👋 Hello and happy Monday!
Welcome to the CyberSignal Weekend Roundup — your Monday morning download of everything that happened in cyber over the weekend, so you can start the week ahead of the curve.
This weekend proved that even as agencies scramble to patch zero-days, attackers are moving faster. Thousands of Cisco ASA firewalls remain exposed despite CISA’s Emergency Directive 25-03, and Oracle rushed an emergency patch for a critical E-Business Suite zero-day already under active exploitation.
Meanwhile, a ransomware attack on a Florida healthcare network disrupted services — a reminder that healthcare remains one of the most targeted and high-impact industries in cybersecurity.
Here’s what you need to know, what to watch, and what to act on first thing this week.
🗂️ Overview: Quick Guide
50,000+ Cisco firewalls still unpatched — critical ASA zero-days actively exploited
Oracle issues emergency zero-day patch — flaw in EBS being abused
Florida healthcare network hit by ransomware — systems forced offline
CISA impact deepens during shutdown — reduced capacity amid rising threats
Quick tip: Verify firewall patch status and audit third-party dependencies right away
🔝 Top Stories
Over 50,000 Cisco ASA / FTD devices remain vulnerable to CVE-2025-20333 and CVE-2025-20362, which are being actively exploited. Reports from TechRadar note that U.S. devices lead exposure, and Cisco’s own advisories confirm attempts at exploitation.
Action: Urgently patch, isolate unsupported hardware, and follow CISA’s mitigation guidance.
Oracle released a patch for CVE-2025-61882, a critical vulnerability being weaponized in active ransomware campaigns.
Action: Apply the patch immediately. Monitor logs for anomalous EBS module access.
A ransomware assault targeted a Florida healthcare network, disabling systems across hospital and outpatient services. Public reporting highlights the strain on care delivery, staff workflow, and data access.
Lesson: Healthcare remains a priority target — enforce segmentation, maintain air-gapped backups, and improve detection.
Note: U.S. shutdown complicates federal support and investigation efforts.
With much of CISA furloughed, key functions like threat alerts, interagency coordination, and vulnerability guidance are delayed.
Implication: Organizations must lean on internal threat ops and commercial intel while federal capabilities are limited.
⚠️ Threat Watch
Cisco ASA zero-days — already under exploitation; patch or mitigate urgently.
Vendor-to-infrastructure exploit — attacks like Collins show vendor compromise can cascade.
Sensitive personal data leaks — Kido hack underscores high reputational / regulatory risk.
📊 Quick Hits
🧬 Biotech / research vendor breaches are increasing.
📧 Phishing campaigns invoking “CISA alerts” surged over the weekend.
📂 Public cloud repo exposures remain a persistent problem — many tied to code leaks.
🔍 Security role demand (firmware / OT) continues climbing in posted job trends.
📝 Looking Ahead
Expect new zero-days targeting network and infrastructure gear.
Healthcare and public sector incidents may multiply as threat actors probe weakened defense.
Regulators in both U.S. and Canada will press harder on breach disclosures.
Watch for follow-up campaigns exploiting Oracle / Cisco themes.
🚀 Pro Tip of the Week
Enable firmware integrity monitoring on your critical devices (firewalls, routers). Maintain known-good baselines, and alert on any unsigned or drifting firmware changes — attackers now embed persistence at hardware/ROM levels.
🔒 Conclusion
This weekend showed that threats now cross layers — infrastructure, application, vendor dependencies — often simultaneously.
🎯 For CISOs and security leaders: patch fast, audit dependencies, and assume federal support may be delayed.
Till next Monday,