Cybersecurity Weekly Update: 3-10 November 2025

1. Linux kernel vulnerability now under active ransomware exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has raised the alarm over a long-standing Linux kernel flaw (CVE-2024-1086) being actively abused in ransomware campaigns. (TechRadar)

Why it matters: Many enterprises — especially in finance, defence and education — rely on Linux for server and infrastructure environments. A vulnerability capable of local privilege escalation leaves those systems at risk of being leveraged by ransomware actors.

Action: Ensure all Linux systems are patched (or disabled where impossible to patch). Monitor for local privilege escalation activity, especially on netfilter/nf_tables modules.

2. Massive funding round underlines growth in cybersecurity investment

Armis, a security company specialising in device / asset visibility across enterprise networks, raised US $435 million in a funding round that values it at approximately US $6.1 billion. (Wall Street Journal)

Why it matters: This signals that organisations and investors see cyber-risk and asset visibility as critical. This emphasises that maturity in asset-management, IoT/OT security and visibility is increasingly a business differentiator.

Action: Review your device/asset inventory posture, especially for OT/IoT systems and non-traditional endpoints. Consider investing in visibility and monitoring if not yet done.

3. Supply-chain and development-toolchain attacks continue to proliferate

Security firms reported a major campaign (codenamed “PhantomRaven”) that poisoned more than 100 malicious npm libraries targeting developer environments across Windows, Linux and macOS. (Acronis) Additionally, other reports highlight zero-day and supply chain exploits targeting IT management tools. (Paratus Cybersecurity)

Why it matters: Sectors such as defence, healthcare and finance depend heavily on software development and third-party tools. A compromise in the software supply chain or CI/CD pipeline can lead to pervasive lateral movement and broad data exposure.

Action: Audit your supply-chain risk: review npm (or equivalent) dependencies, apply strict controls on developer environments, rotate credentials/tokens, enforce signed/package integrity and monitor for anomalous dependency behaviour.

4. AI & identity-governance efforts ramp up as threat landscape evolves

New cybersecurity tools and identity/governance solutions are being announced. For example, OpenText introduced AI-powered identity and access management (IAM) capabilities. (Osterman Research)

Why it matters: As hybrid work and remote access become entrenched, identity becomes the new perimeter. The rise of AI-powered attacks heightens expectation for more advanced IAM, zero-trust and continuous monitoring.

Action: Ensure identity governance is a strategic focus: review privileged access, enforce least privilege, adopt micro-segmentation and explore AI-/behaviour-based analytics for identity lifecycle and anomaly detection.

Key Recommendations

• Patch immediately: Address the Linux kernel vulnerability and review all critical infrastructure for timely updates.

• Strengthen supply-chain hygiene: Vet dependencies, developer toolchains and third-party libraries; enforce secure development practice.

• Enhance asset visibility: Especially for organisations operating across OT/IoT, ensure full inventory, monitoring and anomalous behaviour detection.

• Focus on identity and governance: Adopt or enhance IAM, zero-trust access, and AI-augmented threat detection frameworks.

• Invest in skills and regional collaboration: Leverage local events (like THREAT 2025) for training, networking and shared threat intelligence.