Infosec bits for 2025 week 40

Zoya Vilakazi | Oct. 4, 2025, 9:16 a.m.

Cybersecurity News:

Why South Africa is the top target for cyber attacks and how to stay safe [Koketso Phasha, IOL]

DEWA and Fortinet Strengthen Digital Transformation with Strategic Cybersecurity Agreement [Akim Benamara, TechAfrica News]

NIST publication warns that USB devices pose serious cybersecurity threats to ICS, offers guidance for mitigation [Anna Ribeiro, Industrial Cyber]

How to Close Threat Detection Gaps: Your SOC's Action Plan [The Hacker News, The Hacker News]

Breaches and Attacks:

Red Hat confirms security incident after hackers breach GitLab instance [Lawrence Abrams, Bleeping Computer]

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer [Ravie Lakshmanan, The Hacker News]

Vulnerabilities and Patches:

High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter [Ionut Arghire, Security Week]

Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Unauthorized JavaScript code [Guru Baran, Cybersecurity News]

Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro [Ravie Lakshmanan, The Hacker News]

Linux 6.17 Released With Fix for use-after-free Vulnerabilities [Guru Baran, Cybersecurity News]

Microsoft Defender bug triggers erroneous BIOS update alert [Sergiu Gatlan, Bleeping Computer]

Sneaky, Malicious MCP Server Exfiltrates Secrets via BCC [Jai Vijayan, Dark Reading]

Ransomware:

Akira Hits SonicWall VPNs in Broad Ransomware Campaign [Alexander Culafi, Dark Reading]