October 2025 Headlines
Cyber Security Awareness Month 2025: Protecting “Future You” in Canada
Every October, Canadians come together to recognize Cyber Security Awareness Month (Cyber Month) —a nationwide initiative led by the Get Cyber Safe campaign, under the Communications 'Security Establishment (CSE) and its Canadian Centre for Cyber Security. This internationally recognized campaign aims to empower individuals, families, and organizations to take simple yet effective steps to stay safe online (Government of Canada, 2025).
2025 Theme: “Get Cyber Safe – For Future You”
This year’s theme emphasizes the long-term benefits of adopting strong cybersecurity habits today. It’s not just about protecting your data, but ensuring your digital life remains secure and stress-free in the future.
Whether it’s:
Using a password manager to quickly access accounts when time is of the essence,
Backing up your files to avoid losing critical documents,
Or installing automatic updates to prevent disruptions during important tasks,
These small actions can have a big impact on you and your familty's digital well-being.
Why Cyber Security Awareness Matters
Cyber threats are evolving rapidly. From phishing scams to ransomware attacks, Canadians face a growing number of risks online. Cyber Month serves as a reminder that cybersecurity is a shared responsibility across the country and everyone has a role to play in protecting themselves and others.
The Get Cyber Safe campaign provides a wealth of resources, including:
Social media toolkits to help spread awareness,
Virtual workshops tailored for older adults,
Downloadable guides on securing devices, accounts, and connections.
Here are a few ways to get involved this Cyber Month:
Become a Cyber Month Champion: Organizations and individuals can sign up to promote cybersecurity awareness in their communities.
Attend free workshops: Learn about online safety, privacy, and how to spot misinformation.
Share resources: Use Get Cyber Safe’s themed content to educate your network.
Start new habits: Implement strong passwords, enable multi-factor authentication, and keep your software up to date.
To learn more and access resources, visit the official website here: https://www.getcybersafe.gc.ca/en/cyber-security-awareness-month
Cybersecurity in 2025: Navigating a Landscape of AI Threats, Healthcare Risks, and Global Collaboration
As we mark Cyber Security Awareness Month, the urgency to understand and respond to evolving cyber threats has never been greater. The first ten months of 2025 have revealed a rapidly shifting cybersecurity landscape, shaped by artificial intelligence, ransomware evolution, and critical infrastructure vulnerabilities.
1. AI: A Double-Edged Sword
Artificial Intelligence (AI) is transforming cybersecurity—both as a defensive tool and a weapon for attackers. According to the World Economic Forum’s Global Cybersecurity Outlook 2025, AI-driven attacks have surged, with threat actors leveraging generative AI to craft sophisticated phishing campaigns, deepfake scams, and zero-day exploits. (weforum.org, 2025)
At the same time, organizations are increasingly deploying AI-powered security solutions to detect anomalies, automate threat responses, and compensate for the global cybersecurity talent shortage. The market for applied AI in cybersecurity is projected to grow by $45.56 billion by 2029, driven by the need to secure cloud-native and operational technology environments. (yahoo.com, 2025)
2. Healthcare in the Crosshairs (again)
Healthcare systems have become prime targets for cybercriminals. A recent report from the Ponemon Institute and Proofpoint revealed that 93% of healthcare organizations experienced an average of 43 cyberattacks in the past year. Alarmingly, 72% of these attacks disrupted patient care, with some leading to increased medical complications and even mortality. (healthcareitnews.com, 2025)
The most prevalent threats include:
Cloud account compromises (72% affected)
Supply chain attacks (87% caused care disruptions)
Business Email Compromise (BEC) and ransomware, which led to longer patient stays and diverted care.
Despite rising security budgets, many healthcare providers still lack leadership and expertise to counter these threats effectively.
3. Ransomware-as-a-Service (RaaS) Expands
Ransomware continues to dominate headlines, evolving into a service-based model that lowers the barrier for cybercriminals. These RaaS platforms offer support, updates, and negotiation services, creating a professionalized criminal ecosystem. Small and medium-sized businesses, along with critical infrastructure, are increasingly vulnerable. [cybersecur...tynews.com]
4. Global Collaboration: Fortinet and the World Economic Forum
In response to the growing threat landscape, cybersecurity leaders are emphasizing global cooperation. Fortinet’s participation in the World Economic Forum’s Annual Meeting on Cybersecurity highlights the importance of public-private partnerships and shared threat intelligence. Initiatives like the Cybercrime Atlas have already disrupted major cybercriminal networks through coordinated efforts. (cybersecuritynews.com, 2025)
5. Emerging Threats and Vulnerabilities
Recent incidents underscore the need for vigilance:
Oracle’s zero-day vulnerability (CVE-2025-61882) was actively exploited, affecting over 100 organizations.
A phishing campaign using malicious npm packages targeted tech and energy sectors.
A hacktivist group attacked a water utility honeypot, revealing risks to industrial control systems. (cyber1defense.com, 2025)
6. The Rise of Zero Trust
To counter these threats, organizations are increasingly adopting Zero Trust architectures, which assume no user or device is inherently trustworthy. This model is becoming the default approach to cybersecurity in 2025, especially in sectors handling sensitive data. (cybersecurity.news.com, 2025)
Conclusion: Building Resilience for the Future
Cybersecurity in 2025 is defined by complexity, innovation, and urgency. As AI reshapes both attack and defense strategies, and as critical sectors like healthcare face mounting risks, Cyber Security Awareness Month serves as a vital reminder: proactive defense, collaboration, and education are key to safeguarding our digital future.
Microsoft Locks Down IE Mode After Hackers Exploit Legacy Feature
October 2025 — Microsoft has announced major changes to the Internet Explorer (IE) mode in its Edge browser after credible reports revealed that threat actors were actively exploiting the legacy feature to gain unauthorized access to users’ devices. (Lakshmanan, 2025)
What Happened?
In August 2025, Microsoft’s Browser Vulnerability Research team discovered that attackers were leveraging social engineering tactics and unpatched zero-day vulnerabilities in Internet Explorer’s JavaScript engine (Chakra). The attack chain typically involved tricking users into visiting a legitimate-looking website, then prompting them to reload the page in IE mode. Once reloaded, the attackers used a hidden exploit to achieve remote code execution, followed by a second exploit to escalate privileges and take full control of the victim’s device. This method allowed hackers to bypass modern security protections in Chromium and Edge by launching the browser in a less secure IE state. Once inside, they could deploy malware, move laterally across networks, and exfiltrate sensitive data.
Microsoft’s Response
To counter these attacks, Microsoft has removed the dedicated toolbar button, context menu, and hamburger menu items that previously allowed users to easily reload sites in IE mode. Now, enabling IE mode requires a deliberate, multi-step process through Edge’s settings:
Navigate to Settings > Default Browser
Enable “Allow sites to be reloaded in Internet Explorer mode”
Add specific sites to the IE mode pages list
Reload the site
This change ensures that loading web content with legacy technology is a conscious decision, reducing the risk of accidental or malicious exploitation.
Why It Matters
The incident highlights the ongoing risks of legacy browser features, even when integrated into modern platforms. Attackers continue to target compatibility modes and outdated engines to bypass security controls. Microsoft’s move underscores the importance of balancing legacy support with robust security, especially as organizations transition away from older technologies.
For more details, read the full report on The Hacker News. (Lakshmanan, 2025)
Stefan Myroniuk, MSc., CISSP
(ISC)2 Alberta Chapter | Communications Director
E: communications@isc2chapter-alberta.org
http://isc2chapter-alberta.org
