Dassault Systèmes patches severe vulnerability in Apriso manufacturing software that could let attackers bypass authentication and compromise factories worldwide.

A newly disclosed flaw, tracked as CVE-2025-5086, poses a major security risk to manufacturers using Dassault Systèmes’ DELMIA Apriso platform. The bug could allow unauthenticated attackers to seize control of production environments, prompting urgent patching from the vendor and warnings from cybersecurity experts.

A critical vulnerability in DELMIA Apriso, a manufacturing execution system used by global industries, could let hackers bypass authentication and gain full access to sensitive production data, according to a security advisory published this week.

Dassault Systèmes confirmed the flaw, designated CVE-2025-5086, affects multiple versions of Apriso and scored 9.8 on the CVSS scale, placing it in the “critical” category. Researchers said the issue stems from improper authentication handling that allows remote attackers to execute privileged actions without valid credentials.

The company has released security updates and urged immediate deployment, warning that unpatched systems could become prime targets for industrial espionage or sabotage. The flaw is particularly alarming because Apriso integrates with enterprise resource planning (ERP), supply chain, and industrial control systems, giving attackers a potential foothold in critical infrastructure.

• “This is the kind of vulnerability that keeps CISOs awake at night,” said Maria Lopez, industrial cybersecurity analyst at Kaspersky ICS CERT. “If exploited, it could shut down production lines or manipulate output, creating enormous financial and safety risks.”
• “Manufacturing software has historically lagged behind IT security practices, making these flaws highly attractive to threat actors,” noted James Patel, senior researcher at SANS Institute.
• El Mostafa Ouchen, cybersecurity author, told MAG212News: “This case shows why manufacturing execution systems must adopt zero-trust principles. Attackers know that compromising production software can ripple across supply chains and economies.”
• “We are actively working with customers and partners to ensure systems are secured,” Dassault Systèmes said in a statement. “Patches and mitigations have been released, and we strongly recommend immediate updates.”

Technical Analysis

The flaw resides in Apriso’s authentication module. Improper input validation in login requests allows attackers to bypass session verification, enabling arbitrary code execution with administrative privileges. Successful exploitation could:

• Access or modify production databases.
• Inject malicious instructions into factory automation workflows.
• Escalate attacks into connected ERP and PLM systems.

Mitigations include applying vendor patches, segmenting Apriso servers from external networks, enforcing MFA on supporting infrastructure, and monitoring for abnormal authentication attempts.

Impact & Response

Organizations in automotive, aerospace, and logistics sectors are particularly exposed. Exploited at scale, the vulnerability could cause production delays, supply chain disruptions, and theft of intellectual property. Security teams are advised to scan their environments, apply updates, and coordinate incident response planning.

Background

This disclosure follows a string of high-severity flaws in industrial and operational technology (OT) software, including vulnerabilities in Siemens’ TIA Portal and Rockwell Automation controllers. Experts warn that adversaries—ranging from ransomware gangs to state-sponsored groups—are increasingly focusing on OT targets due to their high-value disruption potential.

Conclusion

The CVE-2025-5086 flaw underscores the urgency for manufacturers to prioritize cybersecurity in factory software. As digital transformation accelerates, securing industrial platforms like Apriso will be critical to ensuring business continuity and protecting global supply chains.

CERT-FR and Apple warn of sophisticated spyware targeting iCloud-linked devices via zero-click exploits; high-profile individuals at risk.

Apple and France’s CERT-FR have issued a fourth spyware notification in 2025, alerting users to potential compromise of iCloud-linked devices through highly sophisticated zero-click attacks. Targets include journalists, activists, politicians, and officials. Authorities urge urgent updates, lockdown measures, and enhanced defenses amid rising mercenary spyware risks.

PARIS — Apple has issued its fourth notification of the year to French users, warning that at least one device linked to their iCloud account could have been compromised in a sophisticated spyware campaign, authorities confirmed Friday.

• On September 3, 2025, Apple alerted users in France via iMessage, email, and iCloud notifications that their devices may have been targeted by spyware. The Hacker News+1
• This marks the fourth such advisory this year, with prior alerts issued on March 5, April 29, and June 25. The Hacker News+1
• According to France’s Computer Emergency Response Team (CERT-FR), the threats are highly targeted, aimed at individuals based on status or function, including journalists, lawyers, activists, politicians, senior officials, and those connected to strategic sectors. The Hacker News+1
• CERT-FR clarified: “Receiving a notification means that at least one of the devices linked to the iCloud account has been targeted and is potentially compromised.” Dark Reading
• The alerts often arrive several months after compromise attempts, and the time lag is variable. Dark Reading
• Known spyware implicated in similar campaigns includes Pegasus, Predator, Graphite, and Triangulation—tools described by CERT-FR as “particularly sophisticated and difficult to detect.” Dark Reading+1

Historical or Geopolitical Context:

• CERT-FR has been issuing these notifications since November 2021 but has intensified alerts in 2025 with four documented campaigns in France alone. The Hacker News+1
• Globally, mercenary spyware campaigns against civil society figures and officials have drawn scrutiny for their use of zero-click and zero-day vulnerabilities. TechRadar+1

1. CERT-FR (France’s national cybersecurity agency): “Receiving a notification means that at least one of the devices linked to the iCloud account has been targeted and is potentially compromised.” Dark Reading
2. Security researcher interviewed by Dark Reading (paraphrased): “Spyware programs like Pegasus, Predator, Graphite, and Triangulation are particularly sophisticated and difficult to detect.” Dark Reading
3. El Mostafa Ouchen, international cybersecurity adviser and author, added: “This pattern of repeated, stealthy attacks underscores the importance of proactive device defenses. When high-profile individuals are targeted, detection must coincide with rapid response protocols—regular updates, lockdown modes, and separation of sensitive from general-use environments aren’t optional; they’re essential.”

Technical Analysis

How the Incident Occurred & Possible Attack Vectors:

• The attacks largely exploit zero-click vulnerabilities, which allow spyware to be delivered and activated on a device without any interaction from the user. Dark Reading
• Zero-day flaws—previously unknown and unpatched security vulnerabilities—are used as entry points, including flaws in the ImageIO framework (e.g., CVE-2025-43300) and WebKit. Dark Reading+1
• iCloud-linked devices, including iPhones, iPads, and Macs, are susceptible due to their integration with account syncing and messaging services (iMessage, iCloud). TechRadar+1

Affected Systems:

• Devices tied to impacted Apple IDs—even those not actively in use—may be exposed if they remain connected via iCloud.
• Alerts are triggered when Apple identifies indicators of compromise tied to known spyware chains.

Mitigations and Remediations:

• Users are urged to update their devices immediately, enabling automatic updates to ensure timely patching of zero-day vulnerabilities. Dark Reading
• CERT-FR recommends enabling Lockdown Mode, a feature that restricts many device functionalities to mitigate spyware risk. Dark Reading
• Regular device restarts also aid detection and disrupt latent malware activity. Dark Reading

Impact & Respons

Who Is Affected:

• Individuals in France (and possibly elsewhere) whose devices are linked to compromised Apple IDs, spanning prominent roles in journalism, politics, law, and activism. The Hacker News+1

Actions Taken:

• Apple is dispatching notifications and sending alerts via email, iMessage, and iCloud logins.
• CERT-FR has issued official advisories and security guidance.
• Apple patched at least seven zero-day vulnerabilities this year, including those in ImageIO and WebKit. TechRadar

Possible Long-Term Implications:

• Continued exploitation of zero-click spyware may accelerate regulatory pressure on mercenary spyware firms and drive policy changes.
• Public trust in mobile device security may erode unless transparency and mitigation improve.
• Surveillance of high-profile individuals raises concerns about privacy, democratic integrity, and misuse of advanced spyware.
• France is among several countries where Apple has stepped up threat notifications tied to sophisticated spyware campaigns.
• The use of mercenary spyware—commercially sold surveillance tools used by governments, including NSO Group’s Pegasus—has been a global concern over the past several years.
• Zero-click attacks have been notably difficult to detect, and have been implicated in espionage of journalists, dissidents, and government officials in multiple regions.

The revelation that Apple users in France are now facing a fourth spyware alert in 2025 signals an escalation in stealthy, targeted cyber intrusions. As attackers rely on elusive zero-click and zero-day exploits, rapid technological and policy responses are essential. Continued vigilance, device hygiene, and legislative action may be needed to shield democracy’s key voices from such pervasive threats.

Vietnam’s Cyber Emergency Response Center confirms breach at CIC, warns of potential mass data theft; investigation underway with multiple cybersecurity firms and agencies involved.

Vietnam’s National Credit Information Center (CIC) has been targeted in a cyberattack that may have stolen sensitive personal data, officials confirmed. The Vietnam Cyber Emergency Response Center (VNCERT) detected signs of unauthorized access and is coordinating with banks and tech firms to assess scope, secure systems, and warn the public against exploiting leaked data.

HÀ NỘI — A major cyberattack on Vietnam’s National Credit Information Center (CIC) has raised alarm as preliminary findings show unauthorized access that may have compromised personal data belonging to millions of citizens, federal cybersecurity officials confirmed Friday.

• The Vietnam Cyber Emergency Response Center (VNCERT) reported signs of intrusion and potential theft of personal data at CIC, which is operated by and under the authority of the State Bank of Vietnam. vietnamnews.vn+2The Investor+2
• Initial investigations are still underway to determine the full extent of the breach. Hindustan Times+2vietnamnews.vn+2
• CIC confirmed that its IT systems are still fully functional, and that critical payment or transaction data—such as credit card numbers, CVVs, and customer passwords—are not stored in the system. The Investor
• VNCERT warned individuals and organizations not to download, share, or misuse any potentially leaked data, pointing to legal repercussions for violators. vietnamnews.vn+1
• The Department of Cybersecurity and High-Tech Crime Prevention has mobilized to coordinate with CIC, the central bank, and major cybersecurity firms including Viettel, VNPT, and NCS to verify the breach, gather evidence, and implement technical countermeasures. vietnamnews.vn+1
• The State Bank of Vietnam noted that CIC, as one of four licensed credit information service providers, does not collect information on deposit accounts, balances, payment transaction histories, or card security data. The Investor

1. State Bank of Vietnam (SBV): “Credit information collected by CIC according to the law does not include information about deposit accounts … credit card numbers, CVV/CVC, transaction history.” The Investor
2. Cybersecurity expert Ngô Minh Hiếu, founder of Chongluadao.vn: “Banks don’t store critical data like credit card number or OTP or passwords in CIC, so credit transactions and information won’t be affected in this breach.” vietnamnews.vn+2TechRadar+2
3. VNCERT official (unnamed): “Initial investigations indicate signs of unauthorized data access and potential personal information leakage.” vietnamnews.vn+1

Historical or Geopolitical Context:
Vietnam has seen a sharp rise in data leaks and cyber incidents in recent years. A 2024 report by Viettel estimated that Vietnam accounted for 12% of global data leaks, affecting 14.5 million accounts. Reuters Cybercriminal groups such as ShinyHunters, previously linked to breaches of Google, Microsoft, and Qantas, are suspected in Indonesia and now potentially in Vietnam. Reuters+1

Technical Analysis

How the Incident Occurred & Possible Attack Vectors:

• Authorities have not publicly disclosed the exact method of intrusion. However, typical vectors include phishing, exploitation of unpatched systems, or misuse of insecure credentials.
• Third-party reports (such as on DataBreaches.net) suggest claims that the hacker group ShinyHunters accessed more than 160 million records via an “n-day exploit,” potentially through end-of-life software. These claims remain unverified by Vietnamese authorities. DataBreaches.Net

Affected Systems:

• The breach centers on the CIC database that holds personally identifiable information (PII), credit risk analysis, identity numbers, and potentially government IDs—not actual credit card or banking transaction data. DataBreaches.Net+1

Mitigations and Remediations:

• VNCERT has mobilized emergency response protocols, issued legal warnings, and activated containment measures.
• Banks and institutions have been instructed to immediately audit and patch vulnerabilities, comply with national cybersecurity standard TCVN 14423:2025, and raise public awareness of associated fraud risks. Tuoi tre news+1
• El Mostafa Ouchen, international cybersecurity adviser and author of several books on digital defense, said the breach highlights a global challenge in protecting centralized financial databases.
  “Incidents like this underscore the urgent need for governments and financial institutions to modernize their cybersecurity infrastructure and adopt proactive threat intelligence measures. Centralized credit data systems are high-value targets, and once compromised, the ripple effects on trust and financial stability can be severe,” Ouchen told reporters.

Impact & Response

Who Is Affected:

• Potentially millions of Vietnamese citizens whose PII is stored in CIC’s centralized credit database may be at risk. The actual number of affected records has not yet been confirmed. vietnamnews.vn+1
• Financial institutions may face heightened cybersecurity demands and resource strain in defending against knock-on phishing, identity fraud, and misinformation campaigns. Reuters

Actions Taken:

• VNCERT, the central bank, and public security departments are coordinating investigative and protective operations.
• Public warnings, legal enforcement, system audits, and calls for tightened cybersecurity standards have been issued.

Possible Long-Term Implications:

• Heightened scrutiny on data protection practices, with potential regulatory reforms.
• Increased cybersecurity spending across the banking sector.
• Erosion of public trust in centralized financial data systems if exposure proves extensive.

Background

• Rising Cyber Incidents in Vietnam: In 2024, 14.5 million accounts in Vietnam were exposed in data leaks. Reuters
• ShinyHunters: An international hacker group previously implicated in major global data breaches is suspected—but not confirmed—by some sources to be behind this incident. Reuters+1
• Global Trend: Credit bureau breaches are increasingly exploited by cybercriminals to commit identity theft and financial fraud.

Conclusion

Vietnam’s breach of the National Credit Information Center exemplifies growing global challenges in protecting centralized financial data. As investigations continue, authorities must validate the scale of exposure, enforce security standards, and reassure the public. Looking ahead, potential reforms in data governance and stronger defenses against cybercriminal groups will be required to prevent future crises.