maintainers to update their MFA information.
Phishing was also the initial attack vector for another of the major attacks of this period, the breaching of numerous corporate Salesforce instances.
We’ve written about this campaign twice, first examining how the Workday breach unfolded as an example of the tactics used, and at the end of September we covered how it has evolved, incorporating OAuth token abuse.
Check out those articles for more.
About Phishing Training Effectiveness…
We’ve written about phishing and phishing training a lot in this roundup, and our founder and CEO has also covered it in his newsletter in some depth.
Aside from opening the door to all manner of cybers attacks, AI is also making it far easier for hackers to craft convincing phishing materials, and one of the major criminal groups (Scattered Spider) has built a reputation on incorporating highly effective voice calls (vishing) into this mix that pose as IT teams.
But research profiled by the Wall Street Journal in September suggests that corporate phishing training is often far less effective than companies would like.
A study focused on 20,000 employees at UC San Diego Health examined the effectiveness of a very common training program and determined that, while security awareness improved right after the training, it fell off rapidly in the months that followed.
Even worse, the failure rate for employees targeted by phishing attacks remained high throughout. In the worst cases, this meant just a 1.7% improvement, up to a max of 19% from Q&A-based training.
One of the paper’s co-authors, University of Chicago’s Grant Ho, acknowledged that the training itself could be to blame, saying that maybe the “mandatory online format is something that users inherently will not learn from.”
In our own experience, two things that really bolster phishing awareness training include:
- Ensuring ready points of contact are accessible whenever an employee has a question about a communication (and that they’re not afraid to take advantage of it).
- Launching unannounced simulations at least as good as the best examples out there now. These do not aim to call employees out for reprimand but instead can reinforce protocol in a powerful fashion.
Defcon 2025 Highlights
The 33rd annual Defcon (aka DEF CON, DEFCON, DefCon) hacker convention was in August, and this year’s takeaways included:
- Passkeys were supposed to replace passwords and solve our ongoing credentials leak nightmare. But researchers from SquareX showed that browsers can be tricked to intercept or fake the authentication process. They assert the cryptographic basis of passkeys remains sound, but that browsers can be a weak link in the chain.
- Zero Trust was also put through the paces, with researchers from AmberWolf writing a highly critical report on ZTNA providers. While the premise of never trust, always verify was praised, the UK-based research team found serious vulnerabilities in the ZTNA products from several major vendors.
- Like at all conferences touching on tech (and beyond), AI was heavily featured, including promos for products boasting agentic threat intelligence, real-time security scanning of AI code execution, AI SOC systems handling tier-1 triage, AI agent management for MCP environments, products offering AI risk evaluations all the way to promising to secure all forms of AI (from public chatbots to embedded SaaS to proprietary systems), ZTNA copilots, workflow-friendly AI summaries for investigation research, and governance systems for GPT-based and Codex agents.
AI-Powered Cybercrime and Defense Adoption
While LLMs have been huge boons to phishing and creating effective fraud attacks, their use more broadly in cybercrime has been slower, or at least harder to detect.
This is changing, with evidence AI agents are beginning to be deployed on the hacker side, too.
The Cybernews in September profiled an example called HexStrike AI, that utilizes some 150 specialized tools to aid in criminal pursuits. Built off a penetration-testing framework, it deploys agents capable of scanning, exploiting, and maintaining access to targets.
Accessible and capable of self-direction, it’s just another example of how agentic AI and defensive tools can be turned against their founders.
Another tool being turned against its creators is vibe coding, with Wired reporting in late August on the arrival of AI-generated ransomware. Security researchers warn that these tools are already being used to generate and tailor malicious code with customizable payloads, lowering the bar to entry and accelerating the work for hackers, too.
AI systems also continue being targeted, and one popular way is through prompt injection. LLMs struggle to tell desired instructions from undesired, and hence so-called poisoned commands that are invisible to viewers can be digested to wreak havoc.
These come in various forms, from calendar invites to emails to web pages to PDFs. These unwanted prompts can lead systems to leak data or attempt to lure users to dangerous resources.
Anthropic, working with the UK AI Security Institute and the Alan Turing Institute, warned in October that just 250 poisoned documents in AI training can cause even a billion-parameter system to collapse. Prior to this research, it was believed that a much larger portion of the data would need to be corrupted.
They showed that just 0.00016% of the data (250 documents at a minimum) could do it, raising concerns about the safety of training datasets overall.
Anthropic’s Other AI Warning
In late August, Anthropic claimed to have caught a hacker using its products to find vulnerabilities and exploit them to extort over 17 different companies.
Though they were unnamed, this included a defense contractor, financial institution, and several healthcare companies. Among the stolen information: Social Security numbers, bank accounts, sensitive medical information, and files related to defense information regulated by the State Department.
Continued Warnings on Deepfake Cyber Threats
We’ve been writing about deepfakes in these roundups for months, but with the newest step in video tools (like Sora 2), deepfakes are easier to create and more convincing than ever.
OpenAI said in October it would pause some celebrity representations made on its platform as it “strengthens guardrails for historical figures.”
A report released in October by security firm Ironscales also found that 85% of midsized companies have already experienced some form of deepfake or AI-voice fraud, with more than half (55%) suffering financial losses as a result.
The majority of AI phishing scams still use static images, though using audio and video in these approaches is on the rise.
Fire vs Fire: AI in Cybersecurity Adoption as of October 2025
Here’s an updated look at the state of AI integration in defense from the ISC2:
A number of companies are actively working to deploy AI-driven ransomware detection, and Google in September announced theirs, at least for Google Drive for desktop.
Going beyond typical malware detection, it uses an AI model trained on millions of actual files that have been hit by ransomware to provide real-time analysis and quickly contain any encryption that is underway. When found, it immediately stops syncing and allows users to restore data from unimpacted backups.
Like most of these solutions, this remains limited by the provider—you only get protection for files in Google Drive on desktop, not anything else—and it works as a treatment, not a protection.
CISA’s Deadline and the US Court System Hacked (Again)
A critical Linux Sudo flaw was uncovered earlier this summer that let attackers run commands at root even if they weren’t in the super users list. This led to an emergency update, and millions of systems were impacted.
CISA warned that this is still being actively targeted and remains unpatched in too many cases. The organization gave a deadline of October 20 for federal civilian agencies to get this patched, along with four other bugs listed in their catalog.
In August, reports also revealed a breach of the US federal judiciary’s electronic case systems (discovered in July). This compromised sealed court records and exposed sensitive legal filings across multiple districts. It may also have included sensitive data like confidential informants. Multiple outlets (like Politico and The New York Times) have linked the attack with Russia and is also believed to play on vulnerabilities discovered back in 2020.
The attack conjured recent healthcare and industrial attacks by forcing courts onto backup paper filing systems. The CM/ECF and PACER systems overall face “unrelenting security threats,” a federal judge told Congress this summer, and needs replacement.
Cybersecurity Roundup Quick Hits and Updates
It’s been a bad few months for automobile manufacturers, with several involved in recent breaches. As covered in a recent PTP Report on the Salesforce campaign, Jaguar Land Rover was shut down for some five weeks, suffering a reported $2 billion in lost revenue and impacting numerous businesses throughout their supply chain.
The most recent target was Volkswagen France, which suffered a ransomware attack launched by the Qilin group. The hackers claim to have exfiltrated sensitive client data, vehicle VIN numbers, sales information, and authentication and access control details.
Also making news:
- Huawei suffered a significant data breach reported in October, with hackers claiming it included sensitive intellectual data like source code and technical manuals.
- Japanese beer producer Asahi suffered an attack in late September which, like the JLR incident, required a suspension of production at its breweries and also prevented them from shipping existing inventory. Orders had to be processed by hand, phone, and even fax to get the beer moving again.
- Oracle’s E-Business Suite was exposed by another zero-day vulnerability, with Security Week reporting in mid-October that Harvard is the first confirmed victim. The Cl0p ransomware group claimed responsibility and made available a file of over 1.3 TB of stolen data, though Harvard has now patched the vulnerability and says there is no evidence of additional compromises. Information typically stored in this system can include financial, customer, supplier, HR, and inventory data. Oracle released critical patches in both July and October for zero-day vulnerabilities and warned companies to monitor for incidents that may have occurred.
- AT&T was again in the Cybernews at the start of September for a hack that could have exposed 24 million users. The attackers posted a sample that includes SIM and device IDs as well as owner information. This is concerning due to the possibility it could open the door to SIM-swapping attacks.
Conclusion
That concludes our roundup taking us into fall. Keep an eye out for upcoming cybersecurity reports, including the shifting nature of cybercrime organizations (and explosion of smaller groups) behind the surge in ransomware attacks.
As always, for the cybersecurity professionals you need, onsite or off, onshore, nearshore, or offshore, talk to PTP!
And to catch up, check out our cybersecurity news roundup coverage to date from 2025:
References
Thousands of customers imperiled after nation-state ransacks F5’s network, Ars Technica
Self-Replicating Worm Hits 180+ Software Packages, Krebs on Security
How Effective Is Corporate Cybersecurity Training? Not Very, It Seems, The Wall Street Journal
DEF CON research takes aim at ZTNA, calls it a bust, Network World
Black Hat 2025: Latest news and insights, CSO Online
Major NPM attack steals only $1K as “blueprint for future Web3 fraud” evolves, Users unaware their passkeys are hijacked, DEF CON 2025 shows, Cybercrime revolutionized with an AI “brain” that unleashes automated cyberattack mayhem and Hackers exploiting critical sudo flaw: CISA wants five bugs gone by October 20th, Cybernews
The Era of AI-Generated Ransomware Has Arrived, Wired
How many malicious docs does it take to poison an LLM? Far fewer than you might think, Anthropic warns, Techradar Pro
A hacker used AI to automate an ‘unprecedented’ cybercrime spree, Anthropic says, NBC News
Deepfake Awareness High at Orgs, But Cyber Defenses Badly Lag, Dark Reading
Hack of federal court filing system exploited security flaws known since 2020, Politico
What to Make of the U.S. Federal Court Breach(es), Institute for Security + Technology
JLR supply chain firms surveyed on shutdown impact, BBC
Qilin claims cyber attack on Volkswagen Group France, CyberDaily
Repeated cyber attacks act as a stark reminder this Cybersecurity Awareness Month, IT Pro
