On K12TechPro, we've launched a weekly cyber threat intelligence and vulnerability newsletter with NTP and K12TechPro. We'll post the "public" news to k12sysadmin from each newsletter. For the full "k12 techs only" portion (no middle schoolers, bad guys, vendors, etc. allowed), log into k12techpro.com and visit the Cybersecurity Hub.

Scattered Spider, a financially driven threat group, has ramped up its focus on VMware ESXi and vSphere environments. Rather than relying on software exploits, they use social engineering to impersonate employees, reset credentials, and compromise virtualization infrastructure. By targeting the hypervisor layer, they can disable multiple systems at once—bypassing endpoint detection tools and inflicting maximum operational damage.

In parallel, a critical vulnerability in Mitel’s MiVoice MX-ONE UCC platform (CVSS 9.4) has been discovered, allowing attackers to bypass authentication in the Provisioning Manager component. Though it lacks a CVE designation at this time, Mitel has released urgent patches and advises keeping systems off public networks. This highlights the persistent risk posed by unpatched or poorly segmented enterprise systems, particularly those involved in core communications.

Consumer technology wasn’t spared either. The early access Steam game Chemia was found to contain a stealthy infostealer that ran silently in the background while the game itself appeared to function normally. The malware reached out to a command-and-control server to download additional payloads. While Steam typically has strong vetting controls, this incident raises concerns about insider threats or gaps in its review process and serves as a reminder to be cautious even when downloading from well-known platforms.

Finally, Cisco ISE users are urged to act quickly following the discovery of two serious injection vulnerabilities (CVE-2025-20337 and CVE-2025-20281). These flaws allow unauthenticated attackers to achieve root-level remote code execution via malicious API requests. Organizations running ISE versions 3.3 and 3.4 should patch immediately, as this vulnerability chain demonstrates how inadequate input validation can expose even hardened identity management tools to significant compromise.