ARTICLE
15 October 2025

CyberCapsule - October 2025

LB
Lewis Brisbois Bisgaard & Smith LLP

Contributor

Lewis Brisbois Bisgaard & Smith LLP logo
Founded in 1979 by seven lawyers from a premier Los Angeles firm, Lewis Brisbois has grown to include nearly 1,400 attorneys in 50 offices in 27 states, and dedicates itself to more than 40 legal practice areas for clients of all sizes in every major industry.
Explore Firm Details
On September 2, 2025, NIST released the Security and Privacy Control version 5.2.0 that intends to help organizations improve their software update and patch protocols.
United States Technology
Kamran Salour,Robert F. Walker,Tawana Johnson
+1 Authors
 Your Author LinkedIn Connections
Kamran Salour’s articles from Lewis Brisbois Bisgaard & Smith LLP are most popular:
  • with readers working within the Banking & Credit industries
Lewis Brisbois Bisgaard & Smith LLP are most popular:
  • within Insurance topic(s)
  • in Asia

CONSIDER THIS

NIST Issues Patch to Patching Protocol. On September 2, 2025, NIST released the Security and Privacy Control version 5.2.0 that intends to help organizations improve their software update and patch protocols. 

Phishing Training Belongs in Junk Folder. On September 4, 2025, the WSJ reported that phishing training has a nominal impact on employees; employees who received training had only a 1.7% lower failure rate than those with no training.

Rule to Swiftly Report Incidents Delayed. On September 8, 2025, CISA announced it would delay the finalization of the rule requiring critical infrastructure owners to quickly report major cyber incidents from October 2025 to May 2026.

New Report: Many Cyber Incidents Go Unreported. On September 23, 2025, researchers announced that nearly half of all companies did not report a material cyber incident, citing, among other things, fear of a punitive response from the Board.

AS THE WORLD TURNS

Identity Theft in Reverse. On September 3, 2025, researchers revealed the concept of “reverse identity theft,” a digital scam where the threat actor creates an identity, links it to your name, and leaves you to deal with the fallout.

The Gentlemen Threat Actor Group Acts Like Anything But. On September 9, 2025, researchers shared the hallmarks of the newly formed ransomware group: The Gentlemen. This group utilizes a mix of legitimate driver abuse, Group Policy manipulation, custom anti-AV utilities, privileged account compromise to access their victims.

Schools Educating Themselves on Stopping Ransomware Attacks. On September 16, 2025, Sophos reported that in 2025, 67% of lower education providers stated that they stopped a ransomware attack before data encryption.

Everything Must Go. On September 17, 2025, researchers announced that certain threat actor groups, including Scattered Lapsus$, have shut down operations.

Nice Try, Says the FBI. On September 22, 2025, the FBI warned of spoofed versions of the FBI's IC3 website, upon which scammers offer fund recovery services for a fee.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Kamran Salour
Kamran Salour
Photo of Robert F. Walker
Robert F. Walker
Photo of Ross Molina
Ross Molina
Photo of Tawana Johnson
Tawana Johnson
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More