At Help AG, our Managed Security Services (MSS) team offers 24x7x365 monitoring of complex IT security infrastructures to some of the largest enterprises in the region. As a result, we have our eyes keenly fixed on the cybersecurity threat landscape and are among the first in the region to learn and act upon new threats.
Microsoft Releases Security Fixes Addressing Critical and High Vulnerabilities
Microsoft has released 6 security fixes: 2 Critical, 3 High, and 1 Medium.
The update addresses the following CVEs:
- [Critical] CVE-2025-59245 – Microsoft SharePoint Online
Microsoft SharePoint Online Elevation of Privilege Vulnerability.
- [High] CVE-2025-64655 – Dynamics OmniChannel SDK Storage Containers
Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network.
- [Medium] CVE-2025-64660 – Visual Studio Code
Improper access control in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
- [High] CVE-2025-62207 – Azure Monitor Control Service
Azure Monitor Elevation of Privilege Vulnerability.
- [High] CVE-2025-62459 – Microsoft 365 Defender Portal
Microsoft Defender Portal Spoofing Vulnerability.
- [Critical] CVE-2025-49752 – Azure Bastion Developer
Azure Bastion Elevation of Privilege Vulnerability.
RECOMMENDATIONS
- Ensure all systems are patched and updated.
Fortinet Addresses Medium-Severity Vulnerability in FortiADC
Fortinet has released one security fix with medium severity.
The update addresses the following CVE:
- [Medium] CVE-2025-58412 – FortiADC
An improper neutralization of script-related HTML tags in a web page (basic XSS) vulnerability in Fortinet FortiADC versions 8.0.0; 7.6.0 through 7.6.3; 7.4 (all versions); and 7.2 (all versions) may allow an attacker to execute unauthorized code or commands via a crafted URL.
RECOMMENDATIONS
- Ensure all systems are patched and updated.
- Upgrade to FortiADC version 8.0.1 or above
- Upgrade to FortiADC version 7.6.4 or above
UNC1549 Intensifies Operations Against Aerospace and Defense Industries in the Region
Researchers report that UNC1549, a suspected threat group linked to the Middle East region, has continued targeting aerospace, aviation, and defense organizations across the region, expanding on previous findings from 2024. The group employs a combination of tailored phishing campaigns and compromises of third-party suppliers to gain initial access, exploiting weaker security in partner networks to reach more heavily protected primary targets. Active from late 2023 through 2025, UNC1549 has used techniques such as pivoting through service providers, breaking out of third-party VDI environments, and conducting role-specific phishing. Once inside, the actors use advanced lateral movement and credential theft methods, including stealing source code for spear-phishing operations and deploying custom tooling like DCSYNCER.SLICK for DCSync attacks. Their operations focus on long-term persistence and stealth, leveraging dormant backdoors, reverse SSH-based C2, and infrastructure designed to blend into the victim’s industry environment.
RECOMMENDATIONS
- Apply the principle of least privilege to minimize access to sensitive systems and data.
- Enforce Multi-Factor Authentication (MFA) for all accounts, especially administrative ones.
- Regularly patch and update internet-facing systems to mitigate vulnerability exploits.
- Conduct awareness programs to educate users about phishing attacks and social engineering tactics.
- Monitor your network for abnormal behaviors and Indicator of Compromise (IoCs)
Google Chrome Addresses High-Severity V8 Engine Vulnerabilities
Google Chrome has released seven High-severity security fixes, all addressing Type Confusion vulnerabilities in the V8 JavaScript engine. The affected CVEs (CVE-2025-13223, 13224, 13226, 13227, 13228, 13229, 13230) impact Chrome versions prior to the latest patched builds. These vulnerabilities could allow a remote attacker to trigger heap corruption by convincing a user to open a crafted HTML page, potentially leading to further exploitation.
RECOMMENDATIONS
- Ensure all systems are patched and updated.
SpearSpecter Campaign Employs Advanced Tactics to Target Government and Defense Entities
The SpearSpecter campaign, attributed to an APT group aligned with the Middle East region, is a sophisticated cyber-espionage operation targeting senior government and defense officials, as well as their family members. The group uses highly personalized social-engineering lures, often using WhatsApp to deliver malicious WebDAV-hosted shortcut files. These files deploy the TAMECAT PowerShell-based backdoor upon execution. By leveraging a combination of legitimate cloud services and attacker-controlled infrastructure, the campaign enables stealthy persistence, multi-channel command-and-control, and long-term intelligence gathering.
RECOMMENDATIONS
- Apply the principle of least privilege to minimize access to sensitive systems and data.
- Enforce MFA for all accounts, especially administrative ones.
- Regularly patch and update internet-facing systems to mitigate vulnerability exploits.
- Conduct awareness programs to educate users about phishing attacks and social engineering tactics.
- Monitor your network for abnormal behaviors and IoCs.
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59245
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64655
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64660
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62207
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-62459
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49752
https://fortiguard.fortinet.com/psirt/FG-IR-25-736
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
https://issues.chromium.org/issues/446122633
https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html
https://issues.chromium.org/issues/450328966
https://issues.chromium.org/issues/460017370
https://issues.chromium.org/issues/446113731
https://issues.chromium.org/issues/446124892
https://issues.chromium.org/issues/446124893
https://issues.chromium.org/issues/446113732
https://govextra.gov.il/national-digital-agency/cyber/research/spearspecter/
