Microsoft Ends Windows 10 Support with Final Patch Tuesday Fixing 172 Security Flaws

Microsoft has released a major security update fixing 172 vulnerabilities in Windows, including two that hackers are already exploiting. This October update is especially important because it marks the final Patch Tuesday for Windows 10, meaning Microsoft will no longer provide free security updates for that operating system. Two of the most critical bugs involve an old modem driver that has been removed entirely and a flaw in the Windows Remote Access service that attackers are actively using to gain higher system privileges.

Beyond Windows itself, Microsoft also patched several Microsoft Office vulnerabilities that could allow hackers to infect a computer simply by having someone preview a malicious email attachment—no need to even open it. Microsoft also quietly changed Word’s default behavior so that documents automatically save to its OneDrive cloud storage, though users can turn this feature off in settings. Another major issue affects the Windows Server Update Service (WSUS), a tool used to deliver security patches to business systems. With a near-maximum severity score, experts recommend updating WSUS immediately to prevent potential remote attacks.

Since support for Windows 10 and several other Microsoft products (like Exchange Server 2016/2019 and Outlook 2016) is ending, users need to decide what’s next. Those wanting to stay secure without upgrading to Windows 11 can enroll in Microsoft’s Extended Security Updates (ESU) program, which costs about $30 per year or may be free if the PC is linked to a Microsoft account. Microsoft emphasizes that ESU only provides essential security patches and does not include new features, enhancements, or technical support.

TP-Link Urges Immediate Updates to Fix Critical Omada Gateway Security Flaws

TP-Link has issued an urgent warning about four critical security flaws affecting its Omada gateway devices across the ER, G, and FR product lines. The most serious issues—rated 9.3 out of 10 in severity—could let hackers remotely take control of a device or run harmful commands, even without logging in. TP-Link has already released firmware updates to fix the problems and strongly advises users to install them right away. The affected devices include popular models like the ER605, ER7206, and ER8411, among others.

In addition to updating firmware, TP-Link is urging customers to change any default or weak passwords and limit who can access the management interface, ideally keeping it restricted to trusted internal networks. These steps will help protect devices from being hijacked or used in cyberattacks. Users can find the necessary firmware updates and instructions on TP-Link’s official support website.

Iranian Hackers Target Over 100 Government Entities with New Phoenix Backdoor Campaign

Iranian group MuddyWater, which has targeted over 100 government organizations across the Middle East and North Africa. Also known as Static Kitten, Mercury, and Seedworm, the group launched the attack in August using phishing emails sent from a compromised account accessed via NordVPN. These emails were aimed at embassies, consulates, and foreign affairs ministries, attempting to trick recipients into opening infected attachments.

The phishing emails contained malicious Microsoft Word documents that prompted users to “enable content,” triggering hidden macro code that installed malware on victims’ systems. This technique, once common but now less effective since Microsoft disabled macros by default, was used to deliver a loader called FakeUpdate, which then decrypted and installed the Phoenix backdoor (version 4). This malware allowed attackers to maintain long-term access to compromised systems, steal information, and run commands remotely.

The updated Phoenix backdoor can gather system details, uploading and downloading files, and opening remote command shells for deeper control. In addition, MuddyWater deployed a custom information-stealing tool designed to extract saved passwords and encryption keys from browsers like Chrome, Edge, Opera, and Brave. The hackers also used legitimate remote management tools, such as PDQ and Action1 RMM, to help them move undetected within networks. Security firm Group-IB attributes the campaign to MuddyWater with high confidence, citing its use of familiar tools, techniques, and regional targeting consistent with the group’s past operations.

Defensible Strategies

Learn from those who have been attacked

Hackers Earn Over $500K on Day One of Pwn2Own Ireland 2025 for Exposing Device Vulnerabilities

At the Pwn2Own Ireland 2025 hacking competition, security researchers earned a combined $522,500 on the first day for uncovering 34 previously unknown software vulnerabilities in common consumer and business devices. The event, run by Trend Micro’s Zero Day Initiative (ZDI), rewards ethical hackers for responsibly finding and reporting flaws before criminals can exploit them. The biggest payout—$100,000—went to researchers who chained together attacks on a QNAP router and NAS device, while other large prizes were awarded for successful hacks against Synology, Sonos, and Philips Hue products.

Additional rewards went to those who found weaknesses in Canon and HP printers, Home Assistant smart home devices, and other popular technologies. The contest, which runs through Thursday, will feature a highly anticipated demonstration of a zero-click hack targeting WhatsApp worth $1 million if successful. Events like Pwn2Own play a key role in strengthening cybersecurity by helping manufacturers patch critical flaws before they can be used in real-world attacks.

Canada Fines Cryptomus $176 Million for Aiding Cybercrime and Money Laundering Networks

Canadian regulators have fined Cryptomus, a cryptocurrency payments platform, $176 million for violating anti–money laundering laws. The Financial Transactions and Reports Analysis Center of Canada (FINTRAC) said Cryptomus failed to report numerous suspicious transactions linked to child exploitation, fraud, ransomware, and sanctions evasion. The company, officially registered as Xeltox Enterprises Ltd., operates out of a Vancouver address that was previously flagged for hosting dozens of foreign money service businesses that didn’t exist at the location. FINTRAC described the fine as an “unprecedented enforcement action.”

Cryptomus came under scrutiny after cybersecurity researcher Richard Sanders discovered the platform was being used by over 100 cybercrime-related services. These included anonymous hosting providers, fake account sellers, and cryptocurrency exchanges catering to Russian-speaking users. Many of these sites enabled users to anonymously swap digital currencies or convert them into cash held in Russian bank accounts, several of which are under Western sanctions. Sanders said he was surprised at how long it took regulators to act, adding that while the fine is large, it may still be seen by Cryptomus as a “cost of doing business.”

The case has also exposed broader weaknesses in Canada’s oversight of money service businesses (MSBs). Investigations by CTV News and the Investigative Journalism Foundation found that dozens of shell companies—including those tied to Cryptomus—were registered at fake or shared addresses with no actual operations there. In one case, more than 70 foreign currency and crypto firms listed the same small Vancouver building, which now houses a massage clinic and co-working space. Regulators are now under growing pressure to crack down on these shadowy businesses that appear to be fronts for money laundering networks tied to Russia and Iran.

FinWise Data Breach Highlights Need for Stronger Insider Security and Encryption

The FinWise Bank data breach revealed how dangerous insider threats can be for financial institutions. In this case, a former employee used old login credentials to access the bank’s systems and steal sensitive information from nearly 690,000 customers of American First Finance. The breach began in May 2024 but went unnoticed for over a year, only being discovered in June 2025, which raised serious concerns about FinWise’s ability to detect and prevent unauthorized access. Lawsuits and public criticism soon followed, questioning whether customer data had been properly encrypted or secured.

Experts say this incident highlights the importance of strong encryption, proper key management, and continuous monitoring to protect sensitive financial data. Encryption serves as a critical safeguard, but it must be combined with systems that can detect unusual activity and control who can access what information. FinWise’s apparent failure to maintain these safeguards not only exposed customer data but also led to legal and regulatory scrutiny, damaging its reputation and customer trust.

In response to growing insider and data protection risks, companies are turning to advanced security platforms like Penta Security’s D.AMO, which integrates encryption, access control, and independent key management into one system. D.AMO’s tools prevent unauthorized users—including insiders—from decrypting stolen data and provide centralized oversight to detect misuse. The FinWise breach demonstrates that proactive prevention, not just encryption alone, is essential for organizations managing large amounts of sensitive financial information.