AI Security Weekly Mid-Week Brief

September 25, 2025

Author

Andres Guillen
September 24, 2025

Pulse Check

Escalating: Chrome zero-day under active exploitation, patch required
Trending: Agentic AI arrives for threat intelligence workflows
Progress: MSPs gain access to enterprise-grade threat hunting via AI

🔴 ACTIVE THREATS

Microsoft Entra ID Flaw Enables Global Admin Takeover
Microsoft silently patched CVE-2025-55241 (CVSS 10.0), a critical vulnerability that allowed attackers to impersonate Global Admins across any Entra ID tenant. Detection was nearly impossible due to a lack of logging.
Status: Auto-patched July 17, exploit window unclear
Action: Confirm all clients patched; review Entra audit logs from June–July
Source

🚨 Chrome Zero-Day Added to CISA KEV Catalog
CVE-2025-10585, a V8 type confusion bug that has been exploited in the wild, was added to the CVE list. All Chrome users are exposed. This marks the 6th actively exploited Chrome zero-day in 2025.
Patch: Update to v140.0.3485.81+ immediately
Source

🚨 SolarWinds Issues Third RCE Patch for Web Help Desk
CVE-2025-26399 is the third failed attempt to patch an RCE vulnerability in WHD, affecting asset and ticketing systems. Prior patches (CVE-2024-28986/28988) were bypassed and exploited.
Patch: Apply 12.8.7 HF1 or isolate WHD now
Source

🟡 MIDWEEK UPDATES

CrowdStrike Launches Threat AI for Autonomous Threat Intel
CrowdStrike's Threat AI introduces agentic automation to malware analysis and hunting. It mimics elite analyst workflows and outputs actionable defense recommendations.
Security Angle: AI is now a core defender—not just an attacker advantage
Source

Ransomware Cripples European Airport Infrastructure via Vendor
The Collins Aerospace MUSE outage disrupted check-in systems at Heathrow, Dublin, and other locations. ENISA confirms ransomware on a 3rd-party vendor. Suspect arrested.
Implication: SLA blind spots on vendor-originated disruption
Source

MSP Stack Risk: SolarWinds Weakness Targets IT Core Tools
WHD is often embedded in MSP operations. Repeated RCE flaws expose support desks to elevated attack risk, threatening continuity for MSP clients.
MSP Relevance: Evaluate alternative ITSM platforms
Source

💬 QUICK HITS

  • 🛠 Microsoft rebrands Entra ID and revamps token validation → Link

  • 💬 ConnectWise rotating code-signing certificates after compromise → Link

  • 📉 2025 MSP pricing pressure rising amid vendor consolidation → Link

Midweek Focus:
Patch critical software (Chrome, WHD), assess vendor SLAs for supply-chain threats, and plan AI upgrades for SOC capabilities.

#Cybersecurity #MSPNews #AIThreatIntel #PatchNow