MATLOCK.CA
96Articles
9Categories
2025-10-22Date
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-61932 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability This type of vulnera…
KEVCISA.GOV — Wed, 22 Oct 25 1
🐛
TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution
THEHACKERNEWS.COM — 22 Oct 2025
🐛
TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
THEHACKERNEWS.COM — 22 Oct 2025
🐛
Sharepoint ToolShell attacks targeted orgs across four continents
BLEEPINGCOMPUTER.COM — 22 Oct 2025
🐛
TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blog
SH.ITJUST.WORKS — 22 Oct 2025
🐛
webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant?, (Wed, Oct 22nd)
ISC.SANS.EDU — 22 Oct 2025
🐛
Hackers exploiting critical "SessionReaper" flaw in Adobe Magento
BLEEPINGCOMPUTER.COM — 22 Oct 2025
🐛
Prompt hijacking puts MCP-based AI workflows at risk
CSOONLINE.COM — 22 Oct 2025
🐛
CVE-2025-40013 ASoC: qcom: audioreach: fix potential null pointer dereference
MSRC.MICROSOFT.COM — 22 Oct 2025
🐛
CVE-2025-40016 media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
MSRC.MICROSOFT.COM — 22 Oct 2025
🐛
CVE-2025-40011 drm/gma500: Fix null dereference in hdmi teardown
MSRC.MICROSOFT.COM — 22 Oct 2025
🐛
CVE-2025-40005 spi: cadence-quadspi: Implement refcount to handle unbind during busy
MSRC.MICROSOFT.COM — 22 Oct 2025
🐛
CVE-2025-40010 afs: Fix potential null pointer dereference in afs_put_server
MSRC.MICROSOFT.COM — 22 Oct 2025
🐛
Serious vulnerability found in Rust library
CSOONLINE.COM — 22 Oct 2025
⚠️
Self-propagating worm found in marketplaces for Visual Studio Code extensions
CSOONLINE.COM — 22 Oct 2025
⚠️
Ransomware Dominates Cyber Attacks & AI Tools for Cybersecurity | Tech News Update
CYBERSECURITYTODAY.LIBSYN.COM — 22 Oct 2025
⚠️
Hackers Exploit OAuth Apps to Keep Cloud Access Even After Password Resets
GBHACKERS.COM — 22 Oct 2025
⚠️
New Salt Typhoon Attacks Leverage Zero-Days and DLL Sideloading
GBHACKERS.COM — 22 Oct 2025
⚠️
Sendmarc appoints Dan Levinson as Customer Success Director in North America
CSOONLINE.COM — 22 Oct 2025
⚠️
CAASM and EASM: Top 12 attack surface discovery and management tools
CSOONLINE.COM — 22 Oct 2025
⚠️
Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025
SECURITYWEEK.COM — 22 Oct 2025
⚠️
Salesforce’s glaring Dreamforce omission: Vital security lessons from Salesloft Drift
CSOONLINE.COM — 22 Oct 2025
⚠️
Vidar Stealer Exploits: Direct Memory Attacks Used to Capture Browser Credentials
GBHACKERS.COM — 22 Oct 2025
⚠️
Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
THEHACKERNEWS.COM — 22 Oct 2025
⚠️
Security That Sticks: Shaping Human Behavior - Nicole Jiang, Rinki Sethi - BSW #418
YOUTUBE.COM — 2025-10-22
⚠️
4 factors creating bottlenecks for enterprise GenAI adoption
CSOONLINE.COM — 22 Oct 2025
⚠️
Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data
GBHACKERS.COM — 22 Oct 2025
⚠️
Why You Should Swap Passwords for Passphrases
THEHACKERNEWS.COM — 22 Oct 2025
⚠️
Failures in Face Recognition
SCHNEIER.COM — 2025-10-22
⚠️
What Makes a Great Field CXO: Lessons from the Front Lines
SECURITYWEEK.COM — 22 Oct 2025
⚠️
Hackers Use ASP.NET Machine Keys to Break Into IIS, Push Malicious Extensions
GBHACKERS.COM — 22 Oct 2025
⚠️
Hackers Exploit Microsoft 365 Direct Send to Evade Filters and Steal Data
GBHACKERS.COM — 22 Oct 2025
⚠️
Bridging the Remediation Gap: Introducing Pentera Resolve
THEHACKERNEWS.COM — 22 Oct 2025
⚠️
‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage tools
CSOONLINE.COM — 22 Oct 2025
⚠️
Google ‘Careers’ scam lands job seekers in credential traps
CSOONLINE.COM — 22 Oct 2025
⚠️
Threat Actors Exploiting Azure Blob Storage to Breach Organizational Repositories
GBHACKERS.COM — 22 Oct 2025
⚠️
CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
SH.ITJUST.WORKS — 22 Oct 2025
⚠️
Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch
THEHACKERNEWS.COM — 22 Oct 2025
⚠️
Fileless Remcos Attacks: Injecting Malicious Code into RMClient to Evade EDR
GBHACKERS.COM — 22 Oct 2025
⚠️
Critical Vulnerabilities Patched in TP-Link’s Omada Gateways
SECURITYWEEK.COM — 22 Oct 2025
⚠️
Azure Apps Vulnerability Lets Hackers Create Malicious Apps Mimicking Microsoft Teams
SH.ITJUST.WORKS — 22 Oct 2025
⚠️
Hackers exploit 34 zero-days on first day of Pwn2Own Ireland
SH.ITJUST.WORKS — 22 Oct 2025
⚠️
TARmageddon Flaw in Popular Rust Library Leads to RCE
SECURITYWEEK.COM — 22 Oct 2025
⚠️
Alert: Watch Out For Phishing Attacks in the Wake of the AWS Outage
KNOWBE4.COM — 22 Oct 2025
⚠️
Cybercriminals turn on each other: the story of Lumma Stealer’s collapse
FORTRA.COM — 22 Oct 2025
⚠️
TARmageddon flaw in abandoned Rust library enables RCE attacks
BLEEPINGCOMPUTER.COM — 22 Oct 2025
⚠️
Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
THEHACKERNEWS.COM — 22 Oct 2025
⚠️
Oracle Quarterly Critical Patches Issued October 21, 2025
CISECURITY.ORG — 22 Oct 2025
⚠️
Pwn2Own Day 2: Hackers exploit 56 zero-days for $790,000
BLEEPINGCOMPUTER.COM — 22 Oct 2025
⚠️
Attackers Abuse Grok to Spread Phishing Links
KNOWBE4.COM — 22 Oct 2025
⚠️
Risky Business #811 -- F5 is the tip of the crap software iceberg
RISKY.BIZ — 22 Oct 2025
📢
GitLab security advisory (AV25-689)
CYBER.GC.CA — 2025-10-22
📢
Oracle security advisory – October 2025 quarterly rollup (AV25-688)
CYBER.GC.CA — 2025-10-22
📢
PhantomCaptcha ClickFix attack targets Ukraine war relief orgs
BLEEPINGCOMPUTER.COM — 22 Oct 2025
📢
SolarWinds security advisory (AV25-690)
CYBER.GC.CA — 2025-10-22
📢
Ericsson security advisory (AV25-691)
CYBER.GC.CA — 2025-10-22
📢
Google Chrome security advisory (AV25-692)
CYBER.GC.CA — 2025-10-22
📢
ISC BIND security advisory (AV25-693)
CYBER.GC.CA — 2025-10-22
📢
Drupal security advisory (AV25-694)
CYBER.GC.CA — 2025-10-22
🔥
Ransomware-Attacke auf Nickelhütte Aue
CSOONLINE.COM — 22 Oct 2025
🔥
Fencing and Pet Company Jewett-Cameron Hit by Ransomware
SECURITYWEEK.COM — 22 Oct 2025
🔥
Ransomware Payouts Surge to $3.6m Amid Evolving Tactics - Infosecurity Magazine
SH.ITJUST.WORKS — 22 Oct 2025
🔥
'PassiveNeuron' Cyber Spies Attack With Custom Malware
SH.ITJUST.WORKS — 22 Oct 2025
🔥
Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys
THEHACKERNEWS.COM — 22 Oct 2025
🔥
FinWise data breach shows why encryption is your last defense
BLEEPINGCOMPUTER.COM — 22 Oct 2025
🔥
The CISO imperative: Building resilience in an era of accelerated cyberthreats
MICROSOFT.COM — 22 Oct 2025
🔥
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
THEHACKERNEWS.COM — 22 Oct 2025
🔥
10M Columbia NYU UMN hacked databases by state sponsored racists with gov tools in NYC biggest strike
SH.ITJUST.WORKS — 22 Oct 2025
🔥
Malicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keys
SH.ITJUST.WORKS — 22 Oct 2025
🕵️
ISC Stormcast For Wednesday, October 22nd, 2025 https://isc.sans.edu/podcastdetail/9666, (Wed, Oct 22nd)
ISC.SANS.EDU — 22 Oct 2025
🕵️
MY TAKE: Sam Altman is wielding OpenAI to usurp the browser, seize the user interface crown
LASTWATCHDOG.COM — 22 Oct 2025
🕵️
New Rust Malware “ChaosBot” Hides Command-and-Control Inside Discord
GBHACKERS.COM — 22 Oct 2025
🕵️
Millions of Credentials Stolen Each Day by Stealer Malware
GBHACKERS.COM — 22 Oct 2025
🕵️
GlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplace
INFOSEC.PUB — 22 Oct 2025
🕵️
Oracle Releases October 2025 Patches
SECURITYWEEK.COM — 22 Oct 2025
🕵️
Russian APT Switches to New Backdoor After Malware Exposed by Researchers
SECURITYWEEK.COM — 22 Oct 2025
🕵️
SharkStealer Adopts EtherHiding Technique for C2 Communication Evasion
GBHACKERS.COM — 22 Oct 2025
🕵️
Keycard Emerges From Stealth Mode With $38 Million in Funding
SECURITYWEEK.COM — 22 Oct 2025
🕵️
Sharepoint ToolShell attacks targeted orgs across four continents
SH.ITJUST.WORKS — 22 Oct 2025
🕵️
Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters
GBHACKERS.COM — 22 Oct 2025
🕵️
TP-Link warns of critical command injection flaw in Omada gateways
SH.ITJUST.WORKS — 22 Oct 2025
🕵️
Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities
SH.ITJUST.WORKS — 22 Oct 2025
🕵️
Perpatrator of all NYC major terror NYU Columbia UMN 10M in control of sacrificed Brian Thompson
SH.ITJUST.WORKS — 22 Oct 2025
🕵️
Building Trust in the Digital Age: How Financial Services Can Balance Security and Speed
KNOWBE4.COM — 22 Oct 2025
🕵️
The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns
TRENDMICRO.COM — 22 Oct 2025
🕵️
Attackers target retailers’ gift card systems using cloud-only techniques - Help Net Security
SH.ITJUST.WORKS — 22 Oct 2025
🕵️
Unmasking MuddyWater’s New Malware Toolkit Driving International Espionage
SH.ITJUST.WORKS — 22 Oct 2025
🕵️
Iranian hackers targeted over 100 govt orgs with Phoenix backdoor
BLEEPINGCOMPUTER.COM — 22 Oct 2025
🕵️
Top security researcher shares their bug bounty process
GITHUB.BLOG — 22 Oct 2025
🌐
SnakeStealer: How it preys on personal data – and how you can protect yourself
WELIVESECURITY.COM — 22 Oct 2025
🎙️
Sam Altman’s eye-scanning orb promises to prove humanity in the age of AI bots
TECHCRUNCH.COM — 22 Oct 2025
🎙️
Smashing Security podcast #440: How to hack a prison, and the hidden threat of online checkouts
GRAHAMCLULEY.COM — 22 Oct 2025
📡
We need secure products as much as we need security products
SOPHOS.COM — 22 Oct 2025
📡
Meta launches new anti-scam tools for WhatsApp and Messenger
BLEEPINGCOMPUTER.COM — 22 Oct 2025
📡
Canada Fines Cybercrime Friendly Cryptomus $176M
KREBSONSECURITY.COM — 22 Oct 2025
📡
Trend Micro Recognized as a Leader in The Forrester Wave™ 2025 for NAV
TRENDMICRO.COM — 22 Oct 2025