🚨 CISA KEV 1[−]
9 Oct KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2021-43798 Grafana Path Traversal Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and po…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
9 OctCritical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder ThemeThreat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators, and take control of susceptible sites. The authentication bypass vulnerability,…THEHACKERNEWS.COM
9 OctPoC Released for Linux Kernel ksmbd Filesystem VulnerabilitySecurity researcher Norbert Szetei published the final installment of his deep-dive into the ksmbd filesystem module, culminating in a working proof-of-concept exploit targeting CVE-2025-37947. Unlike earlier use-after-free candidates that required complex race conditions or depe…GBHACKERS.COM
9 OctChromium: CVE-2025-11460 Use after free in StorageThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
9 OctChromium: CVE-2025-11458 Heap buffer overflow in SyncThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
9 OctCVE-2025-59218 Azure Entra ID Elevation of Privilege VulnerabilityAzure Entra ID Elevation of Privilege VulnerabilityMSRC.MICROSOFT.COM
9 OctCVE-2025-59246 Azure Entra ID Elevation of Privilege VulnerabilityAzure Entra ID Elevation of Privilege VulnerabilityMSRC.MICROSOFT.COM
9 OctCVE-2025-59247 Azure PlayFab Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
9 OctCVE-2025-55321 Azure Monitor Log Analytics Spoofing VulnerabilityImproper neutralization of input during web page generation ('cross-site scripting') in Azure Monitor allows an authorized attacker to perform spoofing over a network.MSRC.MICROSOFT.COM
9 OctCVE-2025-59271 Redis Enterprise Elevation of Privilege VulnerabilityInformation published.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 27[−]
9 OctCourt Injunctions are the Thoughts and Prayers of Data Breach ResponsePresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing You see it all the time after a tragedy occurs somewhere, and people flock to offer their sympathies via the "thoughts and prayers" line. Sympathy is …TROYHUNT.COM
9 OctCISOs wollen mehr DatensichtbarkeitDie meisten CISOs wollen Einsicht in alle Datenströme in ihren Unternehmen, fast immer müssen sie dabei jedoch Kompromisse eingehen. alphaspirit – shutterstock.com Um hybride Cloud-Infrastrukturen zu überwachen und abzusichern, will die Mehrzahl der Sicherheitsverantwortlichen di…CSOONLINE.COM
9 OctCrowdStrike Falcon Windows Sensor Flaw Could Let Attackers Execute Code and Delete FilesCrowdStrike has disclosed two critical vulnerabilities affecting its Falcon sensor for Windows that could enable attackers to delete arbitrary files and potentially compromise system stability. The cybersecurity company released patches for both security flaws in its latest senso…GBHACKERS.COM
9 OctChinese Hackers Weaponize Nezha Tool to Run Commands on Web ServersSecurity researchers have uncovered a sophisticated cyberattack campaign where Chinese threat actors are exploiting web applications using an innovative log poisoning technique to deploy web shells and subsequently weaponize Nezha, a legitimate server monitoring tool, for malicio…GBHACKERS.COM
9 OctThe ultimate business resiliency test: Inside Kantsu’s ransomware responseA year ago, midsize Japanese logistics company Kantsu suffered significant damage from a cyberattack in which ransomware locked its servers and cut off communications, bringing the company’s shipping operations to a halt. We spoke with Kantsu President Hisahiro Tatsujo, the compa…CSOONLINE.COM
9 OctChinese Hackers Breached Law Firm Williams & Connolly via Zero-DayThe company said there is no evidence that confidential client data was stolen from its systems. The post Chinese Hackers Breached Law Firm Williams & Connolly via Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctHackers Targeting WordPress Plugin Vulnerability to Seize Admin AccessA critical authentication bypass in the Service Finder Bookings plugin has enabled unauthenticated attackers to assume administrator privileges on thousands of WordPress sites. Exploitation began within 24 hours of public disclosure, and over 13,800 exploit attempts have been blo…GBHACKERS.COM
9 OctGitHub Copilot Chat Flaw Leaked Data From Private RepositoriesHidden comments allowed full control over Copilot responses and leaked sensitive information and source code. The post GitHub Copilot Chat Flaw Leaked Data From Private Repositories appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctRondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning ExploitsTrend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen in Pwn2Own contests.TRENDMICRO.COM
9 OctYour cyber risk problem isn’t tech — it’s architectureThe creation of an ongoing cyber risk management process, aligned with the governance of the information security management process, is a premise that ensures the survival of the organization. Here, I want to present a practical and strategic view on how to align security archit…CSOONLINE.COM
9 OctPoC Released for Nothing Phone Code-Execution VulnerabilityA proof-of-concept exploit has been published for a critical flaw in the secure boot process of the Nothing Phone (2a) and CMF Phone 1. This exploit can break the chain of trust and allow full code execution at the highest privilege level, posing a severe risk to device security.…GBHACKERS.COM
9 OctCybercriminals Impersonate HR Departments to Harvest Your Gmail Login DetailsA seemingly legitimate Zoom document share from “HR” redirected victims through a fake bot-protection gate into a Gmail login phish. User credentials are exfiltrated live via WebSocket and validated in real time. This report breaks down the social engineering, the malicious infra…GBHACKERS.COM
9 Oct KEVHomeland Security’s reassignment of CISA staff leaves US networks exposedThe US Department of Homeland Security has started reassigning cybersecurity personnel to non-cyber duties tied to deportation and border enforcement priorities. Hundreds of workers within the Cybersecurity and Infrastructure Security Agency (CISA), who were engaged in issuing al…CSOONLINE.COM
9 OctHackers exploit auth bypass in Service Finder WordPress themesubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-auth-bypass-in-service-finder-wordpress-theme/SH.ITJUST.WORKS
9 OctNew QR Code-Based Quishing Attack Targets Microsoft UsersA sophisticated quishing campaign leveraging weaponized QR codes has been uncovered, specifically targeting Microsoft users with seemingly innocuous document review requests. By exploiting advanced evasion techniques—splitting the QR code into two separate images, using non-stand…GBHACKERS.COM
9 OctSevere Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Nowsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.htmlSH.ITJUST.WORKS
9 OctLockBit, DragonForce, and Qilin form a ‘cartel’ to dictate ransomware market conditionsThree of the most notorious ransomware-as-a-service operations have formed a criminal cartel aimed at coordinating attacks and sharing resources in what they describe as an increasingly “challenging” ransomware business environment. DragonForce, Qilin, and LockBit announced the p…CSOONLINE.COM
9 OctClayRat spyware turns phones into distribution hubs via SMS and TelegramA fast-evolving Android spyware campaign known as “ClayRat,” initially targeting Russian users but now spreading far beyond, has produced more than 600 samples and 50 droppers in just three months. According to Zimperium’s Zlabs observations, ClayRat is distributed via phishing s…CSOONLINE.COM
9 OctThreat Actors Exploit DFIR Tool Velociraptor in Ransomware AttacksCisco Talos has confirmed that ransomware operators are now leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool, to gain stealthy, persistent access and deploy multiple ransomware variants against enterprise environments. This marks the fir…GBHACKERS.COM
9 OctHackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security ChecksSonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain encrypted credentials and configuration data; while encryption remains in place, possession of the…THEHACKERNEWS.COM
9 OctThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & MoreCyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands t…THEHACKERNEWS.COM
9 OctMicrosoft Azure Experiences Global Outage Disrupting Cloud Services WorldwideMicrosoft Azure suffered a significant service interruption that left many customers unable to reach cloud resources. The incident began at roughly 07:40 UTC, when Azure Front Door, the platform’s native content delivery network (CDN), lost about 30 percent of its capacity, as re…GBHACKERS.COM
9 OctSquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link DistributionPalo Alto, California, October 9th, 2025, CyberNewsWire As AI Browsers rapidly gain adoption across enterprises, SquareX has released critical security research exposing major vulnerabilities that could allow attackers to exploit AI Browsers to exfiltrate sensitive data, distribu…GBHACKERS.COM
9 OctBYOVD to the next level (part 2) — rootkit like it's 2025Bring Your Own Vulnerable Driver (BYOVD) is a well-known post-exploitation technique used by adversaries. This blog post is part of a series. In part one we saw how to abuse a vulnerable driver to gain access to Ring-0 capabilities. In this second and final part, we provide a tec…QUARKSLAB.COM
9 OctCISA Releases Four Industrial Control Systems AdvisoriesCISA released four Industrial Control Systems (ICS) Advisories on October 9, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-282-01 Hitachi Energy Asset Suite ICSA-25-282-02 Rockwell Aut…CISA.GOV
9 OctRondoDox botnet targets 56 n-day flaws in worldwide attacksA new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. [...]BLEEPINGCOMPUTER.COM
9 OctMultitasking Employees Are Particularly Vulnerable to Phishing AttacksEmployees who multitask are significantly more vulnerable to phishing attacks , according to a study from the University at Albany published in the European Journal of Information Systems.KNOWBE4.COM
📋 SECURITY BULLETINS 1[−]
9 OctGitLab Releases Security Update to Patch Multiple DoS-Enabling VulnerabilitiesGitLab has issued a critical security update to address several denial-of-service (DoS) vulnerabilities affecting both Community Edition (CE) and Enterprise Edition (EE). Self-managed installations should upgrade immediately to versions 18.4.2, 18.3.4, or 18.2.8. GitLab.com alrea…GBHACKERS.COM
📢 SECURITY ADVISORIES 3[−]
9 OctHackers Enhance ClickFix Attack Using Cache Smuggling to Stealthily Download Malicious FilesCybersecurity researchers have discovered a sophisticated evolution of the ClickFix attack technique that leverages browser cache smuggling to covertly place malicious files on target systems without traditional file downloads. This advanced social engineering campaign specifical…GBHACKERS.COM
🔥 INCIDENT REPORTING 18[−]
9 OctThe Evolution of Chaos: Ransomware’s New Era of Speed and IntelligenceIn 2025, the notorious Chaos ransomware has undergone a dramatic transformation, emerging with a sophisticated C++ variant that represents the most dangerous iteration to date. This marks the first time Chaos has departed from its traditional .NET foundation, introducing destruct…GBHACKERS.COM
9 OctDiscord Data Breach Exposes 1.5 TB of Data and 2 Million Government ID PhotosThe popular communication platform Discord is confronting a major extortion attempt after cybercriminals breached one of its third-party customer service providers, compromising sensitive user data including government identification photos used for age verification. Threat actor…GBHACKERS.COM
9 OctData-Leak Sites Surge to Record Levels Amid Scattered Spider RaaS and LockBit 5.0 RiseRansomware threats reached a tipping point in Q3 2025 as data-leak sites surged to a record 81 active platforms, driven by major developments across the ecosystem. English-speaking hacking collective Scattered Spider teased its first ransomware-as-a-service (RaaS) offering, “Shin…GBHACKERS.COM
9 OctAPT Hackers Abuse ChatGPT to Develop Advanced Malware and Phishing CampaignsSecurity researchers at Volexity have uncovered compelling evidence that China-aligned threat actors are leveraging artificial intelligence platforms like ChatGPT to enhance their sophisticated cyberattack capabilities. The group, tracked as UTA0388, has been conducting sophistic…GBHACKERS.COM
9 OctDiscord Says 70,000 Users Had IDs Exposed in Recent Data BreachThe hackers claim the theft of over 2 million photos of government identification documents provided to Discord for age verification. The post Discord Says 70,000 Users Had IDs Exposed in Recent Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctFrom Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on UkraineRussian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special Communications and Information Protection (SSSCIP) said. "Hackers now employ it not only…THEHACKERNEWS.COM
9 OctMajor US law firm says hackers broke into attorneys’ emails accounts | The Record from Recorded Future Newssubmitted by kid to cybersecurity 2 points | 0 comments https://therecord.media/us-law-firm-hackers-breached-emailSH.ITJUST.WORKS
9 OctSaaS Breaches Start with Tokens - What Security Teams Must WatchToken theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely on a whole range of software-as-a-service (SaaS) applications to run their o…THEHACKERNEWS.COM
9 OctLücke in Hotelsoftware legt Kundendaten offenDie Hotelkette Motel One spielt die Auswirkungen der Sicherheitslücke in der Hotelsoftware herunter. Tobias Arhelger – shutterstock.com IT-Sicherheitsaktivisten des Kollektivs “ Zerforschung” entdeckten kürzlich ein Sicherheitsleck in einer Hotelverwaltungssoftware, das sensible …CSOONLINE.COM
9 OctHackers claim Discord breach exposed data of 5.5 million userssubmitted by kid to cybersecurity 1 points | 1 comments https://www.bleepingcomputer.com/news/security/hackers-claim-discord-breach-exposed-data-of-55-million-users/SH.ITJUST.WORKS
9 OctSonicWall: Firewall configs stolen for all cloud backup customersSonicWall has confirmed that all customers that used the company's cloud backup service are affected by the security breach last month. [...]BLEEPINGCOMPUTER.COM
9 OctSonicWall Confirms Breach Exposing All Customer Firewall Configuration BackupsSonicWall, together with leading incident response firm Mandiant, has completed a thorough review of a recent cloud backup security incident. The investigation confirmed that an unknown party gained access to all firewall configuration backup files for customers using the MySonic…GBHACKERS.COM
9 OctThe State of Ransomware in Healthcare 2025 – Sophos Newssubmitted by kid to cybersecurity 3 points | 0 comments https://news.sophos.com/en-us/2025/10/08/the-state-of-ransomware-in-healthcare-2025/SH.ITJUST.WORKS
9 OctInvestigating targeted “payroll pirate” attacks affecting US universitiesMicrosoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed …MICROSOFT.COM
9 OctClosing the Cloud Security GapSecure your cloud. Get insights from the 2025 Unit 42 Global Incident Response Report on closing the cloud security gap and protecting your assets. The post Closing the Cloud Security Gap appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
9 OctNew ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok AppsA rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spy…THEHACKERNEWS.COM
9 OctHackers now use Velociraptor DFIR tool in ransomware attacksThreat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. [...]BLEEPINGCOMPUTER.COM
9 OctDiscord suffers data breach impacting at least 70,000 usersThe platform said in a press release that hackers breached a third-party vendor that Discord uses for age-related appeals.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 20[−]
9 OctISC Stormcast For Thursday, October 9th, 2025 https://isc.sans.edu/podcastdetail/9648, (Thu, Oct 9th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
9 OctPolymorphic Python Malware That Mutates Every Time It RunsA newly spotted Python remote access trojan (RAT) on VirusTotal employs advanced polymorphic and self-modifying techniques, allowing it to alter its code signature on every execution and evade detection. Security researchers examining VirusTotal submissions identified a suspiciou…GBHACKERS.COM
9 OctAll SonicWall Cloud Backup Users Had Firewall Configurations StolenIn early September, hackers stole the firewall configuration backup files stored using the MySonicWall service. The post All SonicWall Cloud Backup Users Had Firewall Configurations Stolen appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctGUEST ESSAY: Why cyber defenses need a framework — and a clearer map of boundariesIn the early years of enterprise computing, isolation had a clear home in the networking domain. Related: The state of cloud security Network isolation meant a strong perimeter that kept internal traffic separate from the external world. Firewalls, VLANs, and … (more…) The …LASTWATCHDOG.COM
9 OctRealm.Security Raises $15 Million in Series A FundingThe cybersecurity startup will use the investment to accelerate its product development and market expansion efforts. The post Realm.Security Raises $15 Million in Series A Funding appeared first on SecurityWeek .SECURITYWEEK.COM
9 OctVirusTotal Introduces Simplified Platform Access and New Contributor ModelVirusTotal, the collaborative malware analysis platform, has announced a major update to simplify access and reward contributors. The changes aim to make the platform easier to use for individual researchers while ensuring engine partners receive priority support and advanced fea…GBHACKERS.COM
9 OctTelco biz ICUK restores services after two-day DDoS pelting • The Registersubmitted by kid to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/10/08/telecoms_wholesaler_icuk_restores_services/SH.ITJUST.WORKS
9 OctDigital Fraud Costs Companies Worldwide 7.7% of Annual Revenue - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/digital-fraud-costs-companies/SH.ITJUST.WORKS
9 OctCrimson Collective hackers target AWS cloud instances for data theftsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/crimson-collective-hackers-target-aws-cloud-instances-for-data-theft/SH.ITJUST.WORKS
9 OctOpenAI bans some Chinese, Russian accounts using AI for evil • The Registersubmitted by kid to cybersecurity 0 points | 0 comments https://www.theregister.com/2025/10/07/openai_bans_suspected_china_accounts/SH.ITJUST.WORKS
9 OctMicrosoft warns about hackers abusing Teams | Cybernewssubmitted by kid to cybersecurity 2 points | 0 comments https://cybernews.com/security/teams-under-siege-microsoft-urge-strengthening-security/SH.ITJUST.WORKS
9 OctFrom infostealer to full RAT: dissecting the PureRAT attack chainResearchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor — loaders, evasions, and TLS-pinned C2. Join Huntress Labs' Tradecraft Tuesday for deep technical walkthroughs and live IOC guidance on the latest cybersecurity topics. [...]BLEEPINGCOMPUTER.COM
9 OctShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/SH.ITJUST.WORKS
9 OctLightship Security and the OpenSSL Corporation Submit OpenSSL 3.5.4 for FIPS 140-3 ValidationNewark, United States, October 9th, 2025, CyberNewsWire Lightship Security, an Applus+ Laboratories company and accredited cryptographic security test laboratory, and the OpenSSL Corporation, the co-maintainer of the OpenSSL Library, announce the submission of OpenSSL version 3.5…GBHACKERS.COM
9 OctRed Hat Hackers Team Up With Scattered Lapsus$ Hunterssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/red-hat-hackers-team-up-scattered-lapsus-huntersSH.ITJUST.WORKS
9 OctID photos of 70,000 users may have been leaked, Discord sayssubmitted by nemeski to cybersecurity 7 points | 3 comments https://www.bbc.com/news/articles/c8jmzd972leoSH.ITJUST.WORKS
9 OctSecuring agentic AI: Your guide to the Microsoft Ignite sessions catalogSecurity is a core focus at Microsoft Ignite 2025, reflected in dedicated sessions and hands-on experiences designed for security professionals and leaders. Take a look at the session catalog. The post Securing agentic AI: Your guide to the Microsoft Ignite sessions catalog appe…MICROSOFT.COM
9 OctFrom HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage MalwareA China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known as GOVERSHELL. "The initially observed campaigns were tailored to the targets…THEHACKERNEWS.COM
9 OctIf You Have Not Realized It, Vishing Is Really Taking OffFighting voice-based phishing needs to be a big part of your human risk management (HRM) plan. KNOWBE4.COM
9 OctAzure outage blocks access to Microsoft 365 services, admin portalssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/microsoft/azure-outage-blocks-access-to-microsoft-365-services-admin-portals/SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 3[−]
9 OctHacktivists target critical infrastructure, hit decoy plantA pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. [...]BLEEPINGCOMPUTER.COM
9 OctItalian businessman’s phone reportedly targeted with Paragon spywareThe alleged targeting of prominent Italian businessman Francesco Gaetano Caltagirone now widens the Paragon spyware scandal in Italy to victims beyond journalists and activists.TECHCRUNCH.COM
9 OctNew Android spyware ClayRat imitates WhatsApp, TikTok, YouTubeA new Android spyware called ClayRat is luring potential victims by posing as popular apps and services like WhatsApp, Google Photos, TikTok, and YouTube. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 9[−]
9 Oct[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th)[This is a Guest Diary by Jin Quan Low, an ISC intern as part of the SANS.edu Bachelor&#;39;s Degree in Applied Cybersecurity (BACS) program [1].]
ISC.SANS.EDU
9 OctWeaponized AI Assistants & Credential ThievesLearn the state of AI and the NPM ecosystem with the recent s1ngularity' weaponized AI for credential theft.TRENDMICRO.COM
9 OctAzure outage blocks access to Microsoft 365 services, admin portalsMicrosoft is working to resolve an outage affecting its Azure Front Door content delivery network (CDN), which is preventing customers from accessing some Microsoft 365 services. [...]BLEEPINGCOMPUTER.COM
9 OctHow to protect your car from hacking | Kaspersky official blogWe explore cyberthreats facing modern cars, and share practical advice on protecting your vehicle from hacking and theft in 2025.KASPERSKY.COM
9 OctMicrosoft: Windows Backup now available for enterprise usersMicrosoft announced this week the general availability of Windows Backup for Organizations, a new enterprise-grade backup tool that helps simplify backups and makes the transition to Windows 11 easier. [...]BLEEPINGCOMPUTER.COM
9 Oct‘Dozens’ of organizations had data stolen in Oracle-linked hacksThe mass-hacks targeting Oracle E-Business customers is the latest hacking campaign by Clop, an extortion group known for abusing security flaws in enterprise products to steal large amounts of sensitive data.TECHCRUNCH.COM
9 OctMicrosoft Defender mistakenly flags SQL Server as end-of-lifeMicrosoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. [...]BLEEPINGCOMPUTER.COM
9 OctMicrosoft: Hackers target universities in “payroll pirate” attacksA cybercrime gang tracked as Storm-2657 has been targeting university employees in the United States to hijack salary payments in "pirate payroll" attacks since March 2025. [...]BLEEPINGCOMPUTER.COM
9 OctHow Uber seems to know where you are – even with restricted location permissionsIs the ride-hailing app secretly tracking you? Not really, but this iOS feature may make it feel that way.WELIVESECURITY.COM