“The secret of getting ahead is getting started.” – Mark Twain
With Cybersecurity Awareness Month and the Information Warfare Summit 2025 now behind us, there’s no better time to launch something new.
Welcome to the first edition of The Pinpoint Protocol — a weekly newsletter from Pinpoint Security focused on all things cybersecurity, with a special spotlight on the communities we serve. Our goal? To deliver the best cybersecurity insights you can read in five minutes or less straight to your inbox, once a week.
What to Expect
Each week, you’ll receive:
• A short editorial from one of our team members on a timely security topic.
• A practical security tip you can apply immediately.
• A curated roundup of the top cybersecurity stories of the week.
🔒 Security Tip of the Week
Windows 10 support officially ends today.
Help friends, family, and coworkers upgrade to Windows 11 if possible. If not, discuss options for replacing unsupported devices — or the risks of staying on them.
Friends don’t let friends run unsupported operating systems. – Anonymous
Enjoy what you read? Share it with a colleague, comment on LinkedIn, subscribe, or email us at newsletter@pinpointsecurity.io.
We’d love your feedback.
-Stephen
📰 Weekly News Roundup:
Here is the most recent Cybersecurity news for the past week:
🚨 Microsoft Releases Emergency Patch for Actively Exploited WSUS RCE Flaw
Microsoft issued an urgent, out-of-band (OOB) security update for a critical Remote Code Execution (RCE) vulnerability (CVE-2025-59287) in the Windows Server Update Services (WSUS) role. The flaw was confirmed to be actively exploited in the wild, allowing an unauthenticated attacker to execute code with system privileges, and prompted CISA to issue a mandatory directive for immediate patching.
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
🇯🇵 Japanese Retailer Askul Confirms Data Leak After Ransomware Attack
Japanese office and household goods retailer Askul confirmed that customer and supplier data was leaked following a ransomware attack that disrupted its e-commerce and logistics operations. The breach exposed contact and inquiry information from users of its online stores, with the RansomHouse extortion group claiming responsibility and alleging the theft of 1.1 terabytes of data.
Japanese retailer Askul confirms data leak after cyberattack claimed by Russia-linked group
🇬🇧 UK Ministry of Defence Contractor Breach Exposes Sensitive Staff Data
A major breach at a third-party maintenance and construction contractor used by the UK Ministry of Defence (MoD) led to the theft of hundreds of sensitive documents. The compromised data included personal information of MoD staff, as well as details about Royal Air Force and Royal Navy bases, with a Russian-linked group claiming responsibility for the espionage.
Russian hackers steal hundreds of UK MoD files in ‘catastrophic’ attack
⚠️ CISA Adds New Actively Exploited Microsoft Windows SMB Flaw to Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-33073, an Improper Access Control vulnerability in the Microsoft Windows Server Message Block (SMB) Client, to its Known Exploited Vulnerabilities (KEV) Catalog. The flaw is being actively exploited for privilege escalation on affected Windows systems.
CISA Adds Five Known Exploited Vulnerabilities to Catalog
💬 New ‘Baohuo’ Malware Found Hidden in Altered Telegram X Messenger
Security researchers uncovered Baohuo, a sophisticated malicious backdoor hidden inside altered versions of the Telegram X messenger application. Unlike typical stealers, Baohuo grants cybercriminals near-total control over victims’ Telegram accounts, allowing them to read messages, manage chats, and manipulate channel memberships without the victim’s knowledge.