matlock.ca // THREAT INTELLIGENCE — 2025-10-09

94Articles

9Categories

2025-10-09Date

🚨

CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2021-43798 Grafana Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and po…

KEVCISA.GOV — Thu, 09 Oct 25 1

🐛

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

THEHACKERNEWS.COM — 09 Oct 2025

🐛

PoC Released for Linux Kernel ksmbd Filesystem Vulnerability

GBHACKERS.COM — 09 Oct 2025

🐛

Chromium: CVE-2025-11460 Use after free in Storage

MSRC.MICROSOFT.COM — 09 Oct 2025

🐛

Chromium: CVE-2025-11458 Heap buffer overflow in Sync

MSRC.MICROSOFT.COM — 09 Oct 2025

🐛

CVE-2025-59218 Azure Entra ID Elevation of Privilege Vulnerability

MSRC.MICROSOFT.COM — 09 Oct 2025

🐛

CVE-2025-59246 Azure Entra ID Elevation of Privilege Vulnerability

MSRC.MICROSOFT.COM — 09 Oct 2025

🐛

CVE-2025-59247 Azure PlayFab Elevation of Privilege Vulnerability

MSRC.MICROSOFT.COM — 09 Oct 2025

🐛

CVE-2025-55321 Azure Monitor Log Analytics Spoofing Vulnerability

MSRC.MICROSOFT.COM — 09 Oct 2025

🐛

CVE-2025-59252 M365 Copilot Spoofing Vulnerability

MSRC.MICROSOFT.COM — 09 Oct 2025

🐛

CVE-2025-59271 Redis Enterprise Elevation of Privilege Vulnerability

MSRC.MICROSOFT.COM — 09 Oct 2025

🐛

CVE-2025-59272 Copilot Spoofing Vulnerability

MSRC.MICROSOFT.COM — 09 Oct 2025

🐛

CVE-2025-59286 Copilot Spoofing Vulnerability

MSRC.MICROSOFT.COM — 09 Oct 2025

⚠️

Court Injunctions are the Thoughts and Prayers of Data Breach Response

TROYHUNT.COM — 09 Oct 2025

⚠️

CISOs wollen mehr Datensichtbarkeit

CSOONLINE.COM — 09 Oct 2025

⚠️

CrowdStrike Falcon Windows Sensor Flaw Could Let Attackers Execute Code and Delete Files

GBHACKERS.COM — 09 Oct 2025

⚠️

Chinese Hackers Weaponize Nezha Tool to Run Commands on Web Servers

GBHACKERS.COM — 09 Oct 2025

⚠️

The ultimate business resiliency test: Inside Kantsu’s ransomware response

CSOONLINE.COM — 09 Oct 2025

⚠️

Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day

SECURITYWEEK.COM — 09 Oct 2025

⚠️

Hackers Targeting WordPress Plugin Vulnerability to Seize Admin Access

GBHACKERS.COM — 09 Oct 2025

⚠️

GitHub Copilot Chat Flaw Leaked Data From Private Repositories

SECURITYWEEK.COM — 09 Oct 2025

⚠️

RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits

TRENDMICRO.COM — 09 Oct 2025

⚠️

Your cyber risk problem isn’t tech — it’s architecture

CSOONLINE.COM — 09 Oct 2025

⚠️

PoC Released for Nothing Phone Code-Execution Vulnerability

GBHACKERS.COM — 09 Oct 2025

⚠️

Cybercriminals Impersonate HR Departments to Harvest Your Gmail Login Details

GBHACKERS.COM — 09 Oct 2025

⚠️

Homeland Security’s reassignment of CISA staff leaves US networks exposed

KEVCSOONLINE.COM — 09 Oct 2025

⚠️

Hackers exploit auth bypass in Service Finder WordPress theme

SH.ITJUST.WORKS — 9 Oct 2025

⚠️

New QR Code-Based Quishing Attack Targets Microsoft Users

GBHACKERS.COM — 09 Oct 2025

⚠️

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

SH.ITJUST.WORKS — 9 Oct 2025

⚠️

LockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditions

CSOONLINE.COM — 09 Oct 2025

⚠️

ClayRat spyware turns phones into distribution hubs via SMS and Telegram

CSOONLINE.COM — 09 Oct 2025

⚠️

Threat Actors Exploit DFIR Tool Velociraptor in Ransomware Attacks

GBHACKERS.COM — 09 Oct 2025

⚠️

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks

THEHACKERNEWS.COM — 09 Oct 2025

⚠️

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

THEHACKERNEWS.COM — 09 Oct 2025

⚠️

Microsoft Azure Experiences Global Outage Disrupting Cloud Services Worldwide

GBHACKERS.COM — 09 Oct 2025

⚠️

SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution

GBHACKERS.COM — 09 Oct 2025

⚠️

BYOVD to the next level (part 2) — rootkit like it's 2025

QUARKSLAB.COM — 2025-10-09

⚠️

CISA Releases Four Industrial Control Systems Advisories

CISA.GOV — Thu, 09 Oct 25 1

⚠️

RondoDox botnet targets 56 n-day flaws in worldwide attacks

BLEEPINGCOMPUTER.COM — 09 Oct 2025

⚠️

Multitasking Employees Are Particularly Vulnerable to Phishing Attacks

KNOWBE4.COM — 09 Oct 2025

📋

GitLab Releases Security Update to Patch Multiple DoS-Enabling Vulnerabilities

GBHACKERS.COM — 09 Oct 2025

📢

Hackers Enhance ClickFix Attack Using Cache Smuggling to Stealthily Download Malicious Files

GBHACKERS.COM — 09 Oct 2025

📢

Juniper Networks security advisory (AV25-651)

CYBER.GC.CA — 2025-10-09

📢

Esri security advisory (AV25-652)

CYBER.GC.CA — 2025-10-09

🔥

The Evolution of Chaos: Ransomware’s New Era of Speed and Intelligence

GBHACKERS.COM — 09 Oct 2025

🔥

Discord Data Breach Exposes 1.5 TB of Data and 2 Million Government ID Photos

GBHACKERS.COM — 09 Oct 2025

🔥

Data-Leak Sites Surge to Record Levels Amid Scattered Spider RaaS and LockBit 5.0 Rise

GBHACKERS.COM — 09 Oct 2025

🔥

APT Hackers Abuse ChatGPT to Develop Advanced Malware and Phishing Campaigns

GBHACKERS.COM — 09 Oct 2025

🔥

Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach

SECURITYWEEK.COM — 09 Oct 2025

🔥

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

THEHACKERNEWS.COM — 09 Oct 2025

🔥

Major US law firm says hackers broke into attorneys’ emails accounts | The Record from Recorded Future News

SH.ITJUST.WORKS — 9 Oct 2025

🔥

SaaS Breaches Start with Tokens - What Security Teams Must Watch

THEHACKERNEWS.COM — 09 Oct 2025

🔥

Lücke in Hotelsoftware legt Kundendaten offen

CSOONLINE.COM — 09 Oct 2025

🔥

Hackers claim Discord breach exposed data of 5.5 million users

SH.ITJUST.WORKS — 9 Oct 2025

🔥

SonicWall: Firewall configs stolen for all cloud backup customers

BLEEPINGCOMPUTER.COM — 09 Oct 2025

🔥

SonicWall Confirms Breach Exposing All Customer Firewall Configuration Backups

GBHACKERS.COM — 09 Oct 2025

🔥

The State of Ransomware in Healthcare 2025 – Sophos News

SH.ITJUST.WORKS — 9 Oct 2025

🔥

Investigating targeted “payroll pirate” attacks affecting US universities

MICROSOFT.COM — 09 Oct 2025

🔥

Closing the Cloud Security Gap

PALOALTONETWORKS.COM — 09 Oct 2025

🔥

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

THEHACKERNEWS.COM — 09 Oct 2025

🔥

Hackers now use Velociraptor DFIR tool in ransomware attacks

BLEEPINGCOMPUTER.COM — 09 Oct 2025

🔥

Discord suffers data breach impacting at least 70,000 users

TECHCRUNCH.COM — 09 Oct 2025

🕵️

ISC Stormcast For Thursday, October 9th, 2025 https://isc.sans.edu/podcastdetail/9648, (Thu, Oct 9th)

ISC.SANS.EDU — 09 Oct 2025

🕵️

Polymorphic Python Malware That Mutates Every Time It Runs

GBHACKERS.COM — 09 Oct 2025

🕵️

All SonicWall Cloud Backup Users Had Firewall Configurations Stolen

SECURITYWEEK.COM — 09 Oct 2025

🕵️

GUEST ESSAY: Why cyber defenses need a framework — and a clearer map of boundaries

LASTWATCHDOG.COM — 09 Oct 2025

🕵️

Realm.Security Raises $15 Million in Series A Funding

SECURITYWEEK.COM — 09 Oct 2025

🕵️

VirusTotal Introduces Simplified Platform Access and New Contributor Model

GBHACKERS.COM — 09 Oct 2025

🕵️

Telco biz ICUK restores services after two-day DDoS pelting • The Register

SH.ITJUST.WORKS — 9 Oct 2025

🕵️

Digital Fraud Costs Companies Worldwide 7.7% of Annual Revenue - Infosecurity Magazine

SH.ITJUST.WORKS — 9 Oct 2025

🕵️

Crimson Collective hackers target AWS cloud instances for data theft

SH.ITJUST.WORKS — 9 Oct 2025

🕵️

OpenAI bans some Chinese, Russian accounts using AI for evil • The Register

SH.ITJUST.WORKS — 9 Oct 2025

🕵️

Microsoft warns about hackers abusing Teams | Cybernews

SH.ITJUST.WORKS — 9 Oct 2025

🕵️

From infostealer to full RAT: dissecting the PureRAT attack chain

BLEEPINGCOMPUTER.COM — 09 Oct 2025

🕵️

ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security

SH.ITJUST.WORKS — 9 Oct 2025

🕵️

Lightship Security and the OpenSSL Corporation Submit OpenSSL 3.5.4 for FIPS 140-3 Validation

GBHACKERS.COM — 09 Oct 2025

🕵️

Red Hat Hackers Team Up With Scattered Lapsus$ Hunters

SH.ITJUST.WORKS — 9 Oct 2025

🕵️

ID photos of 70,000 users may have been leaked, Discord says

SH.ITJUST.WORKS — 9 Oct 2025

🕵️

Securing agentic AI: Your guide to the Microsoft Ignite sessions catalog

MICROSOFT.COM — 09 Oct 2025

🕵️

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

THEHACKERNEWS.COM — 09 Oct 2025

🕵️

If You Have Not Realized It, Vishing Is Really Taking Off

KNOWBE4.COM — 09 Oct 2025

🕵️

Azure outage blocks access to Microsoft 365 services, admin portals

SH.ITJUST.WORKS — 9 Oct 2025

🌐

Hacktivists target critical infrastructure, hit decoy plant

BLEEPINGCOMPUTER.COM — 09 Oct 2025

🌐

Italian businessman’s phone reportedly targeted with Paragon spyware

TECHCRUNCH.COM — 09 Oct 2025

🌐

New Android spyware ClayRat imitates WhatsApp, TikTok, YouTube

BLEEPINGCOMPUTER.COM — 09 Oct 2025

📡

[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th)

ISC.SANS.EDU — 09 Oct 2025

📡

Weaponized AI Assistants & Credential Thieves

TRENDMICRO.COM — 09 Oct 2025

📡

Azure outage blocks access to Microsoft 365 services, admin portals

BLEEPINGCOMPUTER.COM — 09 Oct 2025

📡

How to protect your car from hacking | Kaspersky official blog

KASPERSKY.COM — 09 Oct 2025

📡

Microsoft: Windows Backup now available for enterprise users

BLEEPINGCOMPUTER.COM — 09 Oct 2025

📡

‘Dozens’ of organizations had data stolen in Oracle-linked hacks

TECHCRUNCH.COM — 09 Oct 2025

📡

Microsoft Defender mistakenly flags SQL Server as end-of-life

BLEEPINGCOMPUTER.COM — 09 Oct 2025

📡

Microsoft: Hackers target universities in “payroll pirate” attacks

BLEEPINGCOMPUTER.COM — 09 Oct 2025

📡

How Uber seems to know where you are – even with restricted location permissions

WELIVESECURITY.COM — 09 Oct 2025