This is today’s cyber news for October 17th, 2025. Today’s brief tracks rising pressure on edge security and third-party risk: lawmakers want clearer answers from Cisco on zero-day firewalls, while Microsoft’s certificate purge aims to blunt Teams-delivered lures. On offense, North Korea hides malware in blockchain contracts and ships Trojanized “job tests,” while rootkits and loaders push deeper into Linux and mid-market Windows fleets. Critical software keeps the spotlight—Adobe Experience Manager Forms lands on the Known Exploited list, a CentreStack zero-day gets patched after live abuse, and an actively exploited Windows privilege escalation shortens the path from foothold to domain control. Data exposure remains costly and broad, from a 17.6-million-record fintech breach to a 40-billion-record email vendor leak and a Sotheby’s incident affecting high-net-worth clients.

You’ll hear concise, five-sentence rundowns for each story with the business why, who’s most exposed, concrete signals to watch, and a practical next step. Leaders get decision cues on patch lanes, vendor oversight, and fraud budgets; defenders get operational tells—from odd SNMP sets and web-shell writes to eBPF attachments and signed MSI abuse—that shorten detection time. We also cover brand impersonation via old “user:pass@” links, SEO-poisoned “Ivanti VPN” downloads, the PhantomVAI loader’s rotating payloads, “Silk Lure” and ValleyRAT persistence, China-linked “Jewelbug” inside a Russian MSP, Mango’s vendor breach, and leaked secrets in Visual Studio Code extensions. It’s a fast, executive-friendly pass designed to help you decide and act, available at DailyCyber.news.