Cybersecurity
Apr 18, 2025
Sep 29, 2025
•
3 min read
As we step into a new week, a few important cybersecurity developments broke over the weekend. Below is a concise overview — and a reminder of why vigilance (and strong VPN/zero-trust habits) matter now more than ever.
🔐 Major incidents & vulnerabilities
1. Cisco firewall zero-days under active exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive for federal agencies after the discovery of two critical vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower firewall devices: CVE-2025-20333 (remote code execution) and CVE-2025-20362 (privilege escalation). Attackers tied to the ArcaneDoor (a.k.a. “Storm-1849”) campaign are actively exploiting these flaws, embedding persistence mechanisms that can survive reboots and upgrades.
Lesson for network defenders: This is a stark warning that infrastructure-level defenses (even widely deployed firewalls) must remain under continuous scrutiny. Patching quickly, employing defense-in-depth, and proactively monitoring for anomalies are nonnegotiable.
2. Maryland Transit / Transportation agencies hit by ransomware
The Rhysida ransomware gang claimed responsibility for a breach of the Maryland Transit Administration (MTA), demanding a roughly $3.4 million ransom. The attackers posted sample documents including driver’s licenses, passports, Social Security cards, and private records. Meanwhile, the Maryland Department of Transportation (MDOT) also had sensitive data placed for auction on the dark web, including employee home addresses, birthdates, and identification documents.
This is a potent example of how horizontally connected systems in public agencies are under threat — and how one breach often cascades into exposure across multiple agencies.
Read more on Industrial Cyber and WTOP News.
3. Harrods confirms third-party data breach
Luxury department store Harrods warned that personal information (names, emails, phone numbers, postal addresses) of nearly half a million customers may have been exposed via a third-party service provider breach. Importantly, Harrods states that its internal systems were not breached and that no payment or password data was exposed. Still, the reputational fallout and regulatory risk (especially in GDPR jurisdictions) are significant.
4. Ransomware in local government: Ohio county hit
In the U.S., Union County (Ohio) disclosed a ransomware attack that impacted 45,487 residents and employees. Sensitive data stolen includes Social Security numbers, driver’s license data, medical info, and more. While the attack may have occurred earlier (May), the public disclosure over this weekend reminds us that many incidents surface weeks or months after intrusion.
🎯 A Message from OpenVPN
In a world where even your infrastructure is under threat, strong network segmentation and encrypted communications matter more than ever. Here’s how responsible organizations can harden their posture:
-
Enforce Zero Trust everywhere — not just in theory but in execution.
-
Ensure end-to-end encryption for all traffic — including device-to-cloud and inter-service.
-
Maintain visibility and detection even over encrypted links (e.g. via secure inspection, logging, anomaly detection).
-
Don’t trust any single layer — deploy defense-in-depth across endpoint, network, and application.
-
Monitor third-party integrations continuously; require least privilege, audits, and contractual SLAs.
-
Prepare recovery plans — backup, segmentation, forensics — so that when a breach hits, you respond swiftly.
Ready to get started? Try OpenVPN for free.
