Governments and enterprises alike faced escalating challenges as the UK and Australia reported a surge in “nationally significant” cyber incidents—averaging four major attacks per week in the UK alone, double the rate from 2024. The surge came amid the country’s most expensive cyberattack to date: the Jaguar Land Rover breach, which is now estimated to have cost more than £1 billion, underscoring the growing economic toll of large-scale cyber disruptions.
The month revealed a clear trend: critical infrastructure and manufacturing systems remain dangerously exposed to both technical and architectural vulnerabilities. From the F5 and Cisco VPN zero-days that prompted CISA emergency directives, to widespread operational risk from legacy software and cloud outages, the boundaries between IT, OT, and AI security have blurred. Together, these events underscore an urgent shift already underway across industries: the move from reactive patching to proactive Zero Trust enforcement designed to contain, isolate, and recover from attacks before they disrupt essential operations.
Cisco ASA and F5 BIG-IP Vulnerabilities Expose the Limits of Perimeter Defense
October 2025 delivered two major inflection points for network-edge security: fallout from CISA’s emergency directives issued regarding zero-days found in both F5 Networks BIG-IP and Cisco ASA/FTD VPNs. Both events revealed the same pattern: legacy remote-access architectures are brittle, opaque, and impossible to patch fast enough.
F5 confirmed that a state-backed intrusion had maintained long-term access to its corporate network, stealing BIG-IP source code and vulnerability reports. CISA responded with Emergency Directive 26-01, ordering agencies to isolate or patch all F5 devices by late October. Because F5 appliances sit deep inside utilities, pipeline control networks, and transportation systems, the breach effectively grants adversaries a blueprint to exploit future zero-days. This more than a vendor incident, but rather represents a bigger risk: a software supply chain exposure embedded in the core of critical infrastructure.
Barely three weeks earlier, CISA issued ED 25-03 after in-the-wild attacks on Cisco ASA and Firepower Threat Defense VPN interfaces. Agencies were told to patch, triage, or disconnect compromised portals showing signs of persistent access. Like January’s Ivanti VPN crisis, the Cisco event underscored that even well-maintained perimeter VPNs are high-value entry points once credentials or session tokens leak.
Dive deeper into the Cisco VPN risks →
Across F5, Cisco and, previously, Ivanti, each directive centered on the same architectural weakness:
- Always-on internet-facing portals act as single points of failure.
- Flat internal networks allow seamless lateral movement after compromise.
- Centralized credential stores magnify the blast radius when breached.
- Emergency patching and rebuilds cause downtime that critical-infrastructure operators can ill afford
These incidents should mark a turning point for defenders. Patching alone can’t outpace adversaries who now target the management plane itself. The month’s lesson is clear: resilience depends on redesigning access, not just repairing it. Moving toward Zero Trust and identity-based, session-scoped remote access, not of static VPN gateways, has shifted from best practice to operational necessity.
To build true resilience, organizations must replace legacy VPNs and adopt Zero Trust, identity-based access models that broker secure, just-in-time connections per user and per asset. This shift replaces static VPNs with a distributed, session-based approach that contains breaches, limits lateral movement, and keeps operations running even under attack.
Legacy Software and Patch Fatigue
On October 14, Microsoft officially ended support for Windows 10 and Exchange 2016/2019. With roughly 40 percent of Windows devices still running the now-unsupported OS, the move instantly created one of the largest unpatched attack surfaces in history. The risk will persist for years, particularly in industrial sectors where system upgrades are complex, costly, and often tied to production uptime. Many critical infrastructure systems still operate on outdated platforms such as Windows XP, leaving them increasingly vulnerable to exploits targeting legacy systems.
Combined with October’s 172 patches in Microsoft’s monthly release and cross-vendor zero-days, defenders will face even more patch fatigue than they do already, amid accelerating legacy exposure. It’s critical that organizations shift toward a more resilient, Zero Trust architecture that allows them to break the fire drill of urgent patching cycles.
Risks of Cloud Dependance
A major DNS failure in AWS’s US-EAST-1 region caused widespread service disruptions across leading U.S. brands. Though not a cyberattack, the incident highlighted the growing dependence on centralized cloud infrastructure and how a single point of failure can disrupt entire industries. For operators managing critical systems, it served as a clear reminder that many organizations simply cannot afford that level of cloud dependency. Xage’s architecture eliminates this risk with a fully on-premise deployment option that preserves secure access, protection, and visibility even when a site is offline or isolated from external networks.
The High Cost of Attacks on Manufacturing
U.S. Nuclear Weapons Manufacturing Site Breached
New analysis from CSO Online revealed that the Kansas City National Security Campus (KCNSC) was compromised through SharePoint vulnerabilities (CVE-2025-53770 and CVE-2025-49704). KCNSC manufactures roughly 80% of the non-nuclear components used in the U.S. nuclear arsenal, making it a critical site in national defense production. The breach highlights how IT-level exploits can directly endanger operational technology and physical manufacturing systems. It underscores the urgent need for Zero Trust security across the entire technology stack, extending beyond just IT into OT and AI deployments as well, to prevent adversaries from accessing or exfiltrating sensitive data and intellectual property tied to national security.
The Billion-Pound Breach: JLR Now the Costliest Cyberattack in UK History
The cyberattack on Jaguar Land Rover (JLR) is now reported to be the most expensive in UK history, with losses estimated at approximately £1.9 billion (US $2.5 billion). The five-week shutdown disrupted operations across at least 5,000 businesses in JLR’s supply chain, with full recovery not expected until January 2026. The incident highlights how deeply manufacturing breaches can impact the broader economy and global supply networks.
Xage’s solution enables manufacturers to contain and reduce the impact from attacks like JLR’s through a Zero Trust security architecture that spans both IT and OT systems. By combining identity-based access control, network segmentation, granular policy enforcement, and phishing-resistant MFA (with offline capability), Xage helps organizations isolate compromised systems, prevent lateral movement, protect legacy environments, and restore operations faster.
