96Articles
9Categories
2025-10-22Date
🚨 CISA KEV 1[−]
22 Oct KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-61932 Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability This type of vulnera…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 13[−]
22 OctTP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code ExecutionTP-Link has released security updates to address four security flaws impacting Omada gateway devices, including two critical bugs that could result in arbitrary code execution. The vulnerabilities in question are listed below - CVE-2025-6541 (CVSS score: 8.6) - An operating syste…THEHACKERNEWS.COM
22 OctTARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code ExecutionCybersecurity researchers have disclosed details of a high-severity flaw impacting the popular async-tar Rust library and its forks, including tokio-tar, that could result in remote code execution under certain conditions. The vulnerability, tracked as CVE-2025-62518 (CVSS score:…THEHACKERNEWS.COM
22 OctSharepoint ToolShell attacks targeted orgs across four continentsHackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations. [...]BLEEPINGCOMPUTER.COM
22 OctTARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware | Edera Blogsubmitted by kid to cybersecurity 1 points | 0 comments https://edera.dev/stories/tarmageddonSH.ITJUST.WORKS
22 Octwebctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant?, (Wed, Oct 22nd)Starting yesterday, some of our honeypots received POST requests to "/cgi-bin/webctrl.cgi", attempting to exploit an OS command injection vulnerability: ISC.SANS.EDU
22 OctHackers exploiting critical "SessionReaper" flaw in Adobe MagentoHackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. [...]BLEEPINGCOMPUTER.COM
22 OctPrompt hijacking puts MCP-based AI workflows at riskModel context protocol (MCP) gives IT teams a standardized way to connect large language models (LLMs) to tools and data sources when developing AI-based workflows. But security researchers warn that MCP-based AI workflows can be vulnerable to malicious prompt injection attacks i…CSOONLINE.COM
22 OctCVE-2025-40011 drm/gma500: Fix null dereference in hdmi teardownInformation published.MSRC.MICROSOFT.COM
22 OctSerious vulnerability found in Rust libraryDevelopers creating projects in the Rust programming language, as well as IT leaders with Rust-based applications in their environments, should pay attention to a serious vulnerability found in one of the programming language’s libraries. Researchers at Edera say they have uncove…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 37[−]
22 OctSelf-propagating worm found in marketplaces for Visual Studio Code extensionsA month after a self-propagating worm was discovered in the open source NPM code repository , a similar worm has been found targeting Visual Studio Code extensions in open marketplaces. Researchers at Israel-based Koi Security say the malware, which they dub GlassWorm, has been f…CSOONLINE.COM
22 OctRansomware Dominates Cyber Attacks & AI Tools for Cybersecurity | Tech News UpdateIn this episode of Cybersecurity Today, your host Jim Love discusses Microsoft’s latest findings on how ransomware and extortion account for over half of all cyber attacks globally, highlighting the shift toward financially driven crimes. Learn about the breach at the Kansas City…CYBERSECURITYTODAY.LIBSYN.COM
22 OctHackers Exploit OAuth Apps to Keep Cloud Access Even After Password ResetsCloud account takeover attacks have evolved beyond simple credential theft. Cybercriminals are now exploiting OAuth applications to maintain persistent access to compromised environments, bypassing traditional security measures like password resets and multifactor authentication.…GBHACKERS.COM
22 OctNew Salt Typhoon Attacks Leverage Zero-Days and DLL SideloadingSalt Typhoon represents one of the most persistent and sophisticated cyber threats targeting global critical infrastructure today. Believed to be linked to state-sponsored actors from the People’s Republic of China, this advanced persistent threat group has executed a serie…GBHACKERS.COM
22 OctSendmarc appoints Dan Levinson as Customer Success Director in North AmericaSendmarc has announced the appointment of Dan Levinson as Customer Success Director – North America , furthering the company’s regional expansion and commitment to providing expert, locally aligned support to organizations across the continent. Levinson will lead the development …CSOONLINE.COM
22 OctCAASM and EASM: Top 12 attack surface discovery and management toolsCyber asset attack surface management (CAASM) or external attack surface management (EASM) solutions are designed to quantify the attack surface and minimize and harden it. The goal with CAASM tools is to give the adversary as little information about the security posture of the …CSOONLINE.COM
22 OctHackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025Participants exploited 34 previously unknown vulnerabilities to hack printers, NAS devices, and smart home products. The post Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025 appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctSalesforce’s glaring Dreamforce omission: Vital security lessons from Salesloft DriftSalesforce’s flagship Dreamforce conference last week offered attendees a range of sessions on best practices for securing their Salesforce environments and AI agents, and about what Salesforce itself is doing with AI to improve security. The company even released two new agents …CSOONLINE.COM
22 OctVidar Stealer Exploits: Direct Memory Attacks Used to Capture Browser CredentialsOn October 6, 2025, the cybercriminal developer known as “Loadbaks” announced the release of Vidar Stealer v2.0 on underground forums, introducing a sophisticated information-stealing malware that employs direct memory injection to bypass modern browser security prote…GBHACKERS.COM
22 OctResearchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor MalwareGovernment, financial, and industrial organizations located in Asia, Africa, and Latin America are the target of a new campaign dubbed PassiveNeuron, according to findings from Kaspersky. The cyber espionage activity was first flagged by the Russian cybersecurity vendor in Novemb…THEHACKERNEWS.COM
22 OctSecurity That Sticks: Shaping Human Behavior - Nicole Jiang, Rinki Sethi - BSW #418As the Verizon Data Breach Investigations Report has stated year after year, most breaches start with human error. We've invested a lot in Security Awareness and Training and Phishing solutions, but yet human error is still the top risk. How do we actually reduce human risk? Rink…YOUTUBE.COM
22 Oct4 factors creating bottlenecks for enterprise GenAI adoptionThere’s a significant gap between the potential value of AI and the measurable value that enterprises have only recently begun to experience. The launch of ChatGPT in 2022 triggered a massive shift in how companies perceive AI. Pilots were launched. Promises of high returns were …CSOONLINE.COM
22 OctBitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive DataIn a newly uncovered campaign, the threat group known as Bitter—also tracked as APT-Q-37—has leveraged both malicious Office macros and a previously undocumented WinRAR path traversal vulnerability to deliver a C# backdoor and siphon sensitive information. Researchers at Qi’anxin…GBHACKERS.COM
22 OctWhy You Should Swap Passwords for PassphrasesThe advice didn't change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But more recent guidance shows our focus should be on password length, rather than compl…THEHACKERNEWS.COM
22 OctFailures in Face RecognitionInteresting article on people with nonstandard faces and how facial recognition systems fail for them. Some of those living with facial differences tell WIRED they have undergone multiple surgeries and experienced stigma for their entire lives, which is now being echoed by the te…SCHNEIER.COM
22 OctWhat Makes a Great Field CXO: Lessons from the Front LinesIf you are recruiting for a Field CISO, Field CTO, etc., or are looking to leverage a resource at your company in one of these roles, what are some things you should be aware of? The post What Makes a Great Field CXO: Lessons from the Front Lines appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctHackers Use ASP.NET Machine Keys to Break Into IIS, Push Malicious ExtensionsIn September 2025, Texas A&M University System (TAMUS) Cybersecurity, a managed detection and response provider, in collaboration with Elastic Security Labs, uncovered a sophisticated post-exploitation campaign by a Chinese-speaking threat actor. Using this method, the attack…GBHACKERS.COM
22 OctHackers Exploit Microsoft 365 Direct Send to Evade Filters and Steal DataCybercriminals are increasingly exploiting a legitimate Microsoft 365 feature designed for enterprise convenience, turning Exchange Online’s Direct Send into a dangerous vector for phishing campaigns and business email compromise attacks. Security researchers across the ind…GBHACKERS.COM
22 OctBridging the Remediation Gap: Introducing Pentera ResolveFrom Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with differen…THEHACKERNEWS.COM
22 Oct‘I am not a robot’: Russian hackers use fake CAPTCHA lures to deploy espionage toolsRussian state-backed hackers are using fake “I am not a robot” CAPTCHA pages to deliver new strains of espionage malware, according to Google Cloud’s Threat Intelligence Group (GTIG), marking a fresh evolution in tactics by the ColdRiver group that has long targeted Western gover…CSOONLINE.COM
22 OctGoogle ‘Careers’ scam lands job seekers in credential trapsScammers have begun impersonating outreach from Google’s “Careers” division to trick targets into giving away their credentials. According to a Sublime Security finding, the attackers are sending messages that appear to come from Google’s recruiting team — asking “Are you open to…CSOONLINE.COM
22 OctThreat Actors Exploiting Azure Blob Storage to Breach Organizational RepositoriesThreat actors are increasingly targeting Azure Blob Storage, Microsoft’s flagship object storage solution, to infiltrate organizational repositories and disrupt critical workloads. With its capacity to handle exabytes of unstructured data for AI, high performance computing, analy…GBHACKERS.COM
22 OctCISA confirms hackers exploited Oracle E-Business Suite SSRF flawsubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/cisa-confirms-hackers-exploited-oracle-e-business-suite-ssrf-flaw/SH.ITJUST.WORKS
22 OctChinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July PatchThreat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025. Also targeted were government departments in an African coun…THEHACKERNEWS.COM
22 OctFileless Remcos Attacks: Injecting Malicious Code into RMClient to Evade EDRCyberProof researchers detected a significant surge in Remcos (Remote Control & Surveillance Software) campaigns throughout September and October 2025, exploiting sophisticated fileless techniques to evade endpoint detection and response (EDR) solutions. By leveraging highly …GBHACKERS.COM
22 OctCritical Vulnerabilities Patched in TP-Link’s Omada GatewaysOne of the flaws can be exploited by remote unauthenticated attackers for arbitrary command execution. The post Critical Vulnerabilities Patched in TP-Link’s Omada Gateways appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctAzure Apps Vulnerability Lets Hackers Create Malicious Apps Mimicking Microsoft Teamssubmitted by kid to cybersecurity 2 points | 0 comments https://cybersecuritynews.com/azure-apps-vulnerability/SH.ITJUST.WORKS
22 OctHackers exploit 34 zero-days on first day of Pwn2Own Irelandsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/hackers-exploit-34-zero-days-on-first-day-of-pwn2own-ireland/SH.ITJUST.WORKS
22 OctTARmageddon Flaw in Popular Rust Library Leads to RCEThe vulnerability impacts multiple Rust tar parsers, allowing attackers to smuggle additional archive entries. The post TARmageddon Flaw in Popular Rust Library Leads to RCE appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctAlert: Watch Out For Phishing Attacks in the Wake of the AWS OutageCybernews warns that threat actors will likely take advantage of the recent AWS outage to launch phishing attacks against affected users.KNOWBE4.COM
22 OctCybercriminals turn on each other: the story of Lumma Stealer’s collapseNormally when we write about a malware operation being disrupted, it's because it has been shut down by law enforcement. But in the case of Lumma Stealer, a notorious malware-as-a-service (MaaS) operation used to steal passwords and sensitive data, it appears to have been sabotag…FORTRA.COM
22 OctTARmageddon flaw in abandoned Rust library enables RCE attacksA high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. [...]BLEEPINGCOMPUTER.COM
22 OctUkraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF FilesCybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine's war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2). The activity,…THEHACKERNEWS.COM
22 OctOracle Quarterly Critical Patches Issued October 21, 2025Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.CISECURITY.ORG
22 OctPwn2Own Day 2: Hackers exploit 56 zero-days for $790,000Security researchers collected $792,750 in cash after exploiting 56​​​​​​​ unique zero-day vulnerabilities during the second day of the Pwn2Own Ireland 2025 hacking competition. [...]BLEEPINGCOMPUTER.COM
22 OctAttackers Abuse Grok to Spread Phishing LinksThreat actors are abusing X’s generative AI bot Grok to spread phishing links, according to researchers at ESET. The attackers achieve this by tricking Grok into thinking it’s answering a question, and providing a link in its answer.KNOWBE4.COM
22 OctRisky Business #811 -- F5 is the tip of the crap software icebergIn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: China has been rummaging in F5’s networks for a couple of years Meanwhile China tries to deflect by accusing the NSA of hacking its national timing system Salesforce hackers use th…RISKY.BIZ
📢 SECURITY ADVISORIES 8[−]
22 OctPhantomCaptcha ClickFix attack targets Ukraine war relief orgsA spearphishing attack that lasted a single day targeted members of the Ukrainian regional government administration and organizations critical for the war relief effort in Ukraine, including the International Committee of the Red Cross, UNICEF, and various NGOs. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 10[−]
22 OctRansomware-Attacke auf Nickelhütte AueCyberkriminelle haben die Büro-IT der Nickelhütte Aue lahmgelegt. Andrey_Popov – shutterstock.com Wie die Nickelhütte Aue auf ihrer Webseite mitteilt , haben Cyberkriminelle die Büro-IT angegriffen und Daten verschlüsselt. Infolgedessen komme es derzeit zu Beeinträchtigungen der …CSOONLINE.COM
22 OctFencing and Pet Company Jewett-Cameron Hit by RansomwareJewett-Cameron Company says hackers stole sensitive information and are threatening to release it unless a ransom is paid. The post Fencing and Pet Company Jewett-Cameron Hit by Ransomware appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctRansomware Payouts Surge to $3.6m Amid Evolving Tactics - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/ransomware-payouts-surge-dollar36m/SH.ITJUST.WORKS
22 Oct'PassiveNeuron' Cyber Spies Attack With Custom Malwaresubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cyberattacks-data-breaches/-passiveneuron-cyber-spies-target-industrial-financial-orgsSH.ITJUST.WORKS
22 OctFake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet KeysCybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims' cryptocurrency wallet keys. The package, Netherеum.All, has been found to…THEHACKERNEWS.COM
22 OctFinWise data breach shows why encryption is your last defenseThe FinWise breach shows that when insider threats strike, encryption is the last line of defense. Penta Security's D.AMO platform unites encryption, key management, and access control to keep sensitive data secure. [...]BLEEPINGCOMPUTER.COM
22 OctThe CISO imperative: Building resilience in an era of accelerated cyberthreatsThe latest Microsoft Digital Defense Report 2025 paints a vivid picture of a cyberthreat landscape in flux. The surge in financially motivated cyberattacks and the persistent risk of nation-state actors demand urgent attention. But for those of us in the Office of the CISO, the r…MICROSOFT.COM
22 OctIran-Linked MuddyWater Targets 100+ Organisations in Global Espionage CampaignThe Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 gover…THEHACKERNEWS.COM
22 Oct10M Columbia NYU UMN hacked databases by state sponsored racists with gov tools in NYC biggest strikesubmitted by mandatstory to cybersecurity 1 points | 0 comments https://web.archive.org/web/20251022141927/https://medium.com/@newyork202511/tim-walz-paid-nazis-300m-for-10-million-people-terrorized-at-umn-nyu-columbia-after-sacrificing-386faaae5e78 twice removed off topic, once …SH.ITJUST.WORKS
22 OctMalicious NuGet Packages Typosquat Nethereum to Exfiltrate Wallet Keyssubmitted by kid to cybersecurity 1 points | 0 comments https://socket.dev/blog/malicious-nuget-packages-typosquat-nethereum-to-exfiltrate-wallet-keysSH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 20[−]
22 OctISC Stormcast For Wednesday, October 22nd, 2025 https://isc.sans.edu/podcastdetail/9666, (Wed, Oct 22nd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
22 OctMY TAKE: Sam Altman is wielding OpenAI to usurp the browser, seize the user interface crownSomething quietly consequential just happened in Silicon Valley. Related: The new workflow cadences of GenAI At OpenAI’s first-ever developer conference, CEO Sam Altman showcased a new capability inside ChatGPT: the ability to interact directly with apps — no browser, no … …LASTWATCHDOG.COM
22 OctNew Rust Malware “ChaosBot” Hides Command-and-Control Inside DiscordA sophisticated, Rust-based malware dubbed ChaosBot has been exposed utilizing the Discord platform for its Command and Control (C2) operations. This isn’t your average botnet; it’s a new generation of threat that hides its malicious traffic by communicating over the …GBHACKERS.COM
22 OctMillions of Credentials Stolen Each Day by Stealer MalwareThe cybercrime ecosystem surrounding stealer malware has reached unprecedented scale, with threat actors now processing millions of stolen credentials daily through sophisticated distribution networks. Security researchers have been monitoring these operations for nearly a year, …GBHACKERS.COM
22 OctGlassWorm: First Self-Propagating Worm Using Invisible Code Hits OpenVSX Marketplacesubmitted by Linsensuppe to cybersecurity 1 points | 0 comments https://www.koi.ai/blog/glassworm-first-self-propagating-worm-using-invisible-code-hits-openvsx-marketplaceINFOSEC.PUB
22 OctOracle Releases October 2025 PatchesThe Critical Patch Update contains 374 new security patches that resolve many vulnerabilities. The post Oracle Releases October 2025 Patches appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctRussian APT Switches to New Backdoor After Malware Exposed by ResearchersStar Blizzard started using the NoRobot (BaitSwitch) and MaybeRobot (SimpleFix) malware after public reporting on the LostKeys malware. The post Russian APT Switches to New Backdoor After Malware Exposed by Researchers appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctSharkStealer Adopts EtherHiding Technique for C2 Communication EvasionSharkStealer, a Golang-based information stealer, has been observed leveraging the Binance Smart Chain (BSC) Testnet as a covert dead-drop mechanism for command-and-control (C2) communications. By adopting an “EtherHiding” pattern, the malware retrieves encrypted C2 details from …GBHACKERS.COM
22 OctKeycard Emerges From Stealth Mode With $38 Million in FundingThe company’s IAM platform identifies AI agents, supports assigning permission to them, and tracks all activity. The post Keycard Emerges From Stealth Mode With $38 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
22 OctSharepoint ToolShell attacks targeted orgs across four continentssubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/sharepoint-toolshell-attacks-targeted-orgs-across-four-continents/SH.ITJUST.WORKS
22 OctThreat Actors Advancing Email Phishing Attacks to Bypass Security FiltersCybercriminals continue to evolve their email phishing arsenals, reviving legacy tactics while layering on advanced evasions to slip past automated filters and human scrutiny. In 2025, attackers are noted tried-and-true approaches—like password-protected attachments and calendar …GBHACKERS.COM
22 OctTP-Link warns of critical command injection flaw in Omada gatewayssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/tp-link-warns-of-critical-command-injection-flaw-in-omada-gateways/SH.ITJUST.WORKS
22 OctCursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilitiessubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/cursor-windsurf-ides-riddled-with-94-plus-n-day-chromium-vulnerabilities/SH.ITJUST.WORKS
22 OctPerpatrator of all NYC major terror NYU Columbia UMN 10M in control of sacrificed Brian Thompsonsubmitted by mandatstory to cybersecurity 0 points | 0 comments https://web.archive.org/web/20251022141927/https://medium.com/@newyork202511/tim-walz-paid-nazis-300m-for-10-million-people-terrorized-at-umn-nyu-columbia-after-sacrificing-386faaae5e78 cross-posted from: lemmy.world…SH.ITJUST.WORKS
22 OctBuilding Trust in the Digital Age: How Financial Services Can Balance Security and SpeedIn the high-stakes world of financial services, trust is the cornerstone of every client relationship. But here's the challenge that keeps financial leaders up at night: how do you maintain the stringent security clients demand while delivering the rapid response they expect? It'…KNOWBE4.COM
22 OctThe Rise of Collaborative Tactics Among China-aligned Cyber Espionage CampaignsTrend™ Research examines the complex collaborative relationship between China-aligned APT groups via the new “Premier Pass-as-a-Service” model, exemplified by the recent activities of Earth Estries and Earth Naga.TRENDMICRO.COM
22 OctAttackers target retailers’ gift card systems using cloud-only techniques - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/10/22/cloud-based-techniques-gift-card-fraud/SH.ITJUST.WORKS
22 OctUnmasking MuddyWater’s New Malware Toolkit Driving International Espionagesubmitted by kid to cybersecurity 1 points | 0 comments https://www.group-ib.com/blog/muddywater-espionage/SH.ITJUST.WORKS
22 OctIranian hackers targeted over 100 govt orgs with Phoenix backdoorState-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. [...]BLEEPINGCOMPUTER.COM
22 OctTop security researcher shares their bug bounty processFor this year’s Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen! The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog .GITHUB.BLOG
🌐 CYBER THREAT LANDSCAPE 1[−]
22 OctSnakeStealer: How it preys on personal data – and how you can protect yourselfHere’s what to know about the malware with an insatiable appetite for valuable data, so much so that it tops this year's infostealer detection chartsWELIVESECURITY.COM
🎙️ PODCASTS 2[−]
22 OctSam Altman’s eye-scanning orb promises to prove humanity in the age of AI botsEver wonder if you’re talking to a real person online or just another bot? As bots increasingly outnumber humans online, leading to an explosion of deepfakes and AI-driven fraud, one company has a solution straight out of sci-fi: scanning your iris to verify your identity.  …TECHCRUNCH.COM
22 OctSmashing Security podcast #440: How to hack a prison, and the hidden threat of online checkoutsA literal insider threat: we head to a Romanian prison where “self-service” web kiosks allowed inmates to run wild. Then we head to the checkout aisle to ask why JavaScript on payment pages went feral, and how new PCI DSS rules are finally muzzling Magecart-style skimmers. Plus: …GRAHAMCLULEY.COM
📡 INFOSEC NEWS 4[−]
22 OctWe need secure products as much as we need security productsBuyers need to demand better.SOPHOS.COM
22 OctMeta launches new anti-scam tools for WhatsApp and MessengerMeta has announced new tools to help WhatsApp and Messenger users protect themselves from potential scams and secure their accounts. [...]BLEEPINGCOMPUTER.COM
22 OctCanada Fines Cybercrime Friendly Cryptomus $176MFinancial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada's anti money-laundering laws …KREBSONSECURITY.COM
22 OctTrend Micro Recognized as a Leader in The Forrester Wave™ 2025 for NAVUnified visibility, proactive intelligence, and proven leadership in network analysis and visibility.TRENDMICRO.COM