MATLOCK.CA
92Articles
8Categories
2025-10-24Date
🚨
CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability CVE-2025-59287 Microsoft Windows Server Update Service (WSUS) …
KEVCISA.GOV — Fri, 24 Oct 25 1
🚨
Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287Microsoft released an update to address a critical remote code execution vulnerability impacting Windows Server Update Service (WSUS) in Windows Server (2012, 2016, 2019, 2022, and 2025), CVE-2025-59287 , that a prior update did not fully mitigate.  CISA strongly urges organ…
KEVCISA.GOV — Fri, 24 Oct 25 1
πŸ›
CVE-2022-49173 spi: fsi: Implement a timeout for polling status
MSRC.MICROSOFT.COM — 24 Oct 2025
πŸ›
CVE-2022-49469 btrfs: fix anon_dev leak in create_subvol()
MSRC.MICROSOFT.COM — 24 Oct 2025
πŸ›
CVE-2022-49543 ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
MSRC.MICROSOFT.COM — 24 Oct 2025
πŸ›
CVE-2022-49552 bpf: Fix combination of jit blinding and pointers to bpf subprogs.
MSRC.MICROSOFT.COM — 24 Oct 2025
πŸ›
CVE-2022-49562 KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
MSRC.MICROSOFT.COM — 24 Oct 2025
πŸ›
CVE-2022-49610 KVM: VMX: Prevent RSB underflow before vmenter
MSRC.MICROSOFT.COM — 24 Oct 2025
πŸ›
CVE-2022-49635 drm/i915/selftests: fix subtraction overflow bug
MSRC.MICROSOFT.COM — 24 Oct 2025
πŸ›
CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section
MSRC.MICROSOFT.COM — 24 Oct 2025
πŸ›
CVE-2025-62813 LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.
MSRC.MICROSOFT.COM — 24 Oct 2025
πŸ›
Microsoft Releases Urgent Fix for Windows Server Update Services RCE FLaw
GBHACKERS.COM — 24 Oct 2025
πŸ›
Critical Windows Server WSUS Vulnerability Exploited in the Wild
KEVSECURITYWEEK.COM — 24 Oct 2025
πŸ›
Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability
KEVTHEHACKERNEWS.COM — 24 Oct 2025
πŸ›
AL25-015 - Vulnerability impacting Microsoft Windows Server Update Services - CVE-2025-59287
CYBER.GC.CA — 2025-10-24
πŸ›
Critical Microsoft WSUS flaw exploited in wild after insufficient patch
KEVCSOONLINE.COM — 24 Oct 2025
⚠️
AI browsers can be abused by malicious AI sidebar extensions: Report
CSOONLINE.COM — 24 Oct 2025
⚠️
Hackers Exploit Galaxy S25 0-Day to Turn On Camera and Track Users
GBHACKERS.COM — 24 Oct 2025
⚠️
Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland
BLEEPINGCOMPUTER.COM — 24 Oct 2025
⚠️
YouTube Ghost Malware Campaign: Over 3,000 Infected Videos Target Users
GBHACKERS.COM — 24 Oct 2025
⚠️
Microsoft Boosts Windows Security by Disabling File Previews for Downloads
GBHACKERS.COM — 24 Oct 2025
⚠️
Windows Server emergency patches fix WSUS bug with PoC exploit
BLEEPINGCOMPUTER.COM — 24 Oct 2025
⚠️
Malicious NuGet Packages Pose as Nethereum, Steal Crypto Wallet Keys
GBHACKERS.COM — 24 Oct 2025
⚠️
Pwn2Own WhatsApp Hacker Says Exploit Privately Reported to Meta
SECURITYWEEK.COM — 24 Oct 2025
⚠️
Quantum resistance and the Signal Protocol: From PQXDH to Triple Ratchet
CSOONLINE.COM — 24 Oct 2025
⚠️
IIS Servers Hijacked via Exposed ASP.NET Machine Keys β€” Malicious Modules Injected in the Wild
GBHACKERS.COM — 24 Oct 2025
⚠️
New RedTiger Tool Targets Gamers and Discord Accounts in the Wild
GBHACKERS.COM — 24 Oct 2025
⚠️
Der Weg zur CPS-Resilienz
CSOONLINE.COM — 24 Oct 2025
⚠️
New PDF Tool Detects Malicious Files Using PDF Object Hashing
GBHACKERS.COM — 24 Oct 2025
⚠️
The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently
THEHACKERNEWS.COM — 24 Oct 2025
⚠️
Lazarus group targets European drone makers in new espionage campaign
CSOONLINE.COM — 24 Oct 2025
⚠️
Vault Viper Exploits Online Gambling Websites Using Custom Browser to Install Malicious Program
GBHACKERS.COM — 24 Oct 2025
⚠️
Windows Server emergency patches fix WSUS bug with PoC exploit
SH.ITJUST.WORKS — 24 Oct 2025
⚠️
UN agreement on cybercrime criticized over risks to cybersecurity researchers
CSOONLINE.COM — 24 Oct 2025
⚠️
Critical WSUS flaw in Windows Server now exploited in attacks
BLEEPINGCOMPUTER.COM — 24 Oct 2025
⚠️
Why Threat Actors Succeed
PALOALTONETWORKS.COM — 24 Oct 2025
⚠️
Hackers launch mass attacks exploiting outdated WordPress plugins
BLEEPINGCOMPUTER.COM — 24 Oct 2025
⚠️
Top 10 Best Breach And Attack Simulation (BAS) Vendors in 2025
GBHACKERS.COM — 24 Oct 2025
⚠️
A Vulnerability in Microsoft Windows Server Update Services (WSUS) Could Allow for Remote Code Execution
CISECURITY.ORG — 24 Oct 2025
πŸ“’
Scammers try to trick LastPass users into giving up credentials by telling them they’re dead
CSOONLINE.COM — 24 Oct 2025
πŸ“’
Cybersecurity Awareness Month 2025: Cyber-risk thrives in the shadows
WELIVESECURITY.COM — 24 Oct 2025
πŸ”₯
AI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser Sidebars
GBHACKERS.COM — 24 Oct 2025
πŸ”₯
Cybersecurity Today: New Threats from AI and Code Extensions
CYBERSECURITYTODAY.LIBSYN.COM — 24 Oct 2025
πŸ”₯
Linux RATs on Windows: Ransomware Actors Target VMware Deployments
GBHACKERS.COM — 24 Oct 2025
πŸ”₯
Hackers Steal Microsoft Teams Chats & Emails by Grabbing Access Tokens
GBHACKERS.COM — 24 Oct 2025
πŸ”₯
Ransomware recovery perils: 40% of paying victims still lose their data
CSOONLINE.COM — 24 Oct 2025
πŸ”₯
Formel 1 betroffen: Cyberattacke auf Fahrer-Portal
CSOONLINE.COM — 24 Oct 2025
πŸ”₯
Toys β€œR” Us Canada Data Breach Exposes Customer Personal Information
GBHACKERS.COM — 24 Oct 2025
πŸ”₯
Ransomware Actors Targeting Global Public Sectors and Critical Infrastructure
GBHACKERS.COM — 24 Oct 2025
πŸ”₯
Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
SH.ITJUST.WORKS — 24 Oct 2025
πŸ”₯
Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques | Trend Micro (US)
SH.ITJUST.WORKS — 24 Oct 2025
πŸ”₯
Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More
SH.ITJUST.WORKS — 24 Oct 2025
πŸ”₯
Cyber incidents in Texas, Tennessee and Indiana impacting critical government services | The Record from Recorded Future News
SH.ITJUST.WORKS — 24 Oct 2025
πŸ”₯
LockBit 5.0 Targets Windows, Linux, and ESXi Systems in Ongoing Attacks
GBHACKERS.COM — 24 Oct 2025
πŸ”₯
Cyberattack on Russia’s food safety agency reportedly disrupts product shipments
SH.ITJUST.WORKS — 24 Oct 2025
πŸ”₯
Toys β€œR” Us Canada warns customers' info leaked in data breach
SH.ITJUST.WORKS — 24 Oct 2025
πŸ”₯
Fake LastPass death claims used to breach password vaults
BLEEPINGCOMPUTER.COM — 24 Oct 2025
πŸ”₯
Top 10 Best Security Operations Center (SOC) as a Service Providers in 2025
GBHACKERS.COM — 24 Oct 2025
πŸ”₯
Top 10 Best Cyber Threat Intelligence Companies in 2025
GBHACKERS.COM — 24 Oct 2025
πŸ”₯
Top 10 Best Digital Forensics And Incident Response (DFIR) Firms in 2025
GBHACKERS.COM — 24 Oct 2025
πŸ•΅οΈ
ISC Stormcast For Friday, October 24th, 2025 https://isc.sans.edu/podcastdetail/9670, (Fri, Oct 24th)
ISC.SANS.EDU — 24 Oct 2025
πŸ•΅οΈ
TIL that PortSwigger is a joke
INFOSEC.PUB — 24 Oct 2025
πŸ•΅οΈ
New Phishing Wave Uses OAuth Prompts to Take Over Microsoft Accounts
GBHACKERS.COM — 24 Oct 2025
πŸ•΅οΈ
Phishing Campaign Uses Unique UUIDs to Evade Secure Email Gateways
GBHACKERS.COM — 24 Oct 2025
πŸ•΅οΈ
North Korean Hackers Target UAV Industry to Steal Confidential Data
GBHACKERS.COM — 24 Oct 2025
πŸ•΅οΈ
Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks
SECURITYWEEK.COM — 24 Oct 2025
πŸ•΅οΈ
Part Four of The Kryptos Sculpture
SCHNEIER.COM — 2025-10-24
πŸ•΅οΈ
Toys β€˜R’ Us Canada Customer Information Leaked Online
SECURITYWEEK.COM — 24 Oct 2025
πŸ•΅οΈ
Mideast, African Hackers Target Gov'ts, Banks, Small Retailers
SH.ITJUST.WORKS — 24 Oct 2025
πŸ•΅οΈ
Google Warns of Cybercriminals Using Fake Job Postings to Spread Malware and Steal Credentials
GBHACKERS.COM — 24 Oct 2025
πŸ•΅οΈ
In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia
SECURITYWEEK.COM — 24 Oct 2025
πŸ•΅οΈ
New Google TAG report: How Commercial Surveillance Vendors work
SH.ITJUST.WORKS — 24 Oct 2025
πŸ•΅οΈ
Lazarus Group’s Operation DreamJob Targets European Defense Firms - Infosecurity Magazine
SH.ITJUST.WORKS — 24 Oct 2025
πŸ•΅οΈ
Telegram Messenger Abused by Android Malware to Seize Full Device Control
GBHACKERS.COM — 24 Oct 2025
πŸ•΅οΈ
North Korean Hackers Aim at European Drone Companies
SECURITYWEEK.COM — 24 Oct 2025
πŸ•΅οΈ
Arsen Launches Smishing Simulation to Help Companies Defend Against Mobile Phishing Threats
GBHACKERS.COM — 24 Oct 2025
πŸ•΅οΈ
Amazon Reveals Technical Fault Behind Widescale AWS Service Outage
GBHACKERS.COM — 24 Oct 2025
πŸ•΅οΈ
Hackers Target Perplexity Comet Browser Users
SECURITYWEEK.COM — 24 Oct 2025
πŸ•΅οΈ
Researchers expose large-scale YouTube malware distribution network - Help Net Security
SH.ITJUST.WORKS — 24 Oct 2025
πŸ•΅οΈ
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
THEHACKERNEWS.COM — 24 Oct 2025
πŸ•΅οΈ
Phishing Campaign Impersonates Google Careers Recruiters
KNOWBE4.COM — 24 Oct 2025
πŸ•΅οΈ
Spoofed AI sidebars can trick Atlas, Comet users into dangerous actions
SH.ITJUST.WORKS — 24 Oct 2025
πŸ•΅οΈ
Friday Squid Blogging: β€œEl Pulpo The Squid”
SCHNEIER.COM — 2025-10-24
πŸ•΅οΈ
News alert: Arsen rolls out β€˜Smishing Simulation’ to strengthen defenses against mobile phishing threats
LASTWATCHDOG.COM — 24 Oct 2025
🌐
Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack
THEHACKERNEWS.COM — 24 Oct 2025
🌐
3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation
THEHACKERNEWS.COM — 24 Oct 2025
πŸ“‘
Phishing Cloud Account for Information, (Thu, Oct 23rd)
ISC.SANS.EDU — 24 Oct 2025
πŸ“‘
Locking it down: A new technique to prevent LLM jailbreaks
SOPHOS.COM — 24 Oct 2025
πŸ“‘
Mozilla: New Firefox extensions must disclose data collection practices
BLEEPINGCOMPUTER.COM — 24 Oct 2025
πŸ“‘
How to reduce costs with self-service password resets
BLEEPINGCOMPUTER.COM — 24 Oct 2025
πŸ“‘
Amazon: This week’s AWS outage caused by major DNS failure
BLEEPINGCOMPUTER.COM — 24 Oct 2025
πŸ“‘
Privacy rankings of popular messaging apps in 2025 | Kaspersky official blog
KASPERSKY.COM — 24 Oct 2025