🚨 CISA KEV 2[−]
24 Oct KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability CVE-2025-59287 Microsoft Windows Server Update Service (WSUS) …CISA.GOV
24 Oct KEVMicrosoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287Microsoft released an update to address a critical remote code execution vulnerability impacting Windows Server Update Service (WSUS) in Windows Server (2012, 2016, 2019, 2022, and 2025), CVE-2025-59287 , that a prior update did not fully mitigate. CISA strongly urges organ…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 14[−]
24 OctCVE-2022-49173 spi: fsi: Implement a timeout for polling statusInformation published.MSRC.MICROSOFT.COM
24 OctCVE-2022-49469 btrfs: fix anon_dev leak in create_subvol()Information published.MSRC.MICROSOFT.COM
24 OctCVE-2022-49543 ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()Information published.MSRC.MICROSOFT.COM
24 OctCVE-2022-49552 bpf: Fix combination of jit blinding and pointers to bpf subprogs.Information published.MSRC.MICROSOFT.COM
24 OctCVE-2022-49562 KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bitsInformation published.MSRC.MICROSOFT.COM
24 OctCVE-2022-49610 KVM: VMX: Prevent RSB underflow before vmenterInformation published.MSRC.MICROSOFT.COM
24 OctCVE-2022-49635 drm/i915/selftests: fix subtraction overflow bugInformation published.MSRC.MICROSOFT.COM
24 OctCVE-2025-11411 Possible domain hijacking via promiscuous records in the authority sectionInformation published.MSRC.MICROSOFT.COM
24 OctCVE-2025-62813 LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.Information published.MSRC.MICROSOFT.COM
24 OctMicrosoft Releases Urgent Fix for Windows Server Update Services RCE FLawMicrosoft has released a critical security patch to address a severe remote code execution vulnerability affecting Windows Server Update Services (WSUS). The flaw, tracked as CVE-2025-59287, poses an immediate threat to organizations managing Windows updates across their infrastr…GBHACKERS.COM
24 Oct KEVCritical Windows Server WSUS Vulnerability Exploited in the WildCVE-2025-59287 allows a remote, unauthenticated attacker to execute arbitrary code and a PoC exploit is available. The post Critical Windows Server WSUS Vulnerability Exploited in the Wild appeared first on SecurityWeek .SECURITYWEEK.COM
24 Oct KEVMicrosoft Issues Emergency Patch for Actively Exploited Critical WSUS VulnerabilityMicrosoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question i…THEHACKERNEWS.COM
24 OctAL25-015 - Vulnerability impacting Microsoft Windows Server Update Services - CVE-2025-59287CYBER.GC.CA
24 Oct KEVCritical Microsoft WSUS flaw exploited in wild after insufficient patchMicrosoft released out-of-band patches on Thursday to “comprehensively” fix a critical vulnerability in the Windows Server Update Service (WSUS) after the first patches released on Oct. 14 proved insufficient. Attackers exploited the vulnerability in the wild after a detailed vul…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 23[−]
24 OctAI browsers can be abused by malicious AI sidebar extensions: ReportAI browsers may be smart, but they’re not smart enough to block a common threat: Malicious extensions. That’s the conclusion of researchers at SquareX, who on Thursday released a report showing how attackers can exploit AI sidebars through compromised browser extensions. This att…CSOONLINE.COM
24 OctHackers Exploit Galaxy S25 0-Day to Turn On Camera and Track UsersA critical zero-day vulnerability in Samsung’s flagship Galaxy S25 smartphone was successfully exploited at Pwn2Own Ireland 2025, demonstrating how attackers could silently activate the device’s camera and track a user’s real-time location. Security researchers …GBHACKERS.COM
24 OctHackers earn $1,024,750 for 73 zero-days at Pwn2Own IrelandThe Pwn2Own Ireland 2025 hacking competition has ended with security researchers collecting $1,024,750 in cash awards after exploiting 73 zero-day vulnerabilities. [...]BLEEPINGCOMPUTER.COM
24 OctYouTube Ghost Malware Campaign: Over 3,000 Infected Videos Target UsersCheck Point Research has uncovered a massive malware distribution operation called the YouTube Ghost Network, featuring over 3,000 malicious videos designed to infect unsuspecting users with dangerous information-stealing malware. This sophisticated cybercriminal network has been…GBHACKERS.COM
24 OctMicrosoft Boosts Windows Security by Disabling File Previews for DownloadsMicrosoft has rolled out a significant security enhancement to Windows File Explorer, automatically disabling the preview pane for files downloaded from the internet as part of security updates released on and after October 14, 2025. This proactive measure targets a long-standing…GBHACKERS.COM
24 OctWindows Server emergency patches fix WSUS bug with PoC exploitMicrosoft has released out-of-band (OOB) security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with publicly available proof-of-concept exploit code. [...]BLEEPINGCOMPUTER.COM
24 OctMalicious NuGet Packages Pose as Nethereum, Steal Crypto Wallet KeysSocket’s Threat Research Team has uncovered a sophisticated supply chain attack targeting cryptocurrency developers through the NuGet package registry. The malicious packages, which exfiltrate sensitive wallet data including private keys and mnemonics, highlight a critical …GBHACKERS.COM
24 OctPwn2Own WhatsApp Hacker Says Exploit Privately Reported to MetaQuestions have been raised over the technical viability of the purported WhatsApp exploit, but the researcher says he wants to keep his identity private. The post Pwn2Own WhatsApp Hacker Says Exploit Privately Reported to Meta appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctQuantum resistance and the Signal Protocol: From PQXDH to Triple RatchetThe advent of quantum computing poses a significant threat to modern digital communication security, which relies on cryptographic protocols that are vulnerable to quantum attacks. This piece explores Signal Protocol’s proactive measures to achieve quantum resistance. It details …CSOONLINE.COM
24 OctIIS Servers Hijacked via Exposed ASP.NET Machine Keys — Malicious Modules Injected in the WildSecurity researchers have uncovered a sophisticated cyberattack campaign that exploited publicly exposed ASP.NET machine keys to compromise hundreds of Internet Information Services (IIS) servers worldwide. The operation, detected in late August and early September 2025, deployed…GBHACKERS.COM
24 OctNew RedTiger Tool Targets Gamers and Discord Accounts in the WildGamers face a growing threat from cybercriminals exploiting popular gaming and communication platforms. A dangerous infostealer called RedTiger is now actively circulating in the wild, specifically designed to steal Discord credentials, gaming accounts, and sensitive financial in…GBHACKERS.COM
24 OctDer Weg zur CPS-Resilienzsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_2608026877.jpg?quality=50&strip=all 3636w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_2608026877.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
24 OctNew PDF Tool Detects Malicious Files Using PDF Object HashingProofpoint has released a new open-source tool called PDF Object Hashing that helps security teams detect and track malicious files distributed as PDFs. The tool is now available on GitHub and represents a significant advancement in identifying suspicious documents used by threat…GBHACKERS.COM
24 OctThe Cybersecurity Perception Gap: Why Executives and Practitioners See Risk DifferentlyDoes your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even realize it. This disconnect matters. Small differences in perception today can …THEHACKERNEWS.COM
24 OctLazarus group targets European drone makers in new espionage campaignCybersecurity researchers from ESET have identified a new Lazarus Group campaign targeting European defense contractors, particularly those involved in unmanned aerial vehicle (UAV) development. According to ESET findings, the threat actors used fake job offers and trojanized ope…CSOONLINE.COM
24 OctVault Viper Exploits Online Gambling Websites Using Custom Browser to Install Malicious ProgramA major cybersecurity investigation has uncovered a sophisticated criminal operation called Vault Viper that exploits online gambling platforms to distribute a malicious custom browser with remote access capabilities. The threat actor, linked to the Baoying Group and connected to…GBHACKERS.COM
24 OctWindows Server emergency patches fix WSUS bug with PoC exploitsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/microsoft-releases-windows-server-emergency-updates-for-critical-wsus-rce-flaw/SH.ITJUST.WORKS
24 OctUN agreement on cybercrime criticized over risks to cybersecurity researchersCybersecurity researchers could face criminal charges for performing their legitimate work if the United Nations Convention against Cybercrime is ratified in a process beginning in Hanoi, Vietnam, this weekend, critics say. Tech industry group Cybersecurity Tech Accord said today…CSOONLINE.COM
24 OctCritical WSUS flaw in Windows Server now exploited in attacksAttackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code. [...]BLEEPINGCOMPUTER.COM
24 OctWhy Threat Actors SucceedLearn why threat actors succeed by exploiting security weaknesses. Defend against threats with integrated platforms, improved visibility and strong IAM. The post Why Threat Actors Succeed appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
24 OctHackers launch mass attacks exploiting outdated WordPress pluginsA widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). [...]BLEEPINGCOMPUTER.COM
24 OctTop 10 Best Breach And Attack Simulation (BAS) Vendors in 2025In the rapidly escalating cyber threat landscape of 2025, where attackers are more sophisticated and persistent than ever, a reactive security posture is no longer sufficient. Organizations worldwide are grappling with an expanding attack surface, the proliferation of advanced pe…GBHACKERS.COM
24 OctA Vulnerability in Microsoft Windows Server Update Services (WSUS) Could Allow for Remote Code ExecutionA vulnerability has been discovered in Microsoft Windows Server Update Services (WSUS) which could allow for remote code execution. WSUS is a tool that helps organizations manage and distribute Microsoft updates across multiple computers. Instead of every PC downloading updates f…CISECURITY.ORG
📢 SECURITY ADVISORIES 2[−]
24 OctScammers try to trick LastPass users into giving up credentials by telling them they’re deadAre you sure you’re still alive? If so, you may fall for a phishing scam aimed at getting the master login passwords of LastPass password manager users. OK, this sounds weird, but in some ways it isn’t. If a person dies, their immediate family may not know how to get into the dec…CSOONLINE.COM
24 OctCybersecurity Awareness Month 2025: Cyber-risk thrives in the shadowsShadow IT leaves organizations exposed to cyberattacks and raises the risk of data loss and compliance failuresWELIVESECURITY.COM
🔥 INCIDENT REPORTING 19[−]
24 OctAI Sidebar Spoofing Attack: SquareX Uncovers Malicious Extensions that Impersonate AI Browser SidebarsSquareX released critical research exposing a new class of attack targeting AI browsers. The AI Sidebar Spoofing attack leverages malicious browser extensions to impersonate trusted AI sidebar interfaces, which is used to trick users into executing dangerous commands that can lea…GBHACKERS.COM
24 OctCybersecurity Today: New Threats from AI and Code ExtensionsIn today's episode, host Jim Love discusses the discovery of the 'Glass Worm,' a self-spreading malware hidden in Visual Studio Code extensions downloaded over 35,000 times. The worm, hiding its malicious JavaScript in invisible unicode characters, steals developer credentials an…CYBERSECURITYTODAY.LIBSYN.COM
24 OctLinux RATs on Windows: Ransomware Actors Target VMware DeploymentsThe Agenda ransomware group has evolved its attack methodology with a sophisticated technique that deploys Linux ransomware variants directly on Windows systems, challenging traditional endpoint security controls. The attack represents a significant tactical evolution in ransomwa…GBHACKERS.COM
24 OctHackers Steal Microsoft Teams Chats & Emails by Grabbing Access TokensSecurity researchers have discovered a sophisticated method that allows attackers to steal access tokens from Microsoft Teams, potentially granting unauthorized access to sensitive corporate communications, emails, and SharePoint documents. The attack vector represents a signific…GBHACKERS.COM
24 OctRansomware recovery perils: 40% of paying victims still lose their dataTwo in five companies that pay cybercriminals for ransomware decryption fail to recover data as a result, according to a survey of 1,000s SMEs by insurance provider Hiscox. The survey also revealed that ransomware remains a major threat, with 27% of businesses surveyed reporting …CSOONLINE.COM
24 OctFormel 1 betroffen: Cyberattacke auf Fahrer-PortalCyberkriminelle hatten Zugriff auf die Daten eines Formel 1-Fahrers. Image Craft – shutterstock.com Hacker haben im Sommer unerlaubten Zugriff auf ein Fahrerportal des Internationalen Automobilverbandes (FIA) und damit auch auf Daten von Formel-1-Piloten gehabt. Das bestätigte ei…CSOONLINE.COM
24 OctToys “R” Us Canada Data Breach Exposes Customer Personal InformationToys “R” Us Canada has alerted its customers to a significant data breach that may have compromised personal information. The company sent notification emails to affected customers on Thursday morning, confirming that unauthorized access to their databases occurred. A…GBHACKERS.COM
24 OctRansomware Actors Targeting Global Public Sectors and Critical InfrastructureThe public sector faces an unprecedented cybersecurity crisis as ransomware actors intensify their assault on government entities worldwide. According to Trustwave’s SpiderLabs research team, nearly 200 public sector organizations have been struck with ransomware in 2025 al…GBHACKERS.COM
24 OctMedusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and Moresubmitted by kid to cybersecurity 3 points | 0 comments https://hackread.com/medusa-ransomware-comcast-data-leak/SH.ITJUST.WORKS
24 OctAgenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques | Trend Micro (US)submitted by kid to cybersecurity 2 points | 0 comments https://www.trendmicro.com/en_us/research/25/j/agenda-ransomware-deploys-linux-variant-on-windows-systems.htmlSH.ITJUST.WORKS
24 OctShadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and Moresubmitted by kid to cybersecurity 1 points | 0 comments https://hackread.com/shadow-escape-0-click-attack-ai-assistants-risk/SH.ITJUST.WORKS
24 OctCyber incidents in Texas, Tennessee and Indiana impacting critical government services | The Record from Recorded Future Newssubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/cyber-incidents-texas-tennessee-indianaSH.ITJUST.WORKS
24 OctLockBit 5.0 Targets Windows, Linux, and ESXi Systems in Ongoing AttacksAfter months of disruption following Operation Cronos in early 2024, the notorious LockBit ransomware group has resurfaced with renewed vigor and a formidable new arsenal. In September 2025 alone, researchers identified a dozen organizations targeted by the revived operation. Par…GBHACKERS.COM
24 OctCyberattack on Russia’s food safety agency reportedly disrupts product shipmentssubmitted by kid to cybersecurity 2 points | 0 comments https://therecord.media/russia-food-safety-agency-rosselkhoznadzor-ddos-attackSH.ITJUST.WORKS
24 OctToys “R” Us Canada warns customers' info leaked in data breachsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/toys-r-us-canada-warns-customers-info-leaked-in-data-breach/SH.ITJUST.WORKS
24 OctFake LastPass death claims used to breach password vaultsLastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. [...]BLEEPINGCOMPUTER.COM
24 OctTop 10 Best Security Operations Center (SOC) as a Service Providers in 2025In 2025, the digital landscape is more complex and perilous than ever. Organizations face an unrelenting barrage of sophisticated cyber threats, from advanced ransomware campaigns to nation-state-backed attacks. As a result, many are turning to SOC as a Service Providers to gain …GBHACKERS.COM
24 OctTop 10 Best Cyber Threat Intelligence Companies in 2025Organizations face a relentless onslaught of highly targeted, evasive, and economically motivated cyber threats. To combat this, they are increasingly relying on Cyber Threat Intelligence Companies. To effectively combat this dynamic landscape, simply reacting to incidents is no …GBHACKERS.COM
24 OctTop 10 Best Digital Forensics And Incident Response (DFIR) Firms in 2025In 2025, the complexity of cyberattacks demands more than just a quick fix; it requires a deep dive into the digital footprint left by adversaries and a methodical approach to recovery. For organizations facing such threats, partnering with the Best DFIR Companies is crucial. The…GBHACKERS.COM
🕵️ THREAT INTELLIGENCE 24[−]
24 OctISC Stormcast For Friday, October 24th, 2025 https://isc.sans.edu/podcastdetail/9670, (Fri, Oct 24th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
24 OctTIL that PortSwigger is a jokesubmitted by Deebster to cybersecurity 1 points | 0 comments The name, that is. I was curious if Burp Suite’s Dafydd Stuttard was Welsh, which led to his AMA video . PortSwigger was his handle when he was starting out, and was a pun about the fortified wine from Portugal and port…INFOSEC.PUB
24 OctNew Phishing Wave Uses OAuth Prompts to Take Over Microsoft AccountsA new phishing campaign is targeting Microsoft account holders by using a clever twist on OAuth authentication prompts. Instead of asking users to hand over their passwords directly, attackers are tricking people into granting permission to malicious applications through legitima…GBHACKERS.COM
24 OctPhishing Campaign Uses Unique UUIDs to Evade Secure Email GatewaysA sophisticated new phishing attack discovered in early February 2025 is successfully bypassing Secure Email Gateways (SEGs) and evading perimeter defenses through an ingenious combination of random domain selection, dynamic UUID generation, and browser session manipulation. The …GBHACKERS.COM
24 OctNorth Korean Hackers Target UAV Industry to Steal Confidential DataESET researchers have uncovered a sophisticated cyberespionage campaign targeting European defense companies specializing in unmanned aerial vehicle (UAV) technology. The attacks, attributed to the North Korea-aligned Lazarus group operating under Operation DreamJob, reveal a coo…GBHACKERS.COM
24 OctMicrosoft Disables Downloaded File Previews to Block NTLM Hash LeaksIn files downloaded from the internet, HTML tags referencing external paths could be used to leak NTLM hashes during file previews. The post Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctPart Four of The Kryptos SculptureTwo people found the solution . They used the power of research, not cryptanalysis, finding clues amongst the Sanborn papers at the Smithsonian’s Archives of American Art. This comes as an awkward time, as Sanborn is auctioning off the solution. There were legal threatsR…SCHNEIER.COM
24 OctToys ‘R’ Us Canada Customer Information Leaked OnlineThe customer information published on the dark web includes names, addresses, phone numbers, and email addresses. The post Toys ‘R’ Us Canada Customer Information Leaked Online appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctMideast, African Hackers Target Gov'ts, Banks, Small Retailerssubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/cybersecurity-analytics/mea-hackers-govts-finance-smb-retailersSH.ITJUST.WORKS
24 OctGoogle Warns of Cybercriminals Using Fake Job Postings to Spread Malware and Steal CredentialsGoogle’s Threat Intelligence Group (GTIG) has uncovered a sophisticated social engineering campaign orchestrated by financially motivated threat actors based in Vietnam. The ultimate objective is to compromise corporate advertising accounts and steal valuable credentials fo…GBHACKERS.COM
24 OctIn Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to RussiaOther noteworthy stories that might have slipped under the radar: Everest group takes credit for Collins Aerospace hack, Maryland launches VDP, gamers targeted with red teaming tool and RAT. The post In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec…SECURITYWEEK.COM
24 OctNew Google TAG report: How Commercial Surveillance Vendors worksubmitted by kid to cybersecurity 1 points | 0 comments https://blog.google/threat-analysis-group/commercial-surveillance-vendors-google-tag-report/SH.ITJUST.WORKS
24 OctLazarus Group’s Operation DreamJob Targets European Defense Firms - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/lazarus-groups-operation-dreamjob/SH.ITJUST.WORKS
24 OctTelegram Messenger Abused by Android Malware to Seize Full Device ControlSecurity researchers at Doctor Web have uncovered a sophisticated Android backdoor disguised as Telegram X that grants cybercriminals complete control over victims’ accounts and devices. The malware, identified as Android.Backdoor.Baohuo.1.origin, has already infected more …GBHACKERS.COM
24 OctNorth Korean Hackers Aim at European Drone CompaniesLazarus has used fake job offers in attacks targeting companies developing UAV technology, for information theft. The post North Korean Hackers Aim at European Drone Companies appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctArsen Launches Smishing Simulation to Help Companies Defend Against Mobile Phishing ThreatsParis, France, October 24th, 2025, CyberNewsWire Arsen, the cybersecurity company dedicated to helping organizations defend against social engineering, today introduced its new Smishing Simulation module: a feature designed to let companies run realistic, large-scale SMS phishing…GBHACKERS.COM
24 OctAmazon Reveals Technical Fault Behind Widescale AWS Service OutageAmazon Web Services experienced a major outage that affected millions of customers and Amazon’s own operations on October 19 and 20, 2025. The company has now confirmed that a DNS resolution issue with regional DynamoDB service endpoints was the root cause of the disruption…GBHACKERS.COM
24 OctHackers Target Perplexity Comet Browser UsersShortly after the browser was launched, numerous fraudulent domains and fake applications were discovered. The post Hackers Target Perplexity Comet Browser Users appeared first on SecurityWeek .SECURITYWEEK.COM
24 OctResearchers expose large-scale YouTube malware distribution network - Help Net Securitysubmitted by kid to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2025/10/23/youtube-malware-distribution-network-ghost/SH.ITJUST.WORKS
24 OctAPT36 Targets Indian Government with Golang-Based DeskRAT Malware CampaignA Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tr…THEHACKERNEWS.COM
24 OctPhishing Campaign Impersonates Google Careers RecruitersA phishing campaign is impersonating Google Careers to target job seekers, according to researchers at Sublime Security.KNOWBE4.COM
24 OctSpoofed AI sidebars can trick Atlas, Comet users into dangerous actionssubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/spoofed-ai-sidebars-can-trick-atlas-comet-users-into-dangerous-actions/SH.ITJUST.WORKS
24 OctFriday Squid Blogging: “El Pulpo The Squid”There is a new cigar named “ El Pulpo The Squid.” Yes, that means “The Octopus The Squid.” As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.SCHNEIER.COM
24 OctNews alert: Arsen rolls out ‘Smishing Simulation’ to strengthen defenses against mobile phishing threatsPARIS, Oct. 24, 2025, CyberNewswire — Arsen , the cybersecurity company dedicated to helping organizations defend against social engineering, today introduced its new Smishing Simulation module: a feature designed to let companies run realistic, large-scale SMS phishing simulatio…LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
24 OctSelf-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain AttackCybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threa…THEHACKERNEWS.COM
24 Oct3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network OperationA malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads. Active since 2021, the network has…THEHACKERNEWS.COM
📡 INFOSEC NEWS 6[−]
24 OctPhishing Cloud Account for Information, (Thu, Oct 23rd)Over the past two months, my outlook account has been receiving phishing email regarding cloud storage payments, mostly in French and some English with the usual warning such as the account is about to be locked, space is full, loss of data, refused payment, expired payment metho…ISC.SANS.EDU
24 OctLocking it down: A new technique to prevent LLM jailbreaksFollowing on from our preview, here’s the full rundown on LLM salting: a novel countermeasure against LLM jailbreaks, developed by AI researchers at Sophos X-OpsSOPHOS.COM
24 OctMozilla: New Firefox extensions must disclose data collection practicesStarting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties. [...]BLEEPINGCOMPUTER.COM
24 OctHow to reduce costs with self-service password resetsPassword resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software's uReset lets users securely reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification to stop misuse. [...]BLEEPINGCOMPUTER.COM
24 OctAmazon: This week’s AWS outage caused by major DNS failureAmazon says a major DNS failure was behind a massive AWS (Amazon Web Services) outage that took down many websites and online services on Monday. [...]BLEEPINGCOMPUTER.COM
24 OctPrivacy rankings of popular messaging apps in 2025 | Kaspersky official blogComparing WhatsApp, Discord, Snapchat, Facebook Messenger, and Telegram, based on their privacy settings and the amount of data they collect.KASPERSKY.COM