Insights

Introduction The Cybersecurity and Infrastructure Security Agency's (CISA) Emergency Directive 25-02 has been issued to address a critical post-authentication vulnerability (CVE-2025-53786) affecting Microsoft Exchange hybrid-joined configurations. This directive requires immediate action from federal agencies to prevent lateral movement attacks from on-premises Exchange servers to the Microsoft 365 (M365) cloud environment. The urgency and mandatory compliance mean that all agencies must complete the outlined actions by August 11, 2025, as failing to do so, could expose sensitive information to malicious actors. Background CISA is alerting agencies about a vulnerability that allows an attacker with administrative access to the on-premises Exchange server to move laterally into the M365 cloud environment. The vulnerability is particularly severe for hybrid configurations that have not yet applied April 2025 patch guidance. Hence, the need for immediate mitigation is highlighted. Required Actions Agencies are required to follow this schedule: By 9:00 AM EDT on Monday, August 11,…

In the latest development in cybersecurity, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent warning about yet another set of zero-day vulnerabilities affecting Windows systems. These vulnerabilities, patched in the May 2025 Patch Tuesday update, have been identified as actively exploited in the wild. The potential impact is severe, with these flaws threatening the integrity of personal and organizational data. Vulnerabilities at a Glance The vulnerabilities in question include: CVE-2025-30400: A use-after-free flaw in the Windows Desktop Window Manager (DWM) Core Library that could lead to privilege escalation, potentially giving attackers SYSTEM-level access. CVE-2025-32701: Another use-after-free bug in the Windows Common Log File System (CLFS) driver, facilitating local privilege escalation to SYSTEM. CVE-2025-32706: A heap-based buffer overflow vulnerability in the CLFS driver, which similarly facilitates local privilege escalation. CVE-2025-30397: A type confusion vulnerability in the Microsoft Windows Scripting Engine that enables remote code execution through…

Operational Technology (OT) systems-such as SCADA, DCS, PLCs, and IIoT-are the backbone of critical infrastructure. These systems, designed for stability and uptime, are increasingly in the crosshairs of threat actors. NIST SP 800‑82r3 provides practical, risk-based guidance for protecting these environments while maintaining safety, reliability, and operational continuity. Below are several critical controls that organizations should prioritise: 1. Network Segmentation and Isolation One of the most effective defences for OT environments is strict separation from IT networks. Implement multi-layered network architectures where critical OT communications occur on the most secure layers. Enforce separation using DMZs, stateful firewalls, and unidirectional gateways to prevent direct IT-OT traffic. Avoid shared authentication-corporate credentials should not grant OT access. 2. Physical Security Controls Physical compromise of OT equipment can be as damaging as a cyber intrusion. Protect sites with layered physical barriers: perimeter fencing, secure doors, locks, and guards. Keep PLCs, safety controllers, and cabinets…

Enterprise security provider SonicWall has issued an urgent advisory urging users of its Gen 7 firewall devices to disable SSL‑VPN services immediately, following a sharp rise in Akira ransomware attacks targeting these appliances. What's Happening In the past 72 hours, SonicWall has observed a "notable increase" in security incidents involving Gen 7 devices with SSL‑VPN enabled. While SonicWall investigates whether the root cause is a known issue or a zero‑day vulnerability, third-party researchers strongly suspect the latter. Why This Is Critical The attack vector begins with SSL‑VPN providing initial access, then attackers rapidly escalate to domain controllers, exfiltrate credentials, disable defences, and encrypt systems. The speed and success-especially in MFA-protected environments-indicate a likely zero‑day exploit in firmware versions 7.2.0‑7015 and earlier, particularly affecting TZ and NSa‑series devices with SSL‑VPN enabled. Recommended Immediate Actions Until SonicWall confirms and patches any vulnerability, Critical Path clients should immediately: Disable SSL‑VPN services where feasible. If disabling…