A concise roundup of notable incidents and high-risk exposures (at 08h22 ET on 2025-10-31).
Top attacks and breaches
Telecom supply chain — Ribbon Communications discloses 10-month nation-state intrusion
Reuters reports that a nation-state actor maintained access to Ribbon’s IT network from about December 2024 to early September 2025, with customer files on two compromised laptops accessed. Ribbon provides technology to major telecom operators, so downstream exposure is the concern, not just the initial intrusion.
Source: www.reuters.com/business/…
Suspected nation-state — new Windows malware “Airstalk” used in supply-chain operation
Palo Alto Networks’ Unit 42 detailed a new Windows malware family, Airstalk, assessed with medium confidence to be used by a possible nation-state actor in a likely supply-chain attack. No victim was named, but the TTPs, infrastructure and delivery path make it CTI-relevant.
Source: unit42.paloaltonetworks.com/new-windo…
Vulnerabilities and active exploitation
CVE-2025-41244 — VMware Tools/Aria Operations, exploited by China-linked UNC5174
CISA and multiple threat-intel teams report active exploitation of CVE-2025-41244 in Broadcom VMware Tools and VMware Aria Operations. The exploit lets a local, non-admin attacker on a VM escalate to root; activity is attributed to China-linked UNC5174 and federal agencies were given a mid-November deadline to patch.
Source: thehackernews.com/2025/10/c…
CVE-2025-59287 — Microsoft WSUS RCE under mass exploitation
Attackers are hitting exposed WSUS servers with CVE-2025-59287 to gain unauthenticated remote code execution and then dropping the Skuld infostealer to harvest credentials, browser data and crypto wallets. Microsoft issued an out-of-band fix on Oct. 23 and CISA added the CVE to KEV on Oct. 24; Unit 42 and others confirmed in-the-wild exploitation on Oct. 28–30.
Sources:
www.helpnetsecurity.com/2025/10/3…
unit42.paloaltonetworks.com/microsoft…
Data breaches and exposures
Conduent — breach impacting about 10.5 million individuals
Conduent confirmed that an Oct. 2024 compromise ultimately exposed names, Social Security numbers, dates of birth, health-insurance identifiers and, for some, medical information for roughly 10.5 million people. This is the first public disclosure tying the investigation to that figure.
Source: www.bleepingcomputer.com/news/secu…
Ernst & Young — 4 TB Azure SQL backup exposed
Researchers found a 4 TB SQL Server backup publicly accessible on Microsoft Azure and linked it to EY. EY says access was closed and impact limited, but the size and nature of the backup mean it could have exposed schemas, internal data and credentials.
Source: securityaffairs.com/184062/da…
