In partnership with
Welcome back to The CyberSignal Weekly Briefing — your weekly digest of what’s shifting in the cybersecurity landscape with a focus on the US and Canada. As usual, we’re pulling together the most significant developments from last Thursday through today.
From data breaches and zero-day vulnerabilities to attack-campaign updates and regulatory shifts, this edition gives you the full picture — along with what you need to do next.
Whether you’re a CISO, IT security leader, or frontline practitioner, this is your action-oriented update.
Let’s dive in.
Find out why 100K+ engineers read The Code twice a week.
That engineer who always knows what's next? This is their secret.
Here's how you can get ahead too:
Sign up for The Code - tech newsletter read by 100K+ engineers
Get latest tech news, top research papers & resources
Become 10X more valuable
🔎 Overview: What Shifted in Cyber Since Last Thursday
Toys “R” Us Canada breach — names, emails, addresses exposed; identity data, not payment cards. (CityNews Toronto)
Jaguar Land Rover cyber incident — factory disruptions and supply-chain impact. (Cybersecurity Dive)
Sotheby’s breach — customer financial and banking information compromised. (SecurityWeek)
Microsoft Patch Tuesday — 172 vulnerabilities fixed, three zero-days already exploited. (CyberScoop)
Lanscope Endpoint Manager flaw (CVE-2025-61932) added to CISA’s Known Exploited Vulnerabilities Catalog. (eSecurityPlanet)
ESET’s “Operation Dream Job” exposes North Korean social-engineering targeting of defense contractors. (The Hacker News)
🔥 Key Incidents & Analysis
The retailer confirmed a third-party data exposure involving names, emails, and mailing addresses — with no passwords or credit cards stolen.
Why it matters: Even contact-only datasets enable large-scale phishing, impersonation, and fraud. Regulators are watching disclosure delays closely.
Action: Encrypt identity fields, audit vendor data handling, and test dark-web monitoring for leaked customer lists.
Manufacturing and supply-chain operations were disrupted for days after a cyberattack on backend systems.
Why it matters: OT/IT convergence leaves auto manufacturers highly exposed.
Action: Strengthen network segmentation between production and corporate IT, and rehearse incident response continuity scenarios.
Sotheby’s confirmed unauthorized access to banking and financial details of select clients.
Why it matters: High-net-worth customer data brings extortion and reputational risk.
Action: Treat all customer financial interfaces as critical infrastructure; enforce MFA and adaptive risk controls.
October’s update fixed 172 vulnerabilities, including CVE-2025-24990 and CVE-2025-59230, which are already being exploited.
Action: Prioritize deployment across Windows Server, Exchange, and Office 365 environments; track CISA KEV for active exploitation.
CVE-2025-61932 (CVSS 9.8) allows unauthenticated RCE in Motex Lanscope Endpoint Manager.
Why it matters: Endpoint management systems often hold privileged access across entire fleets.
Action: Patch immediately or disconnect affected instances pending vendor fixes.
ESET found threat actors posing as defense recruiters to deliver malware and exfiltrate design data.
Action: Educate employees and contractors on targeted social engineering; validate any unsolicited job communications before engagement.
✨ AI Tool Spotlight:
Personalized Onboarding for Every User
Quarterzip makes user onboarding seamless and adaptive. No code required.
✨ Analytics and insights track onboarding progress, sentiment, and revenue opportunities
✨ Branding and personalization match the assistant’s look, tone, and language to your brand.
✨ Guardrails keep things accurate with smooth handoffs if needed
Onboarding that’s personalized, measurable, and built to grow with you.
📈 Data & Research Corner
Ransomware hits critical sectors hardest: Half of 2025 ransomware attacks targeted manufacturing, healthcare, energy, and transportation — a 34% global increase. (Industrial Cyber)
Endpoint exploitation on the rise: CISA added four new CVE entries to its KEV list this week, reflecting a steady uptick in attacks on enterprise management tools.
Identity data now the new gold: Analysts note that non-financial identity leaks cause a 58% rise in subsequent phishing incidents within 30 days. (Source: IBM X-Force Q3 Data Report 2025)
⚠️ Threat & Vulnerability Highlights
Threat / CVE | Summary | Risk to You |
|---|---|---|
Microsoft Zero-Days | CVE-2025-24990 & CVE-2025-59230 — active exploitation of Windows/Exchange. | Patch urgently across enterprise systems. |
Lanscope CVE-2025-61932 | Unauthenticated RCE in endpoint manager. | High — fleet-wide privilege risk. |
Operation Dream Job | Espionage campaign via fake job offers. | Critical for defense/engineering firms. |
Retail and Luxury Breaches | Toys “R” Us & Sotheby’s data exposures. | Identity & financial data fraud risk. |
🛡️ Actionable Playbook for CISOs & IT Leaders
Patch Microsoft and Lanscope systems immediately.
Strengthen vendor oversight — third-party breaches keep spreading.
Expand identity protection and dark-web monitoring beyond financial data.
Harden HR and recruiting security training to counter fake job offers.
Test segmentation between IT and OT before year-end.
🏛️ Regulatory, Legislative & Structural Shifts
Canada’s Privacy Commissioner urges faster breach disclosures under PIPEDA.
U.S. States tightening notification rules for identity data exposures.
CISA KEV Expansion adds endpoint and middleware CVEs to its high-priority list.
📊 Poll of the Week
Which area keeps you up at night after this week’s incidents?
🔭 Looking Ahead
Expect new ransomware waves targeting manufacturing and supply chains.
Endpoint and network management tools remain prime exploit targets.
Consumer and luxury brands face rising data monetization attacks.
More clarity coming on cross-border identity data regulations.
💡 Pro Tip of the Week
Add endpoint management systems to your threat-hunting rotation.
Baseline configurations and alert on unauthorized policy changes — attackers are now using these tools as launchpads.
🔒 Conclusion
This week showed that risk is spreading across domains — from factory floors to luxury auction houses and every vendor in between. Identity, trust, and time to patch are the new front lines.
For CISOs and IT leaders: move fast on patching, tighten vendor governance, and treat all personal data as mission-critical.
Thanks for reading this edition of The CyberSignal Weekly Briefing.
Till next week,
The CyberSignal Team
📩 Found this roundup useful? Share The CyberSignal with a colleague who needs to stay ahead of cyber threats.
Stay Ahead with Daily CyberSignal Reports
Upgrade to The CyberSignal Daily for morning reports with the latest breaches, CVEs, and actionable insights before your day begins.