🚨 CISA KEV 1[−]
1 Oct KEVCISOs advised to rethink vulnerability management as exploits sharply riseEnterprise attack surfaces continue to expand rapidly, with more than 20,000 new vulnerabilities disclosed in the first half of 2025, straining already hard-pressed security teams. Nearly 35% (6,992) of these vulnerabilities have publicly available exploit code, according to the …CSOONLINE.COM
🐛 COMMON VULNERABILITIES AND EXPOSURES 7[−]
1 OctThreat actors could retrieve valid usernames from VMware by exploiting vulnerabilitiesThree new vulnerabilities have been found in critical VMware products, including two that could be used to recover usernames. The trio of holes, two of which were found by the US National Security Agency (NSA), were divulged Monday and tagged “Important” in terms of severity. Pat…CSOONLINE.COM
1 Oct KEV48+ Cisco Firewalls Hit by Actively Exploited 0-Day VulnerabilityCisco has confirmed two serious vulnerabilities impacting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls. Tracked as CVE-2025-20333 and CVE-2025-20362, both issues allow attackers to run arbitrary code on unpatched devices. Cisco security advis…GBHACKERS.COM
1 Oct KEVCisco IOS/IOS XE SNMP Vulnerabilities Exploited in Ongoing Attacks, Warns CISAThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about critical vulnerabilities in Cisco’s IOS and IOS XE Software SNMP subsystem that are actively being exploited by threat actors. CVE-2025-20352, which involves a stack-based buffer overflow in th…GBHACKERS.COM
1 OctRed Hat OpenShift AI Vulnerability Lets Attackers Seize Infrastructure ControlA serious vulnerability in the Red Hat OpenShift AI service (RHOAI) enables attackers with minimal access to escalate privileges and take control of entire clusters. Identified as CVE-2025-10725, the flaw resides in an overly permissive ClusterRole assignment. A low-privileged us…GBHACKERS.COM
1 OctOneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate AppsA high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances. The vulnerability, tra…THEHACKERNEWS.COM
1 OctMicrosoft plots new path for Sentinel, adding agentic AI featuresMicrosoft has announced a raft of new AI features for Sentinel SIEM and Security Copilot as part of its push to turn them into fully “agentic platforms.” The announcement has several parts, starting with perhaps the biggest news: Sentinel, the company’s cloud SIEM platform first …CSOONLINE.COM
1 OctChinese APT group Phantom Taurus targets gov and telecom organizationsResearchers have documented a previously unknown threat actor that aligns with China’s intelligence collection interests. The group primarily targets government and telecommunications organizations from Africa, the Middle East, and Asia with the goal of maintaining long-term cove…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 28[−]
1 Oct$50 Battering RAM Attack Breaks Intel and AMD Cloud Security ProtectionsA group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transp…THEHACKERNEWS.COM
1 OctDon’t drink or drive, say cyberattackersWhen cybercriminals can shut down both a luxury carmaker and a major beer producer in the same month, it’s clear that no sector is safe from operational disruption. Jaguar Land Rover (JLR), now backed by emergency government funding, is preparing to resume production after what’s…CSOONLINE.COM
1 OctWie CISOs schlechte Produkte enttarnenDrum prüfe… Ground Picture | shutterstock.com Security-Anbietern stehen viele Wege offen, um CISOs und Sicherheitsentscheider mit Lobpreisungen und Angeboten zu ihren jeweils aktuellen Produkten und Lösungen zu penetrieren . Und die nutzen sie auch: Manche Sicherheitsverantwortli…CSOONLINE.COM
1 OctCISA 2015 cyber threat info-sharing law lapses amid government shutdownTen years ago, Congress passed a major cybersecurity bill called the Cybersecurity Information Sharing Act of 2015 (CISA 2015) to empower the federal government to collect and disseminate threat information, while allowing private sector entities to voluntarily share that informa…CSOONLINE.COM
1 OctTop 10 Best Autonomous Endpoint Management Software In 2025Managing endpoints effectively has become one of the most critical priorities for IT teams across organizations. With the growing number of devices, operating systems, and hybrid workforce requirements, businesses need smarter and more automated endpoint management solutions. Thi…GBHACKERS.COM
1 OctGovernment shutdown deepens US cyber risk, exposing networks to threat actorsAt midnight on Sept. 30, the US government shut down for the first time since 2018, when Donald Trump shuttered all but essential government functions for 35 days unless Congress agreed to fund his border wall. This government shutdown holds even more serious ramifications for th…CSOONLINE.COM
1 OctBattering RAM Exploit Bypasses Modern Protections in Intel, AMD Cloud ProcessorsCloud providers rely on hardware-based memory encryption to keep user data safe. This encryption shields sensitive information like passwords, financial records, and personal files from hackers and curious insiders. Leading technologies such as Intel SGX and AMD SEV-SNP are desig…GBHACKERS.COM
1 OctGoogle Publishes Security Hardening Guide to Counter UNC6040 ThreatsGoogle’s Threat Intelligence Group (GTIG) has published a comprehensive guide to help organizations strengthen their SaaS security posture—particularly Salesforce—against UC6040’s sophisticated voice-phishing and malicious connected-app attacks. By combining identity hardening, S…GBHACKERS.COM
1 OctFuture Forward: CIO 2025 Outlook - Cybersecurity, AI, and Economic Uncertainty? - Aman... - BSW #415More than four out of ten (41%) Chief Information Officers (CIOs) report cybersecurity as their top concern, yet these same leaders are simultaneously increasing security budgets (77%), expanding cloud infrastructure (68%), and accelerating artificial intelligence (AI) capabiliti…YOUTUBE.COM
1 OctBroadcom Fails to Disclose Zero-Day Exploitation of VMware VulnerabilityImpacting VMware Aria Operations and VMware Tools, the flaw can be exploited to elevate privileges on the VM. The post Broadcom Fails to Disclose Zero-Day Exploitation of VMware Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctHackers Abuse EV Certificates to Sign Completely Undetectable DMG MalwareSecurity researchers have uncovered a new macOS malware campaign in which threat actors are abusing Extended Validation (EV) code-signing certificates to distribute completely undetectable (FUD) disk image (DMG) payloads. While EV certificate abuse has long plagued the Windows ec…GBHACKERS.COM
1 OctUse of Generative AI in ScamsNew report: “ Scam GPT: GenAI and the Automation of Fraud .” This primer maps what we currently know about generative AI’s role in scams, the communities most at risk, and the broader economic and cultural shifts that are making people more willing to take risks, more…SCHNEIER.COM
1 Oct2025 Cybersecurity Reality Check: Breaches Hidden, Attack Surfaces Growing, and AI Misperceptions RisingBitdefender’s 2025 Cybersecurity Assessment Report paints a sobering picture of today’s cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface. The ann…THEHACKERNEWS.COM
1 OctHackers Exploit Milesight Routers to Send Phishing SMS to European UsersUnknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular route…THEHACKERNEWS.COM
1 OctNew FlipSwitch Hooking Method Overcomes Linux Kernel DefensesA novel rootkit hooking method dubbed FlipSwitch has emerged, circumventing the latest Linux 6.9 kernel dispatch safeguards and reigniting concerns over kernel-level compromise. By manipulating the machine code of the new syscall dispatcher rather than the deprecated sys_call_tab…GBHACKERS.COM
1 OctSmishing Campaigns Exploit Cellular Routers to Target Belgium - Infosecurity Magazinesubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/smishing-exploit-cellular-routers/SH.ITJUST.WORKS
1 OctRed Hat OpenShift AI Flaw Exposes Hybrid Cloud Infrastructure to Full TakeoverA severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and genera…THEHACKERNEWS.COM
1 OctChinese State-Sponsored Hackers Exploiting Network Edge Devices to Harvest Sensitive DataChinese state-sponsored cyber threat group Salt Typhoon has been targeting global telecommunications infrastructure since at least 2019, exploiting network edge devices to establish deep persistence and harvest vast quantities of sensitive data. Aligned with the Ministry of State…GBHACKERS.COM
1 OctUkraine Warns of Weaponized XLL Files Delivering CABINETRAT Malware via Zip ArchivesUkraine’s national cyber incident response team, CERT-UA, has issued an urgent warning about a new malware campaign that weaponizes Excel add-in (XLL) files to deploy the CABINETRAT backdoor. Throughout September 2025, CERT-UA analysts discovered multiple malicious XLL files masq…GBHACKERS.COM
1 OctGet Your Game On! 3 Ways to Use the 2025 Cyberawareness Month Resource KitThe calendar has flipped into October, so now it’s time to let the Cybersecurity Awareness Month games begin!KNOWBE4.COM
1 OctTop 10 Best Vulnerability Management Software in 2025In today’s fast-paced digital environment, organizations face constant threats from cybercriminals exploiting weaknesses in IT systems. Vulnerability management software is one of the most crucial elements in safeguarding a network, as it helps identify, evaluate, and remediate s…GBHACKERS.COM
1 Oct KEVCISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systemssubmitted by kid to cybersecurity 4 points | 0 comments https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.htmlSH.ITJUST.WORKS
1 OctWestJet data breach exposes travel details of 1.2 million customersCanadian airline WestJet is informing customers that the cyberattack disclosed in June compromised the personal information of 1.2 million customers, including passports and ID documents. [...]BLEEPINGCOMPUTER.COM
1 OctCybersecurity Awareness Month: Security starts with youAt Microsoft, we believe that cybersecurity is as much about people as it is about technology. Explore some of our resources for Cybersecurity Awareness Month to stay safe online. The post Cybersecurity Awareness Month: Security starts with you appeared first on Microsoft Securit…MICROSOFT.COM
1 OctMicrosoft to force install Microsoft 365 companion apps in OctoberLater this month, Microsoft will start automatically installing the Microsoft 365 companion apps on Windows 11 devices that have the Microsoft 365 desktop client apps. [...]BLEEPINGCOMPUTER.COM
1 OctYour favourite phone apps might be leaking your company’s secretsMost of the apps on your phone is talking to a server somewhere - sending and receiving data through messages sent through APIs, the underlying infrastructure that allows apps to communicate. And here's the problem - hackers have determined that the APIs of mobile apps, when left…FORTRA.COM
1 OctSmashing Security podcast #437: Salesforce’s trusted domain of doomResearchers uncovered a security flaw in Salesforce’s shiny new Agentforce. The vulnerability, dubbed "ForcedLeak", let them smuggle AI-read instructions in via humble Web-to-Lead form... and ended up spilling data for the low, low price of five dollars. And we discuss why data b…GRAHAMCLULEY.COM
1 OctRisky Business #809 -- Hackers try to pay a journalist for access to the BBCOn this week’s show Patrick Gray is on holiday so Amberleigh Jack and Adam Boileau hijack the studio to discuss the week’s cybersecurity news, including: Hackers learn that trying to coerce a journalist just makes for … a great story? A man in his 40s gets arrested over the Europ…RISKY.BIZ
📋 SECURITY BULLETINS 1[−]
1 OctMultiple NVIDIA Flaws Allow Attackers to Escalate Privileges on SystemsNVIDIA has issued a critical security bulletin revealing multiple vulnerabilities in its NVIDIA App software that can enable attackers to escalate privileges on Windows systems. The flaws, addressed in the September 2025 update, stem from improper file handling during the install…GBHACKERS.COM
📢 SECURITY ADVISORIES 7[−]
1 OctChinese hacking group ‘Phantom Taurus’ targets governmentssubmitted by Hotznplotzn to cybersecurity 2 points | 0 comments https://www.telecomstechnews.com/news/chinese-hacking-group-phantom-taurus-targets-governments/ cross-posted from: lemmy.sdf.org/post/43277000 Here is the technical analyses by Unit42-Paloaltonetworks: Phantom Taurus…INFOSEC.PUB
1 OctChinese hacking group ‘Phantom Taurus’ targets governmentssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://www.telecomstechnews.com/news/chinese-hacking-group-phantom-taurus-targets-governments/ Here is the technical analyses by Unit42-Paloaltonetworks: Phantom Taurus: A New Chinese Nexus APT and the Discovery of …SH.ITJUST.WORKS
1 OctCyber-Bedrohungslage in der EU verschärft sichRansomware liegt weiter im Trend bei Cyberkriminellen. Studio-M – shutterstock.com Die Bedrohungslage für Europas digitale Infrastruktur hat sich weiter verschärft. Das geht aus dem neuen Bericht der EU-Agentur für Cybersicherheit ENISA hervor. In dem Report wird Erpresser-Softwa…CSOONLINE.COM
1 OctNIST Publishes Guide for Protecting ICS Against USB-Borne ThreatsNIST Special Publication 1334 focuses on reducing cybersecurity risks associated with the use of removable media devices in OT environments. The post NIST Publishes Guide for Protecting ICS Against USB-Borne Threats appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctIntroducing Sophos Advisory ServicesSee how your networks, systems, and employees stand up to simulated attacks before an adversary strikes.SOPHOS.COM
1 OctHow To Simplify CISA's Zero Trust Roadmap with Modern MicrosegmentationCISA says microsegmentation isn't optional—it's foundational to Zero Trust. But legacy methods make it slow & complex. Learn from Zero Networks how modern, automated, agentless approaches make containment practical for every org. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 9[−]
1 OctUkraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPsThe Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotte…THEHACKERNEWS.COM
1 OctNew Android Banking Trojan “Klopatra” Uses Hidden VNC to Control Infected SmartphonesA previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in l…THEHACKERNEWS.COM
1 OctNew DNS Malware ‘Detour Dog’ Uses TXT Records to Deliver Strela StealerDetour Dog, a stealthy website malware campaign tracked since August 2023, has evolved from redirecting victims to tech-support scams into a sophisticated DNS-based command-and-control (C2) distribution system that delivers the Strela Stealer information stealer via DNS TXT recor…GBHACKERS.COM
1 OctThe Case for Multidomain VisibilityGet key insights from the 2025 Unit 42 Global Incident Response Report. Defend against complex, multidomain cyberattacks with unified visibility, AI-powered detection and identity controls. The post The Case for Multidomain Visibility appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
1 OctWestJet Confirms Data Breach Exposing Customer Personal InformationWestJet Airlines has confirmed that a recent cybersecurity incident exposed certain personal information belonging to its customers. The Canadian carrier says the breach took place in mid-June and was discovered on June 13, 2025. Company officials stress that the situation is now…GBHACKERS.COM
1 OctData breach at Canadian airline WestJet affects 1.2M passengersThe June data breach of Canada’s second largest airline WestJet was blamed on the Scattered Spider hacking group.TECHCRUNCH.COM
1 OctAllianz Life says July data breach impacts 1.5 million peopleAllianz Life has completed the investigation into the cyberattack it suffered in July and determined that nearly 1.5 million individuals are impacted. [...]BLEEPINGCOMPUTER.COM
1 OctGoogle Drive for desktop gets AI-powered ransomware detectionGoogle has begun rolling out a new AI-powered security feature for Google Drive desktop, which will automatically pause file syncing when it detects a ransomware attack to minimize impact. [...]BLEEPINGCOMPUTER.COM
1 OctData breach at dealership software provider impacts 766k clientsA ransomware attack at Motility Software Solutions, a provider of dealer management software (DMS), has exposed the sensitive data of 766,000 customers. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 24[−]
1 OctISC Stormcast For Wednesday, October 1st, 2025 https://isc.sans.edu/podcastdetail/9636, (Wed, Oct 1st)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
1 OctMatrixPDF Campaign Evades Gmail Filters to Deliver Malicious PayloadsCybercriminals are turning a trusted file format against users in a sophisticated new attack campaign. MatrixPDF represents a concerning evolution in social engineering attacks that split malicious activities across multiple platforms to evade detection. PDF files have become the…GBHACKERS.COM
1 OctGoogle Gemini Vulnerabilities Let Hackers Steal Saved Data and Live LocationResearch has uncovered three significant vulnerabilities in Google’s Gemini AI assistant suite, dubbed the “Gemini Trifecta,” that could have allowed cybercriminals to steal users’ saved data and live location information. The vulnerabilities, which have s…GBHACKERS.COM
1 OctBeijing-backed burglars master .NET to target government web serverssubmitted by PhilipTheBucket to cybersecurity 1 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2025/10/01/phantom_taurus_apt/SH.ITJUST.WORKS
1 OctMicrosoft Sentinel Launches AI-Driven Agentic SIEM Platform for Enterprise SecurityOrganizations face an ever-evolving cyberthreat landscape marked by faster, more complex attacks. Today, Microsoft is answering this call with the general availability of an agentic security platform built on Microsoft Sentinel. This new wave of innovation combines data…GBHACKERS.COM
1 OctBattering RAM Attack Breaks Intel and AMD Security Tech With $50 DeviceIntel and AMD say the research is not in scope of their threat model because the attack requires physical access to a device. The post Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctSpotlight report: Securing the cloudDownload the October 2025 issue of the Enterprise Spotlight from the editors of CIO, Computerworld, CSO, InfoWorld, and Network World. aria-label="Embed of Spotlight report: Securing the Cloud."> Spotlight report: Securing the Cloud DownloadUS.RESOURCES.CSOONLINE.COM
1 OctIndustry groups worry about cyber info sharing as key US law is set to expire | Reuterssubmitted by kid to cybersecurity 1 points | 0 comments https://www.reuters.com/legal/litigation/industry-groups-worry-about-cyber-info-sharing-key-us-law-is-set-expire-2025-09-29/SH.ITJUST.WORKS
1 OctCybersecurity Awareness Month 2025:Prioritizing Identity to Safeguard Critical InfrastructureThis year’s theme focuses on government entities and small and medium-sized businesses that are vital to protecting the systems and services that keep our communities running. The post Cybersecurity Awareness Month 2025:Prioritizing Identity to Safeguard Critical Infrastructure a…SECURITYWEEK.COM
1 OctSVG Security Analysis Toolkit to Detect Malicious Scripts Hidden in SVG filessubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/svg-security-analysis-toolkit/SH.ITJUST.WORKS
1 OctDescope Raises $35 Million in Seed Round ExtensionThe identity and access management provider will invest in agentic identity R&D, expand to new regions, and hire new talent. The post Descope Raises $35 Million in Seed Round Extension appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctNew Malware-as-a-Service Olymp Loader Promises Defender-Bypass With Automatic Certificate Signingsubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/new-malware-as-a-service-olymp-loader/SH.ITJUST.WORKS
1 Oct'Trifecta' of Gemini Flaws Turn AI Into Attack Vehiclesubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/vulnerabilities-threats/trifecta-google-gemini-flaws-ai-attack-vehicleSH.ITJUST.WORKS
1 OctCanadian Airline WestJet Says Hackers Stole Customer DataThe company says names, contact details, and ID documents provided in connection with reservations and travel were stolen from its systems. The post Canadian Airline WestJet Says Hackers Stole Customer Data appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctChinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star MalwareFocused on espionage, the threat actor shares infrastructure with Chinese APTs, but uses different TTPs in attacks. The post Chinese APT ‘Phantom Taurus’ Targeting Organizations With Net-Star Malware appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctTop 100 World’s Best Cybersecurity Companies in 2025The digital landscape in 2025 is characterized by unprecedented connectivity and an equally sophisticated array of cyber threats. Organizations face a constant barrage of attacks targeting their data, infrastructure, and reputation. Selecting the right cybersecurity partners has …GBHACKERS.COM
1 OctMalicious PyPI Package Mimics as SOCKS5 Proxy Tool Attacking Windows PlatformsJFrog’s security research team has identified a malicious PyPI package named SoopSocks that masquerades as a legitimate SOCKS5 proxy utility while stealthily implanting a backdoor on Windows systems. This package leverages automated installation, advanced persistence techniques, …GBHACKERS.COM
1 OctSenior Travel Scams Used by Threat Actors to Distribute Datzbro MalwareIn August 2025, Australian authorities issued multiple scam alerts after users reported suspicious Facebook groups promoting “active senior trips.” What initially appeared as harmless community gatherings concealed a sophisticated mobile malware operation. ThreatFabric researcher…GBHACKERS.COM
1 OctGoing DEEP: A Simple Framework for a Complex ProblemIn our previous blog post , we discussed the behavioral science behind why people click on malicious links.KNOWBE4.COM
1 OctOpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS AttacksThree vulnerabilities have been patched with the release of OpenSSL updates. The post OpenSSL Vulnerabilities Allow Private Key Recovery, Code Execution, DoS Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
1 OctBuilding Trust in AI: KnowBe4's Journey Toward ISO 42001 CertificationAt KnowBe4, everything we do is built on a foundation of innovation and trust. As we bring more artificial intelligence (AI) into our human risk management platform, we believe it’s essential to be transparent and responsible every step of the way.KNOWBE4.COM
1 OctWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
1 Oct'Delightful' Red Hat OpenShift AI bug allows full takeoversubmitted by PhilipTheBucket to cybersecurity 1 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2025/10/01/critical_red_hat_openshift_ai_bug/INFOSEC.PUB
1 OctUS gov shutdown leaves IT projects hanging, security defenders a skeleton crewsubmitted by PhilipTheBucket to cybersecurity 2 points | 0 comments https://go.theregister.com/feed/www.theregister.com/2025/10/01/us_government_shutdown_it_seccurity/INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 3[−]
1 OctNew WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus InterposerIn yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel's Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. SGX is des…THEHACKERNEWS.COM
1 OctAndroid malware uses VNC to give attackers hands-on accessA new Android banking and remote access trojan (RAT) dubbed Klopatra disguised as an IPTV and VPN app has infected more than 3,000 devices across Europe. [...]BLEEPINGCOMPUTER.COM
1 OctAdobe Analytics bug leaked customer tracking data to other tenantsAdobe is warning its Analytics customers that an ingestion bug caused data from some organizations to appear in the analytics instances of others for approximately one day. [...]BLEEPINGCOMPUTER.COM
🎙️ PODCASTS 1[−]
1 Oct50,000 Cisco Firewalls ExposedCritical Vulnerabilities and AI Voice Cloning Risks in Cybersecurity In this episode of Cybersecurity Today, host Jim Love discusses key cybersecurity threats, including critical vulnerabilities in Sudo and Cisco firewalls, and a remote command flaw in Western Digital MyCloud dev…CYBERSECURITYTODAY.LIBSYN.COM
📡 INFOSEC NEWS 10[−]
1 OctHow Leading Security Teams Blend AI + Human Workflows (Free Webinar)AI is changing automation—but not always for the better. That’s why we’re hosting a new webinar, "Workflow Clarity: Where AI Fits in Modern Automation," with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hy…THEHACKERNEWS.COM
1 OctMicrosoft: Media Creation Tool broken on Windows 11 Arm64 PCsAfter rolling out Windows 11 25H2, also known as Windows 11 2025 Update, Microsoft has confirmed that the Media Creation Tool has stopped working on devices with Arm64 CPUs. [...]BLEEPINGCOMPUTER.COM
1 OctFinal 3 days to score extra discounts on community passes to TechCrunch Disrupt 2025Only 3 days left to lock in even bigger savings on group passes to TechCrunch Disrupt 2025! Exclusive to founders and investors, save up to 20% on groups of 4–9 until Friday, October 3 at 11:59 p.m. PT.TECHCRUNCH.COM
1 OctUK government tries again to access encrypted Apple customer data: reportThe U.K. Home Office is seeking access to Apple users’ encrypted iCloud backups for a second time, after an earlier attempt failed earlier this year.TECHCRUNCH.COM
1 OctF-Droid project threatened by Google's new dev registration rulesF-Droid is warning that the project could reach an end due to Google's new requirements for all Android developers to verify their identity. [...]BLEEPINGCOMPUTER.COM
1 OctNew bug in classic Outlook can only be fixed via Microsoft supportMicrosoft is investigating a known issue that causes the classic Outlook email client to crash upon launch, which can only be resolved via Exchange Online support. [...]BLEEPINGCOMPUTER.COM
1 OctAnker offered to pay Eufy camera owners to share videos for training its AIHundreds of Eufy customers have donated hundreds of thousands of videos to train the company’s AI systems.TECHCRUNCH.COM
1 OctEmails claim Oracle data theft in new Clop-linked extortion campaignMandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems [...]BLEEPINGCOMPUTER.COM
1 OctClop extortion emails claim theft of Oracle E-Business Suite dataMandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems [...]BLEEPINGCOMPUTER.COM
1 OctCybersecurity Awareness Month 2025: Knowledge is powerWe're kicking off the month with a focus on the human element: the first line of defense, but also the path of least resistance for many cybercriminalsWELIVESECURITY.COM