September Edition
Back to School, Back to Cyber Basics
This month, we’re taking a fresh look at the cyber landscape as organizations return to post-summer routines. From Patch Tuesday zero-days to global espionage campaigns and large-scale data breaches, the past few weeks have delivered important lessons in resilience and readiness. Feel free to join the conversation, share your perspective, and let’s continue sharpening our defenses for the season ahead.
Microsoft Patch Tuesday: Fixes and Failures. Microsoft’s August Patch Tuesday addressed 107 vulnerabilities across Windows, Office, SharePoint, Hyper-V, and Azure, as well as one publicly disclosed zero-day in Windows Kerberos. These patches closed dangerous gaps, but some created new headaches. Users reported disappearing SSDs and broken “Reset My PC” functions, prompting Microsoft to issue out-of-band fixes.
This dual lesson is particularly relevant as schools, universities, and businesses reboot after Summer. Delayed patching leaves systems open to exploitation, but untested patches can derail operations at the worst time.
In September’s Patch Tuesday, Microsoft addressed around 80 vulnerabilities. Among these are two publicly disclosed zero-day vulnerabilities.
Microsoft Zero Days over the past 30 days:
Next Steps:
Prioritize critical and zero-day patches.
Pilot patches in test groups before deployment.
Ensure backups are current and recovery plans are practiced.
Salt Typhoon Global Espionage Campaign. The FBI and global partners warned in August that Salt Typhoon, a Chinese state-backed group, has been compromising routers in over 80 countries. By exploiting known flaws in backbone, provider-edge, and customer-edge routers, the group modified configurations, created privileged accounts, and built stealthy long-term access. Targets included telecoms, healthcare, government, and critical infrastructure.
What makes this campaign so dangerous is its invisibility. Once a router is compromised, attackers can intercept traffic, pivot deeper into networks, and remain undetected for months. For small enterprises running unmanaged or outdated network gear, the risk is often overlooked until it’s too late.
Next Steps:
Patch router firmware immediately.
Audit configs for unauthorized changes.
Rotate privileged accounts.
Extend monitoring beyond endpoints to network infrastructure.
TransUnion Breach via Salesforce Supply Chain. In September, credit reporting giant TransUnion confirmed a breach exposing data on 4.4 million individuals. The incident is tied to ShinyHunters, who exploited Salesforce integrations through OAuth tokens and third-party CRM connections. This supply-chain style attack highlights how vendor and SaaS integrations are now prime entry points.
Because credit data is foundational for identity verification, this breach is especially severe. Unlike a password, your credit history can’t be reset. Victims face long-term identity theft and fraud risks.
Next Steps:
Treat SaaS/vendor integrations as critical infrastructure.
Audit OAuth tokens and third-party permissions.
Monitor data flows in and out of cloud apps.
Consumers should freeze credit and use monitoring tools.
APT41 Phishing Campaign Targeting U.S. Trade Officials. APT41, another Chinese state-linked group, launched a spear-phishing campaign impersonating Rep. John Moolenaar, Chairman of the House Select Committee on the Chinese Communist Party. Malicious emails, discovered in early September, targeted trade groups, law firms, think tanks, and government entities, requesting input on draft trade legislation. Opening the attachment deployed malware.
This campaign combines state-level objectives, impersonation, and cloud/AI techniques — a potent mix for cyber espionage. By targeting policymakers and trade groups, attackers could gain access to sensitive negotiation data, influencing outcomes and undermining trust.
Next Steps:
Enforce DMARC, SPF, and DKIM to combat spoofing.
Train staff to spot spear-phishing, especially from “official” senders.
Restrict external attachments in sensitive workflows.
Share indicators of compromise with partners and regulators.
Global Breaches: 17.3 Million Records Exposed in August. An IT Governance report revealed that 30 breaches and cyber-attacks in August 2025 exposed more than 17.3 million records. Victims spanned telecom (Bouygues Telecom, 6.4M), finance (TransUnion, 4.4M), and insurance (Farmers), with many more smaller incidents tied to SaaS misconfigurations and third-party vendors.
The trend is clear: data exposure is pervasive, and supply-chain dependencies are often the weak point. For organizations, the regulatory, financial, and reputational risks keep piling up. For individuals, repeated exposure means your personal data may already be “out there” multiple times.
Next Steps:
Map and assess all third-party/vendor data flows.
Harden configurations and tighten permissions.
Monitor for new disclosures involving your vendors.
Provide affected individuals with clear notifications and monitoring options.
That's all for this edition. Stay safe. Stay vigilant. Stay resilient.