October, 2025
October 31, 2025 – Vulnerabilities
Case of ActiveMQ Vulnerability Exploitation to Install Sharpire (Kinsing) Full Text
Abstract
A critical remote code execution vulnerability in Apache ActiveMQ is being actively exploited by the Kinsing (H2Miner) threat actor to deploy multiple malware strains, including the Sharpire backdoor, XMRig miner, and post-exploitation tools.Ahn Lab
October 31, 2025 – Attack
Attackers exploiting WSUS vulnerability drop Skuld infostealer (CVE-2025-59287) Full Text
Abstract
A critical remote code execution vulnerability in Windows Server Update Services (WSUS), tracked as CVE-2025-59287, is being actively exploited in the wild. Attackers are leveraging this flaw to deploy the Skuld infostealer.Help Net Security
October 31, 2025 – Vulnerabilities
Splunk security advisory (AV25-710) Full Text
Abstract
Multiple vulnerabilities have been identified in various Splunk AppDynamics agents and the Splunk Operator for Kubernetes Add-on. These vulnerabilities stem from outdated third-party packages.Government of Canada
October 31, 2025 – Vulnerabilities
Drupal security advisory (AV25-709) Full Text
Abstract
A critical access bypass vulnerability has been identified in the Drupal module Simple OAuth (OAuth2) & OpenID Connect, affecting versions 6.0.0 through versions prior to 6.0.7.Government of Canada
October 31, 2025 – Phishing
Fake PayPal invoice from Geek Squad is a tech support scam Full Text
Abstract
A phishing campaign is impersonating PayPal and Geek Squad to execute a tech support scam. Victims receive fake invoices via email, prompting them to call a fraudulent support number, leading to potential financial loss and system compromise.Malware Bytes
October 31, 2025 – Breach
Ransomware gang claims Conduent breach: what you should watch for next Full Text
Abstract
SafePay ransomware claimed responsibility for a significant data breach at Conduent. The breach has exposed sensitive personal data of over half a million individuals across multiple states.Malware Bytes
October 30, 2025 – General
Your photo could be all AI needs to clone your voice Full Text
Abstract
A new AI-driven attack method, FOICE (Face-to-Voice), enables the generation of synthetic speech from facial images, posing a significant threat to voice authentication systems. This technique bypasses traditional deepfake detectors.Help Net Security
October 30, 2025 – Vulnerabilities
Jenkins security advisory (AV25-707) Full Text
Abstract
A recent security advisory has disclosed vulnerabilities in multiple Jenkins plugins. Users and administrators are urged to update the affected plugins to their latest versions to maintain the security and stability of their Jenkins environments.Government of Canada
October 30, 2025 – Vulnerabilities
Docker security advisory (AV25–708) Full Text
Abstract
A path traversal bug was identified in Docker Compose, affecting versions prior to v2.40.2. This issue arises from improper handling of OCI artifact layer annotations, which could potentially allow unauthorized file access.Government of Canada
October 30, 2025 – Vulnerabilities
Full Disclosure: Re: [FD] : “Glass Cage” – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Full Text
Abstract
A critical zero-click iMessage exploit chain, dubbed "Glass Cage", has been identified targeting iOS 18 devices. This attack leverages multiple vulnerabilities, CVE-2025-24085, CVE-2025-24201, and CNVD-2025-07885.SecLists
October 30, 2025 – Attack
AL25-016 Internet-accessible industrial control systems (ICS) abused by hacktivists Full Text
Abstract
Hacktivists are increasingly targeting internet-accessible Industrial Control Systems (ICS) across Canada, exploiting exposed components to disrupt operations, generate media attention, and undermine public trust.Government of Canada
October 30, 2025 – Education
Bolstering Cybersecurity Resilience in the Public Sector Full Text
Abstract
The public sector faces a surge in sophisticated cyber threats, including ransomware, phishing, and exploitation of 0-day vulnerabilities. They target sensitive data, disrupt essential services, and exploit trust in government institutions.Trust Wave
October 30, 2025 – Breach
‘Living off the land’ allowed Russia-linked group to breach Ukrainian entities this summer Full Text
Abstract
A Russia-linked threat actor breached Ukrainian entities in mid-2025 using stealthy LotL techniques. The attackers leveraged legitimate administrative tools and minimal custom malware to evade detection while stealing sensitive data.The Record
October 30, 2025 – Attack
PHP Servers and IoT Devices Face Growing Cyber-Attack Risks Full Text
Abstract
A surge in cyber-attacks is targeting PHP servers, IoT devices, and cloud gateways. These attacks are primarily driven by botnets such as Mirai, Gafgyt, and Mozi, which exploit known vulnerabilities and misconfigurations to expand their reach.Infosecurity Magazine
October 30, 2025 – Attack
BlueNoroff Expands Cyberattacks with AI-Driven Campaigns Targeting Executives Full Text
Abstract
BlueNoroff has launched AI-driven cyberattacks under the GhostCall and GhostHire campaigns. These operations are part of the broader SnatchCrypto campaign targeting blockchain, digital finance, and emerging crypto technologies.ESecurity Planet
October 29, 2025 – Ransomware
Ransomware Spotlight: DragonForce Full Text
Abstract
DragonForce is a rapidly evolving Ransomware-as-a-Service (RaaS) group, first observed in 2023 and gaining notoriety in 2025. Operating under the alias Water Tambanakua, the group has adopted a cartel model.Trend Micro
October 29, 2025 – Policy and Law
ICO fines sole trader for allegedly sending 1M spam texts Full Text
Abstract
A UK-based sole trader has been fined £200,000 for orchestrating a large-scale SMS spam campaign that targeted financially vulnerable individuals. The ICO found that nearly one million unsolicited messages were sent without valid consent.The Register
October 29, 2025 – General
Nation-State Cyber Ecosystems Weakened by Sanctions, Report Reveals Full Text
Abstract
A recent report based on the inaugural meeting of the Cyber Sanctions Taskforce—comprising officials from the UK, US, and EU—highlights the evolving role of sanctions in cyber deterrence strategies.Infosecurity Magazine
October 29, 2025 – Malware
Herodotus Android malware mimics human typing to evade detection Full Text
Abstract
Herodotus is a sophisticated Android device-takeover banking Trojan. It is engineered to evade behavioral biometrics and anti-fraud systems by mimicking human typing behavior through randomized delays.Security Affairs
October 29, 2025 – General
Bots, Bread and the Battle for the Web Full Text
Abstract
AI-powered malicious SEO is rapidly transforming the digital threat landscape, enabling threat actors to manipulate search engine algorithms at scale. This undermines the visibility of legitimate content, erodes trust in online information.Palo Alto Networks
October 29, 2025 – Vulnerabilities
PoC code drops for remotely exploitable BIND 9 DNS flaw (CVE-2025-40778) Full Text
Abstract
A high-severity vulnerability, CVE-2025-40778, has been identified in BIND 9, the only actively maintained version of the Berkeley Internet Name Domain (BIND) software suite developed by the Internet Systems Consortium (ISC).Help Net Security
October 29, 2025 – Vulnerabilities
Full Disclosure: Stored Cross-Site Scripting (XSS) Full Text
Abstract
A stored Cross-Site Scripting (XSS) vulnerability has been identified in the layout functionality of Total.js version 5013. This flaw allows attackers to inject malicious JavaScript payloads into layout templates.SecLists
October 29, 2025 – Vulnerabilities
Full Disclosure: Struts2 and Related Framework Array Full Text
Abstract
A longstanding DoS vulnerability exists in Apache Struts2 and related frameworks due to unsafe deserialization of arrays and collections. This flaw allows attackers to craft minimal requests that result in the creation of massive data structures.SecLists
October 29, 2025 – Phishing
Scammers target international students by threatening their visa status Full Text
Abstract
A surge in social engineering scams is targeting international students in the US. These scams impersonate government officials, police, or university staff to coerce victims into disclosing sensitive information or making payments.Help Net Security
October 29, 2025 – Vulnerabilities
Full Disclosure: Current Password not Required When Changing Password Full Text
Abstract
A critical vulnerability has been identified in Total.js version 5013 that allows users to change their account password without providing the current password. This flaw can lead to unauthorized account access and potential privilege escalation.SecLists
October 27, 2025 – Malware
Baohuo Android Malware Hijacks Telegram Accounts via Fake Telegram X Full Text
Abstract
A new Android malware, Android.Backdoor.Baohuo.1.origin, is spreading via fake Telegram X apps, granting attackers full control over victims' Telegram accounts. Baohuo uses the Xposed framework to alter app behavior at runtime.Hack Read
October 27, 2025 – Malware
New CoPhish attack steals OAuth tokens via Copilot Studio agents Full Text
Abstract
CoPhish abuses the flexibility of Microsoft Copilot Studio, which allows users to create and share chatbot agents hosted on copilotstudio.microsoft.com. These agents can be customized using "topics"—automated workflows that include login prompts.Bleeping Computer
October 27, 2025 – Outage
Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed Full Text
Abstract
A large-scale Distributed Denial-of-Service (DDoS) attack has targeted Russia’s Federal Service for Veterinary and Phytosanitary Surveillance (Rosselkhoznadzor), severely disrupting food logistics across the country.Security Affairs
October 27, 2025 – Vulnerabilities
Full Disclosure: [REVIVE-SA-2025-002] Revive Adserver Vulnerability Full Text
Abstract
A high-severity SQL injection vulnerability (CVE-2025-52664) has been identified in Revive Adserver version 6.0.0. The flaw resides in the admin-search.php script and is exploitable via the keyword parameter using either GET or POST methods.SecLists
October 27, 2025 – Vulnerabilities
Full Disclosure: [REVIVE-SA-2025-001] Revive Adserver Vulnerability Full Text
Abstract
Successful exploitation allows execution of malicious scripts in the administrator’s browser context. However, the session cookie cannot be accessed or stolen via JavaScript.SecLists
October 27, 2025 – Breach
Safepay ransomware group claims the hack of professional video surveillance provider Xortec Full Text
Abstract
A ransomware attack by the Safepay group has compromised Xortec GmbH, a German provider of professional video surveillance and security solutions. The group has listed Xortec on its data leak site.Security Affairs
October 27, 2025 – Breach
Everest Ransomware Says It Stole 1.5M Dublin Airport Passenger Records Full Text
Abstract
The Everest ransomware group claimed responsibility for breaching Dublin Airport and Air Arabia. The group alleges the theft of approximately 1.5 million passenger records from Dublin Airport and personal data of over 18,000 Air Arabia employees.Hack Read
October 27, 2025 – Breach
Have I Been Pwned: MyVidster (2025) Data Breach Full Text
Abstract
A significant data breach has impacted MyVidster, compromising the personal information of nearly 3.9 million users. The data was publicly posted on a hacking forum, increasing the risk of phishing and credential-based attacks.Have I Been Pwned
October 27, 2025 – Denial Of Service
DDoS, data theft, and malware are storming the gaming industry Full Text
Abstract
As the global gaming market approaches $188.8 billion in value, attackers are exploiting its vast user base, digital assets, and third-party ecosystems to launch increasingly sophisticated attacks.Help Net Security
October 27, 2025 – APT
Mem3nt0 mori – The Hacking Team is back! Full Text
Abstract
A sophisticated APT campaign, dubbed Operation ForumTroll, has been linked to the use of advanced spyware tools including LeetAgent and Dante, developed by Memento Labs (formerly Hacking Team).Secure List
October 24, 2025 – Ransomware
Qilin ransomware: stats on attacks, ransoms & data breaches Full Text
Abstract
Qilin ransomware emerged as the most active ransomware group in 2025, with 701 claimed attacks and 116 TB of data stolen. Operating under a ransomware-as-a-service (RaaS) model, Qilin has seen a surge in activity following the shutdown of RansomHub.CompariTech
October 24, 2025 – General
Strings in the maze: Finding hidden strengths and gaps in your team Full Text
Abstract
The cybersecurity landscape has seen a significant shift in threat actor behavior, with a marked increase in the exploitation of public-facing applications, evolving ransomware tactics, and targeted cyber-espionage campaigns.Talos Intelligence
October 24, 2025 – Solution
Locking it down: A new technique to prevent LLM jailbreaks Full Text
Abstract
A new technique called LLM salting has been introduced to counteract jailbreak attacks on LLMs such as LLaMA-2-7B and Vicuna-7B. These attacks exploit the reuse of precomputed adversarial prompts across similar model deployments.Sophos
October 24, 2025 – Solution
Microsoft disables File Explorer preview for downloads to block attacks Full Text
Abstract
Microsoft has implemented a security enhancement in File Explorer that disables the preview pane for files downloaded from the internet. This change is designed to prevent credential theft attacks that exploit NTLM hash leakage.Bleeping Computer
October 24, 2025 – Vulnerabilities
Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions Full Text
Abstract
Security researchers have uncovered a critical vulnerability in OpenAI's Atlas and Perplexity's Comet browsers that allows attackers to spoof the built-in AI sidebar. This spoofing attack can deceive users into executing malicious actions.Bleeping Computer
October 24, 2025 – Vulnerabilities
Atlassian security advisory (AV25-695) Full Text
Abstract
These vulnerabilities may expose organizations to potential security risks, including unauthorized access, data leakage, or service disruption, depending on the nature of the flaws in the affected products.Government of Canada
October 24, 2025 – Criminals
Google and Check Point nuke massive YouTube malware network Full Text
Abstract
A sophisticated malware campaign known as the "YouTube Ghost Network" has been dismantled by Google and Check Point after distributing over 3,000 malicious videos on YouTube.The Register
October 24, 2025 – Attack
Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk Full Text
Abstract
A newly discovered zero-click attack, dubbed Shadow Escape, exploits MCP used by AI assistants. This attack enables the silent exfiltration of sensitive data—including SSNs, financial records, and medical identifiers—without any user interaction.Hack Read
October 24, 2025 – Breach
Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand Full Text
Abstract
The Medusa ransomware group has leaked a 186.36 GB compressed archive of data allegedly stolen from Comcast Corporation. The data was released after Comcast reportedly failed to meet a $1.2 million ransom demand.Hack Read
October 24, 2025 – Breach
Toys R Us Canada customer data swiped, dumped online Full Text
Abstract
Toys R Us Canada disclosed that attackers accessed a customer database and exfiltrated personal information including names, addresses, phone numbers, and email addresses. However, the exact number of affected individuals remains undisclosed.The Register
October 20, 2025 – Vulnerabilities
A critical WatchGuard Fireware flaw could allow unauthenticated code execution Full Text
Abstract
An unauthenticated attacker can exploit the flaw to execute arbitrary code. The vulnerability is an out-of-bounds write issue that affects Fireware OS versions 11.10.2–11.12.4_Update1, 12.0–12.11.3, and 2025.1.Security Affairs
October 20, 2025 – Malware
North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware Full Text
Abstract
The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset.The Hacker News
October 20, 2025 – Breach
American Airlines subsidiary Envoy confirms Oracle data theft attack Full Text
Abstract
Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its data leak site.Bleeping Computer
October 20, 2025 – Vulnerabilities
ConnectWise fixes Automate bug allowing AiTM update attacks Full Text
Abstract
ConnectWise released a security update to address vulnerabilities, one of them with critical severity, in Automate product that could expose sensitive communications to interception and modification.Bleeping Computer
October 20, 2025 – Malware
Malicious Perplexity Comet Browser Download Ads Push Malware Via Google Full Text
Abstract
A new malvertising campaign is taking advantage of the popularity of Perplexity’s recently released Comet browser, tricking users into downloading a malicious installer instead of the legitimate product.Hack Read
October 20, 2025 – Phishing
Google ads for fake Homebrew, LogMeIn sites push infostealers Full Text
Abstract
A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey.Bleeping Computer
October 20, 2025 – Phishing
TikTok videos continue to push infostealers in ClickFix attacks Full Text
Abstract
Cybercriminals are using TikTok videos disguised as free activation guides for popular software like Windows, Spotify, and Netflix to spread information-stealing malware.Bleeping Computer
October 20, 2025 – APT
FortiGuard Tracks HoldingHands Malware Shift: Cross-Regional APT Uses Task Scheduler Hijack to Evade Detection Full Text
Abstract
FortiGuard Labs has uncovered a sophisticated cross-regional campaign that has gradually expanded from China to Taiwan, Japan, and most recently Malaysia, revealing a methodical evolution in both targeting and technical capability.Security Online
October 18, 2025 – Policy and Law
PowerSchool hacker got four years in prison Full Text
Abstract
A Massachusetts student has been sentenced to four years in prison for hacking and extorting approximately $3 million from two companies. The cyberattack led to the exposure of sensitive data belonging to nearly 70 million individualsSecurity Affairs
October 18, 2025 – General
Auto sector faces historic cyber threats to business continuity Full Text
Abstract
The automotive sector is facing an unprecedented wave of cyberattacks that threaten business continuity, disrupt global supply chains, and expose critical vulnerabilities in connected vehicle systems.Cybersecurity Dive
October 17, 2025 – Vulnerabilities
WatchGuard security advisory (AV25-677) Full Text
Abstract
WatchGuard has issued a security advisory (AV25-677) addressing a critical vulnerability in Fireware OS. The vulnerability, identified as an Out of Bounds Write in the iked component, affects multiple versions of the operating system.Govenment of Canada
October 16, 2025 – Phishing
Whisper 2FA Behind One Million Phishing Attempts Since July Full Text
Abstract
Whisper 2FA is a sophisticated phishing-as-a-service (PhaaS) platform responsible for nearly one million phishing attacks since July 2025. It ranks as the third most active phishing kit globally, following Tycoon and EvilProxy.Infosecurity Magazine
October 16, 2025 – Malware
GhostBat RAT Returns with Fake RTO Apps Targeting Indian Android Users with Telegram Bot-Driven Malware Full Text
Abstract
A new Android malware campaign, GhostBat RAT, is actively targeting Indian users by impersonating the legitimate mParivahan app. This malware is designed to steal financial data, mine cryptocurrency, and exfiltrate SMS messages.The Cyber Express
October 16, 2025 – Breach
Ransomware gang says it hacked Kearney Public Schools, but district says it didn’t get ransom demand Full Text
Abstract
Kearney Public Schools in Nebraska experienced a ransomware attack attributed to the Interlock gang, which claims to have stolen 354 GB of sensitive data, including personal, financial, and third-party information.CompariTech
October 16, 2025 – Government
Known Exploited Vulnerabilities Catalog Full Text
Abstract
A critical vulnerability affects Adobe Experience Manager Forms JEE. This flaw allows attackers to execute arbitrary code on affected systems. The vulnerability has been added to CISA’s KEV catalog, indicating confirmed exploitation in the wild.CISA
October 16, 2025 – Ransomware
Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate Full Text
Abstract
Qilin is a sophisticated Ransomware-as-a-Service (RaaS) group that emerged in 2022 and has since targeted high-value organizations globally. The group leverages bulletproof hosting (BPH) infrastructure to evade law enforcement and sustain operations.ReSecurity
October 16, 2025 – Breach
Fake LastPass, Bitwarden breach alerts lead to PC hijacks Full Text
Abstract
The campaign was strategically launched over the Columbus Day holiday weekend to exploit reduced staffing and delay detection. The phishing emails impersonate official communications from LastPass and Bitwarden.Bleeping Computer
October 16, 2025 – Vulnerabilities
Cisco security advisory (AV25-672) Full Text
Abstract
Cisco has released a security advisory, addressing multiple vulnerabilities across a range of its products. These vulnerabilities affect various Cisco collaboration and communication platforms.Government of Canada
October 16, 2025 – Vulnerabilities
Cisco must share more information about effects of severe bugs on businesses, senator says Full Text
Abstract
Two critical vulnerabilities—CVE-2025-30333 and CVE-2025-20362—affecting Cisco Adaptive Security Appliances (ASA) have triggered an emergency directive from CISA, requiring immediate patching by federal agencies.The Record
October 16, 2025 – Attack
Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits Full Text
Abstract
A new attack campaign, dubbed Operation Zero Disco, exploits the Cisco SNMP vulnerability CVE-2025-20352 to deploy Linux rootkits on unprotected Cisco devices. The campaign targets Cisco 9400, 9300, and legacy 3750G series switches.Trend Micro
October 15, 2025 – Insider Threat
Invoicely Data Leak Exposes 178K Customer Records Full Text
Abstract
In October 2025, researchers discovered an unprotected Amazon S3 bucket linked to Invoicely, a Vienna-based SaaS invoicing platform. The misconfigured bucket exposed 178,519 sensitive documents.ESecurity Planet
October 15, 2025 – Malware
Malicious crypto-stealing VSCode extensions resurface on OpenVSX Full Text
Abstract
A threat actor known as TigerJack is actively distributing malicious VSCode extensions to steal crypto, exfiltrate source code, and execute arbitrary code. Researchers have identified at least 11 malicious VSCode extensions distributed by TigerJack.Bleeping Computer
October 14, 2025 – Phishing
Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware Full Text
Abstract
The sophisticated attack begins with a carefully crafted Spanish-language email impersonating the “17th Municipal Civil Court of the Bogotá Circuit,” complete with formal legal language and institutional details.GBHakcers
October 14, 2025 – Vulnerabilities
Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops Full Text
Abstract
Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections.Bleeping Computer
October 14, 2025 – General
Satellites found exposing unencrypted data, including phone calls and some military comms Full Text
Abstract
Security researchers have discovered that as many as half of all geostationary satellites in Earth’s orbit are carrying unencrypted sensitive consumer, corporate, and military information, making this data wide open to eavesdropping.Tech Crunch
October 14, 2025 – Vulnerabilities
Clevo UEFI Leak Allows Signing of Malicious Firmware with BootGuard Keys Full Text
Abstract
Clevo accidentally exposed private keys used in its Intel Boot Guard implementation, allowing attackers to sign malicious firmware that would be trusted during the earliest boot stages.GBHackers
October 14, 2025 – Attack
UK hit by record number of ‘nationally significant’ cyberattacks Full Text
Abstract
A record number of “nationally significant” cyberattacks hit the United Kingdom last year, the National Cyber Security Centre (NCSC) is to announce on Tuesday as it publishes its annual review for 2024.The Record
October 14, 2025 – Breach
178,000+ Invoices Expose Customer Data from Invoicely Platform Full Text
Abstract
A significant data exposure incident has affected the cloud-based invoicing platform Invoicely, potentially compromising sensitive information belonging to customers worldwide.GBHackers
October 13, 2025 – General
When hackers hit, patient safety takes the fall Full Text
Abstract
93% of U.S. healthcare organizations experienced at least one cyberattack in the past year, with an average of 43 incidents per organization. 72% of respondents said at least one incident disrupted patient care.Help Net Security
October 13, 2025 – Vulnerabilities
Oracle E-Business Suite Flaw Enables Remote Code Execution and Data Theft Full Text
Abstract
Oracle has issued a critical security alert for a severe vulnerability in its E-Business Suite platform that could allow attackers to execute remote code and steal sensitive data without requiring authentication.GBHackers
October 13, 2025 – Breach
SonicWall SSLVPN Targeted After Hackers Breach All Customer Firewall Backups Full Text
Abstract
Cybersecurity researchers at Huntress have detected a widespread attack campaign targeting SonicWall SSL VPN devices across multiple customer environments, with over 100 accounts compromised since early October.GBHackers
October 13, 2025 – Malware
New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCs Full Text
Abstract
Cybersecurity researchers have disclosed details of a new Rust-based backdoor called ChaosBot that can allow operators to conduct reconnaissance and execute arbitrary commands on compromised hosts.The Hacker News
October 13, 2025 - Criminals
Spanish Authorities Dismantle Advanced AI Phishing Operation GoogleXcoder Full Text
Abstract
Spanish law enforcement recently dismantled an advanced AI-driven phishing network and arrested the mastermind developer known as “GoogleXcoder.” This operation marks a significant victory in the fight against banking credential theft in Spain.GBHackers
October 13, 2025 – Outage
Kearney Public Schools Hit by Cyberattack, Network and Phones Down Ahead of Monday Classes Full Text
Abstract
Kearney Public Schools (KPS) is fighting with a cybersecurity incident that has disrupted its entire technology network, affecting phones, computers, and other digital systems across the district.The Cyber Express
October 13, 2025 – Malware
WhatsApp Worm Targets Users with Banking Malware, Steals Login Information Full Text
Abstract
The most concerning aspect of this campaign is its self-propagating nature. After successful infection, the malware attempts to spread itself to the victim’s WhatsApp contacts, creating an exponential distribution network that leverages social trust.GBHackers
October 13, 2025 – Malware
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns Full Text
Abstract
Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns.The Hacker News
October 13, 2025 – Malware
Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord Full Text
Abstract
Fortinet FortiGuard Labs researchers spotted Stealit malware campaign abusing Node.js Single Executable Application (SEA) and sometimes Electron to spread via fake game and VPN installers on Mediafire and Discord.Security Affairs
October 11, 2025 – Criminals
North Korea IT worker scheme swells beyond US companies Full Text
Abstract
Researchers have identified over 130 fake personas linked to more than 6,500 job interviews across approximately 5,000 companies over a four-year period through mid-2025.Cyber Scoop
October 11, 2025 – Criminals
North Korean hackers stole over $2 billion in crypto this year Full Text
Abstract
North Korean threat actors have stolen over $2 billion in cryptocurrency assets in 2025, marking the largest annual total on record. The largest confirmed theft was the Bybit hack in February 2025, resulting in the loss of $1.46 billion.Bleeping Computer
October 11, 2025 – General
North Korean Scammers Are Doing Architectural Design Now Full Text
Abstract
North Korean operatives are expanding their cyber-enabled fraud operations into the architectural and civil engineering sectors. These actors are impersonating licensed professionals to secure freelance design jobs in the US.Wired
October 11, 2025 – Government
U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog Full Text
Abstract
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical directory traversal vulnerability in Grafana, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog.Security Affairs
October 11, 2025 – Attack
AI Chatbots Used as Backdoors in New Cyberattacks Full Text
Abstract
The campaign targets enterprises across finance, healthcare, and technology sectors that have adopted LLM chatbots for customer service and automation. Attackers have successfully exfiltrated internal system data and more.ESecurity Planet
October 10, 2025 – Breach
‘Payroll pirate’ hackers diverting salary payments from university employees, Microsoft says Full Text
Abstract
Storm-2657 is targeting U.S. universities to hijack employee payroll accounts. At least 11 accounts across three universities were compromised to send phishing emails to nearly 6,000 recipients across 25 universities.The Record
October 10, 2025 – General
77% of Employees Leak Data via ChatGPT, Report Finds Full Text
Abstract
18% of enterprise employees paste data into generative AI tools, and over 50% of those pastes include corporate information. Notably, 77% of online LLM access is to ChatGPT, with 43% of enterprise users engaging with ChatGPT alone.ESecurity Planet
October 10, 2025 – Vulnerabilities
A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk Full Text
Abstract
A supply chain vulnerability was found in the Axis Plugin for Autodesk Revit, where hard-coded Azure Storage Account credentials were embedded in signed DLLs. These credentials enabled unauthorized access to cloud-hosted MSI installers and RFA files.Trend Micro
October 10, 2025 – General
Legit tools, illicit uses: Velociraptor, Nezha turned against victims Full Text
Abstract
Threat actors are increasingly abusing legitimate open-source tools for malicious purposes. Recent campaigns have seen the misuse of Velociraptor and Nezha to maintain persistence, exfiltrate data, and deploy ransomware and RATs.Help Net Security
October 10, 2025 – Breach
Ransomware gang says it hacked merchandise distributor SRP not once, but twice Full Text
Abstract
Strategic Retail Partners (SRP), a major North American merchandise distributor, experienced a ransomware attack in February 2025, with the Medusa gang claiming responsibility. The breach exposed sensitive personal data.CompariTech
October 9, 2025 – Vulnerabilities
GitLab security advisory (AV25-650) Full Text
Abstract
GitLab issued a security advisory (AV25-650) addressing multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). The vulnerabilities affect versions prior to 18.4.2, 18.3.4, and 18.2.8.Government of Canada
October 9, 2025 – Vulnerabilities
Open Web Analytics SQL Injection Full Text
Abstract
A high-severity SQL injection vulnerability (CVE-2025-59397) has been identified in Open Web Analytics (OWA) version 1.8.0 and likely affects earlier versions. The flaw allows authenticated users to inject arbitrary SQL commands.SecLists
October 8, 2025 – Attack
Mic-E-Mouse: When Your Gaming Mouse Becomes a Microphone Full Text
Abstract
A novel side-channel attack named Mic-E-Mouse has been demonstrated, leveraging high-DPI optical mouse sensors to capture desk vibrations and reconstruct nearby speech. This technique transforms a common input device into a covert surveillance tool.ESecurity Planet
October 8, 2025 – Phishing
“Can you test my game?” Fake itch.io pages spread hidden malware to gamers Full Text
Abstract
The campaign leverages compromised Discord accounts to send direct messages asking users to test a game. Victims are redirected to convincing fake game pages hosted on Blogspot subdomains or cloud services.Malware Bytes
October 8, 2025 – Breach
Ransomware Group Claims Attack on Beer Giant Asahi Full Text
Abstract
The Russia-based Qilin ransomware group added Asahi to its leak site, claiming responsibility for the attack. The group alleges the theft of 27 GB of sensitive data, including contracts, employee records, financial documents, and business forecasts.Security Week
October 8, 2025 – Phishing
Western Sydney University Targeted in Widespread Email Scam Causing Student Distress Full Text
Abstract
Western Sydney University has been targeted in a widespread phishing scam involving fraudulent emails sent to students and alumni. These emails falsely claimed that recipients’ degrees had been revoked.The Cyber Express
October 8, 2025 – Malware
New Shuyal Stealer Targets 17 Web Browsers for Login Data and Discord Tokens Full Text
Abstract
A new infostealer malware named Shuyal Stealer has been identified by a Threat Intelligence Team. This malware targets login credentials and Discord tokens from 17 different web browsers.Hack Read
October 8, 2025 – Criminals
Met Police Arrest Two Teens in Connection with Kido Attack Full Text
Abstract
Two teenagers have been arrested in Bishop’s Stortford, Hertfordshire, in connection with a ransomware attack on the Kido nursery group in London. The attackers, operating under the alias "Radiant," attempted to extort £600,000 in Bitcoin .Infosecurity Magazine
October 8, 2025 – Phishing
Don’t connect your wallet: Best Wallet cryptocurrency scam is making the rounds Full Text
Abstract
A phishing campaign is targeting cryptocurrency users by impersonating the Best Wallet app. The attackers aim to steal wallet credentials, private keys, and seed phrases by luring victims to a fake website that closely mimics the legitimate platform.Malware Bytes
October 8, 2025 – Breach
Military radio maker BK Technologies cops to cyber break-in Full Text
Abstract
BK Technologies, a manufacturer of mission-critical communication radios for police, fire, and military services, has disclosed a cyber intrusion that resulted in the compromise of internal systems and potential exposure of employee data.The Register
October 7, 2025 – Vulnerabilities
[Control systems] ABB security advisory (AV25-648) Full Text
Abstract
ABB has disclosed a high-severity vulnerability (CVE-2021-22291) affecting its EIBPORT V3 KNX and EIBPORT V3 KNX GSM products. The vulnerability, rated with a CVSS score of 8.5, involves improper input neutralization during web page generation.Government of Canada
October 7, 2025 – Privacy
New Mic-E-Mouse Attack Shows Computer Mice Can Capture Conversations Full Text
Abstract
Security researchers have unveiled a novel side-channel attack named Mic-E-Mouse, which exploits high-DPI optical sensors in modern computer mice to capture and reconstruct human speech.Hack Read
October 7, 2025 – Breach
Data Breach at Doctors Imaging Group Impacts 171,000 People Full Text
Abstract
A significant data breach at Doctors Imaging Group compromised the personal and medical information of over 171,000 individuals. Doctors Imaging Group experienced unauthorized access to its network between November 5 and November 11, 2024.Security Week
October 7, 2025 – Phishing
Phishers target 1Password users with convincing fake breach alert Full Text
Abstract
A recent spear-phishing campaign targeted a Malwarebytes employee with a convincing fake breach alert impersonating 1Password’s Watchtower service. The attackers aimed to steal the victim’s 1Password credentials.Malware Bytes
October 7, 2025 – Government
Known Exploited Vulnerabilities Catalog Full Text
Abstract
A critical RCE bug affects multiple Mozilla products including Firefox, Thunderbird, and SeaMonkey. This flaw, which occurs when JavaScript is enabled, allows remote attackers to execute arbitrary code by exploiting memory corruption.CISA
October 7, 2025 – Government
Known Exploited Vulnerabilities Catalog Full Text
Abstract
A critical heap out-of-bounds write vulnerability, tracked as CVE-2021-22555, has been identified in the Linux Kernel. This flaw allows attackers to escalate privileges or cause a DoS condition via heap memory corruption through user namespaces.CISA
October 7, 2025 – Government
Known Exploited Vulnerabilities Catalog Full Text
Abstract
CVE-2011-3402 is a critical remote code execution vulnerability in Microsoft Windows, stemming from a flaw in the TrueType font parsing engine within the win32k.sys kernel-mode driver.CISA
October 7, 2025 – Government
Known Exploited Vulnerabilities Catalog Full Text
Abstract
A critical out-of-bounds write vulnerability has been identified in Microsoft Windows, specifically within the InformationCardSigninHelper Class ActiveX control. This flaw allows remote code execution when a user visits a malicious webpage.CISA
October 7, 2025 – Breach
Ransomware gang Qilin hacked Mecklenburg County, VA public schools Full Text
Abstract
The Qilin ransomware group has claimed responsibility for a cyberattack on Mecklenburg County Public Schools (MCPS) in Virginia, which occurred in September 2025. The group alleges it exfiltrated 305 GB of sensitive data.CompariTech
October 7, 2025 – Breach
Fort Wayne Medical Education Program notifies 29,000+ people of data breach Full Text
Abstract
The Fort Wayne Medical Education Program (FWMEP), a medical residency program in Indiana, has disclosed a ransomware attack that compromised the personal data of 29,485 individuals, including employees and their dependents.CompariTech
October 6, 2025 – Malware
Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users Full Text
Abstract
A new malware campaign named SORVEPOTEL is actively targeting Brazilian users via WhatsApp and email. It spreads through phishing messages containing ZIP files with malicious LNK shortcuts, aiming for rapid propagation rather than data theft.Trend Micro
October 6, 2025 – Malware
Malvertising Campaign Hides in Plain Sight on WordPress Websites Full Text
Abstract
The infection was identified when a customer noticed unauthorized JavaScript loading on their WordPress site. Investigation revealed that the same malicious script was active on at least 17 other websites.Sucuri
October 6, 2025 – Breach
Discord discloses data breach after hackers steal support tickets Full Text
Abstract
A recent data breach involving a third-party customer service provider has resulted in the unauthorized access and theft of personally identifiable information (PII) of Discord users.Bleeping Computer
October 6, 2025 – Attack
Massive surge in scans targeting Palo Alto Networks login portals Full Text
Abstract
A significant surge in reconnaissance scans has been detected targeting Palo Alto Networks login portals. Experts reported a 500% increase in scanning activity, with over 1,285 unique IPs involved on October 3.Bleeping Computer
October 6, 2025 – Vulnerabilities
Event startup Partiful wasn’t stripping GPS locations from user-uploaded photos Full Text
Abstract
A critical privacy vulnerability was discovered in the Partiful event planning app, where GPS metadata embedded in user-uploaded images—including public profile photos—was not stripped upon upload.Tech Crunch
October 6, 2025 – Vulnerabilities
U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
CISA has added five critical vulnerabilities to its KE) catalog, mandating federal agencies to remediate them by October 23, 2025. These include flaws in GNU Bash, Juniper ScreenOS, Jenkins, Smartbedded Meteobridge, and Samsung mobile devices.Security Affairs
October 6, 2025 – Attack
Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control Full Text
Abstract
A novel Command and Control (C2) technique has emerged that leverages AWS X-Ray, Amazon’s distributed tracing service, as a covert bidirectional C2 channel. This method exploits legitimate cloud infrastructure to evade traditional network defenses.Security Affairs
October 6, 2025 – Vulnerabilities
Hackers exploited Zimbra flaw as zero-day using iCalendar files Full Text
Abstract
A zero-day vulnerability (CVE-2025-27915) in Zimbra Collaboration Suite (ZCS) was actively exploited using malicious iCalendar files. The flaw, an XS) vulnerability, allowed attackers to execute arbitrary JavaScript in victim sessions.Bleeping Computer
October 3, 2025 – Phishing
Scam Facebook groups send malicious Android malware to seniors Full Text
Abstract
Attackers used social engineering methods to lure targets into joining fake Facebook groups that appeared to promote travel and community activities—such as trips, dance classes, and community gatherings.Malware Bytes
October 3, 2025 – Breach
Renault UK Customer Records Stolen in Third-Party Breach Full Text
Abstract
Renault UK is informing customers that their personal data may have been compromised following a cyberattack on one of its third-party service providers. The automaker has said that the attackers gained access via the external provider.Hack Read
October 2, 2025 – Vulnerabilities
Adobe Analytics bug leaked customer tracking data to other tenants Full Text
Abstract
A critical ingestion bug in Adobe Analytics caused cross-tenant data leakage, exposing customer tracking data from one organization to others. The issue lasted for nearly a day and affected multiple Adobe Analytics services globally.Bleeping Computer
October 2, 2025 – Phishing
That annoying SMS phish you just got may have come from a box like this Full Text
Abstract
Threat actors are exploiting unsecured Milesight IoT cellular routers to send SMS-based phishing messages. These routers are widely deployed in critical infrastructure such as traffic lights and electric power meters.Ars Technical
October 2, 2025 – Attack
Oracle customers being bombarded with emails claiming widespread data theft Full Text
Abstract
A widespread extortion campaign is targeting Oracle customers with emails claiming data theft from Oracle’s E-Business Suite. The emails are allegedly linked to the Clop ransomware group.Cyber Scoop
October 2, 2025 – Vulnerabilities
Multiple Vulnerabilities in VMware Aria Operations and VMware Tools Could Allow for Privilege Escalation Full Text
Abstract
Multiple vulnerabilities have been identified in VMware Aria Operations and VMware Tools, the most critical of which (CVE-2025-41244) allows local privilege escalation to root.CI Security
October 2, 2025 – Malware
walk through the updates Full Text
Abstract
Rhadamanthys, a modular infostealer, has released version 0.9.2 with significant updates. These changes impact detection, analysis, and reverse engineering, and include new evasion techniques, configuration formats, and delivery mechanisms.Check Point
October 1, 2025 – Attack
Smishing Campaigns Exploit Cellular Routers to Target Belgium Full Text
Abstract
A wave of smishing attacks has been traced to exploited Milesight Industrial Cellular Routers, with attackers abusing their APIs to send phishing SMS messages. These campaigns primarily target Belgian users.Infosecurity Magazine
October 1, 2025 – Vulnerabilities
Google Project Zero Exposes ASLR Bypass Vulnerability in Apple’s Serialization Framework Full Text
Abstract
Researchers have uncovered a novel technique to bypass Address Space Layout Randomization (ASLR) in Apple devices by exploiting deterministic behaviors in the NSKeyedArchiver and NSKeyedUnarchiver serialization frameworks.The Cyber Express
October 1, 2025 – Vulnerabilities
Festo CPX-CEC-C1 and CPX-CMXX Full Text
Abstract
A critical vulnerability (CVE-2022-3079) has been identified in Festo CPX-CEC-C1 and CPX-CMXX control blocks. This flaw allows unauthenticated, remote access to critical webpage functions, potentially resulting in a denial of service (DoS).CISA
October 1, 2025 – Breach
Hack of US Surveillance Provider RemoteCOM Exposes Court Data Full Text
Abstract
A significant data breach has compromised RemoteCOM, a US-based surveillance provider, exposing highly sensitive data of nearly 14,000 individuals under court supervision and 6,896 law enforcement personnel.Hack Read
October 1, 2025 – Vulnerabilities
Tesla Fixes TCU USB Flaw Allowing Root Access Full Text
Abstract
A critical vulnerability in Tesla’s TCU allowed attackers with physical access to gain root-level code execution. The flaw has been patched via an over-the-air (OTA) update.ESecurity Planet
October 1, 2025 – Breach
WestJet confirms recent breach exposed customers’ passports Full Text
Abstract
A recent cybersecurity incident at Canadian airline WestJet has resulted in the exposure of sensitive customer data, including passport and government-issued ID information. The breach has been confirmed to involve personal data exfiltration.Bleeping Computer
October 1, 2025 – Malware
New MatrixPDF toolkit turns PDFs into phishing and malware lures Full Text
Abstract
A new phishing and malware distribution toolkit named MatrixPDF has emerged, enabling threat actors to weaponize PDF files for credential theft and malware delivery. It embeds JS actions that execute when a document is opened.Bleeping Computer
October 1, 2025 – Attack
$50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections Full Text
Abstract
A newly disclosed hardware-based attack, dubbed Battering RAM, enables attackers to bypass memory encryption protections in Intel SGX and AMD SEV-SNP technologies. It leverages a low-cost DDR4 interposer to manipulate memory access.The Hacker News