Hi everyone, Jon Rogers here. I’ve always thought of cybersecurity as a lot like navigating a long, winding road—you don’t need to see every turn to know how to handle the next one. You stay alert, trust your instincts, and rely on the fundamentals that keep you steady. The same goes for hiking a new trail or tackling a new project: it’s about reading the terrain, adjusting as you go, and remembering that progress is built on preparation.
🔒 Security Tip of the Week:
Take time this week to review your alerting rules and dashboards. Make sure they’re tuned to highlight what matters most—not just what’s noisy. A clean, focused signal helps you see the road ahead more clearly and keeps your security operations running smooth, no matter the conditions.
If you need help identifying where to start with your Security program or how to get to that next level of program maturity, contact Pinpoint Security today!
-Jon
📰 Weekly News Roundup:
Here is the most recent Cybersecurity news for the past week:
🚨 Microsoft Issues Emergency Patch for Actively Exploited WSUS RCE Vulnerability
Microsoft released an urgent, out-of-band (OOB) patch for a critical Remote Code Execution (RCE) vulnerability (CVE-2025-59287) in the Windows Server Update Services (WSUS) role. The flaw, which was being actively exploited in the wild, allows an unauthenticated attacker to gain full control of the WSUS server, prompting immediate action for remediation.
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
🚗 JLR Ransomware Attack Costs Estimated at £1.9 Billion, Most Expensive in UK History
A severe ransomware attack that crippled Jaguar Land Rover’s (JLR) IT systems earlier this year has now been estimated to have caused losses of £1.9 billion, making it the most financially damaging cyber incident in UK history. The attack, which halted production for weeks, caused a significant slump in car output and severely disrupted the global supply chain.
JLR hack ‘is costliest cyber attack in UK history’
⚠️ CISA Adds New Microsoft Windows SMB Flaw to Actively Exploited Catalog
The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-33073, an Improper Access Control vulnerability in the Microsoft Windows SMB Client, to its Known Exploited Vulnerabilities (KEV) Catalog. The flaw is being actively leveraged for privilege escalation on various Windows versions, particularly older ones, and requires all Federal Civilian Executive Branch agencies to patch immediately.
CISA Adds Five Known Exploited Vulnerabilities to Catalog
🇨🇳 Cyber Espionage Group Hits European Defense Firms with Sophisticated RAT
Multiple European defense manufacturers, particularly those involved with UAV/drone technology, have been targeted in a cyber espionage campaign. The attacks resulted in ScoringMathTea RAT (Remote Access Trojan) infections, delivered via trojanized GitHub projects and fake job-offer lures, leading to the theft of proprietary UAV designs and sensitive manufacturing knowledge.
🎓 Major Australian University Confirms Student Data Breach
A significant data breach at a major Australian university was detected mid-week, with hackers accessing sensitive student data that included financial, health, and personal details of thousands of individuals. The university has initiated notifications to affected students and is currently investigating the scope of the incident.
Australian University Student Data Breach