90Articles
8Categories
2025-10-30Date
🚨 CISA KEV 1[−]
30 Oct KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-24893 XWiki Platform Eval Injection Vulnerability CVE-2025-41244 Broadcom VMware Aria Operations and VMware Tools Privilege Defined wit…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
30 OctWordPress Plugin Vulnerability Lets Attackers Read Any Server FileA critical security flaw has been discovered in the Anti-Malware Security and Brute-Force Firewall WordPress plugin, putting more than 100,000 websites at risk. The vulnerability, identified as CVE-2025-11705, allows authenticated attackers with basic subscriber-level access to r…GBHACKERS.COM
30 OctPrivilege Escalation Exploit Targets Windows Cloud Files MinifilterMicrosoft addressed a critical race condition vulnerability affecting its Windows Cloud Files Minifilter driver in October 2025. The flaw, assigned CVE-2025-55680, was originally discovered in March 2024 and represents a significant security concern for systems utilising OneDrive…GBHACKERS.COM
30 OctNew Attack Chains Ghost SPNs and Kerberos Reflection to Elevate SMB PrivilegesMicrosoft has addressed a critical privilege escalation vulnerability affecting Windows environments worldwide. Attackers can exploit misconfigured Service Principal Names (SPNs) combined with Kerberos reflection attacks to gain SYSTEM-level access on domain-joined machines, even…GBHACKERS.COM
30 OctCritical RediShell RCE Vulnerability Threatens 8,500+ Redis Deployments WorldwideA critical security vulnerability in Redis’s Lua scripting engine has left thousands of database instances vulnerable to remote code execution attacks. The RediShell RCE vulnerability, tracked as CVE-2025-49844, was publicly disclosed in early October 2025 by cloud security…GBHACKERS.COM
30 OctBRONZE BUTLER exploits Japanese asset management software vulnerabilityThe threat group targeted a LANSCOPE zero-day vulnerability (CVE-2025-61932)SOPHOS.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
30 OctSmashing Security podcast #441: Inside the mob’s million-dollar poker hack, and a Formula 1 fumbleBasketball stars have allegedly joined forces with the mafia to fleece high-rollers in a poker scam involving hacked shufflers, covert cameras, and an X-ray card table. Meanwhile, researchers have found they could poke around an FIA driver portal to pull up the personal details o…GRAHAMCLULEY.COM
30 OctOld threats, new consequences: 90% of cyber claims stem from email and remote accessEven as attackers are growing ever more sophisticated in their methods, it seems there’s no point in messing with the tried-and-true. According to cyber insurance company At-Bay’s 2025 InsurSec Rankings Report , email and remote access remain the most prominent cyber threat vecto…CSOONLINE.COM
30 OctPolarEdge Botnet Hits 25K IoT Devices in Major Cyber CampaignCybersecurity researchers at XLab have uncovered a sophisticated infrastructure-as-a-service botnet operation called PolarEdge, which has compromised over 25,000 Internet of Things devices and established 140 command-and-control servers through systematic exploitation of vulnerab…GBHACKERS.COM
30 OctCISA Alerts on Active Exploitation of WSUS VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about active exploitation of a critical vulnerability affecting Windows Server Update Service (WSUS). The agency updated its alert on October 29, 2025, adding crucial information about identi…GBHACKERS.COM
30 OctReport: Profits from ransomware attacks decliningA new study from cybersecurity firm Coveware shows that the ransomware economy is changing. Despite the increase in attacks, average ransom amounts and the percentage of organizations paying extortion demands is expected to decrease in 2025. In the third quarter, only 23% of vict…CSOONLINE.COM
30 OctTips for CISOs switching between industriesFrom the outside, when someone reaches CISO level, the move to the next role should be easy. After all, they’ve already made it to the top. But many security leaders find the opposite is true. Once they’re in a certain industry, it’s harder to get out. Executives and recruiters o…CSOONLINE.COM
30 Oct12 Malicious Extensions in VSCode Marketplace Steal Source Code and Exfiltrate Login CredentialsThe VSCode extension marketplace has become a critical vulnerability in the software supply chain. Security researchers at HelixGuard Team recently discovered 12 malicious extensions operating within the Microsoft VSCode Marketplace and OpenVSX, with four remaining active despite…GBHACKERS.COM
30 OctMaking A Virtual Machine Look Like Real Hardware To Malware | Hackadaysubmitted by cm0002 to cybersecurity 2 points | 0 comments https://hackaday.com/2025/10/27/making-a-virtual-machine-look-like-real-hardware-to-malware/ Running suspicious software in a virtual machine seems like a basic precaution to figure out whether said software contains naug…INFOSEC.PUB
30 OctNew Malware Infects WooCommerce Sites Through Fake Plugins to Steal Credit Card DataA sophisticated malware campaign is actively targeting WordPress e-commerce websites using the WooCommerce plugin, according to recent findings from the Wordfence Threat Intelligence Team. The malware campaign, which employs advanced evasion techniques and multi-layered attack st…GBHACKERS.COM
30 OctFormer US Defense Contractor Executive Admits to Selling Exploits to RussiaPeter Williams stole trade secrets from his US employer and sold them to a Russian cybersecurity tools broker. The post Former US Defense Contractor Executive Admits to Selling Exploits to Russia appeared first on SecurityWeek .SECURITYWEEK.COM
30 OctThe AI-Designed Bioweapon Arms RaceInteresting article about the arms race between AI systems that invent/design new biological pathogens, and AI systems that detect them before they’re created: The team started with a basic test: use AI tools to design variants of the toxin ricin, then test them against the…SCHNEIER.COM
30 OctTypo hackers sneak cross-platform credential stealer into 10 npm packagesIn a newly disclosed multi-stage supply-chain campaign, a threat actor published ten typosquatted npm packages that mimicked popular libraries to deploy a cross-platform credential stealer. According to a Socket analysis, the packages were published on July 4 and had collectively…CSOONLINE.COM
30 OctThe Death of the Security Checkbox: BAS Is the Power Behind Real DefenseSecurity doesn’t fail at the point of breach. It fails at the point of impact.  That line set the tone for this year’s Picus Breach and Simulation (BAS) Summit, where researchers, practitioners, and CISOs all echoed the same theme: cyber defense is no longer about prediction…THEHACKERNEWS.COM
30 OctChromium flaw crashes Chrome, Edge, Atlas: Researcher publishes exploit after Google’s silenceA vulnerability in Chromium’s rendering engine can crash Chrome, Microsoft Edge, and seven other browsers within seconds if exploited by attackers, a security researcher warned after Google ignored his vulnerability report for two months. Jose Pino published proof-of-concept code…CSOONLINE.COM
30 OctAembit Introduces Identity and Access Management for Agentic AISilver Spring, USA/ Maryland, October 30th, 2025, CyberNewsWire Aembit today announced the launch of Aembit Identity and Access Management (IAM) for Agentic AI, a set of capabilities that help organizations safely provide and enforce access policies for AI agents as they move int…GBHACKERS.COM
30 OctJenkins Flaws Expose SAML Authentication Bypass and MCP Server Plugin WeaknessesJenkins automation server users face critical security threats following the disclosure of 14 distinct vulnerabilities spanning multiple plugins. The security advisory reveals a widespread pattern of authentication bypass mechanisms, missing permission enforcement, and credential…GBHACKERS.COM
30 OctAtlas-Browser-Exploit ermöglicht Angriff auf ChatGPT-SpeicherSecurity-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft. jackpress – shutterstock.com Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten , den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher v…CSOONLINE.COM
30 OctCritical Blink Vulnerability Lets Attackers Crash Chromium Browsers in SecondsSecurity researchers have discovered a critical architectural flaw in the Blink rendering engine that powers Chromium-based browsers, exposing over 3 billion users to denial-of-service attacks. The vulnerability, called Brash, allows malicious actors to completely crash Chro…GBHACKERS.COM
30 OctThreat Actors Abuse AzureHound Tool to Enumerate Azure and Entra ID EnvironmentsThe cybersecurity landscape continues to shift toward cloud-based attacks, with threat actors increasingly exploiting legitimate security tools for malicious reconnaissance. AzureHound, a penetration testing utility designed for authorized security professionals, has become a wea…GBHACKERS.COM
30 OctNew Guidance Released on Microsoft Exchange Server Security Best PracticesToday, CISA, in partnership with the National Security Agency and international cybersecurity partners, released Microsoft Exchange Server Security Best Practices , a guide to help network defenders harden on-premises Exchange servers against exploitation by malicious actors. Thr…CISA.GOV
30 OctNew "Brash" Exploit Crashes Chromium Browsers Instantly with a Single Malicious URLA severe vulnerability disclosed in Chromium's Blink rendering engine can be exploited to crash many Chromium-based browsers within a few seconds. Security researcher Jose Pino, who disclosed details of the flaw, has codenamed it Brash. "It allows any Chromium browser to collapse…THEHACKERNEWS.COM
30 OctCISA Releases Two Industrial Control Systems AdvisoriesCISA released two Industrial Control Systems (ICS). These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.  ICSA-25-303-01 International Standards Organization ISO 15118-2 ICSA-25-303-02 Hitachi Energy TropOS…CISA.GOV
30 OctEx-L3Harris exec guilty of selling cyber exploits to Russian brokerPeter Williams, a former general manager at U.S. defense contractor L3Harris Trenchant, has pleaded guilty in U.S. District Court to stealing and selling confidential cybersecurity information to a Russian vulnerability exploit broker. [...]BLEEPINGCOMPUTER.COM
30 OctRussian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced AttacksThe open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for p…THEHACKERNEWS.COM
30 OctStrengthening security with a converged security and networking platformToday’s IT environment of multiple clouds, hybrid work, and the exploding popularity of AI has given cybercriminals unprecedented opportunities for launching attacks — and the traditional arsenal of tools organizations use to stop them isn’t working. The network perimeter has dis…CSOONLINE.COM
30 OctXWiki Vulnerability Exploited in Cryptocurrency Mining Operation - SecurityWeeksubmitted by kid to cybersecurity 1 points | 0 comments https://www.securityweek.com/xwiki-vulnerability-exploited-in-cryptocurrency-mining-operation/SH.ITJUST.WORKS
30 OctNews alert: Aembit extends Workload IAM to close the access-control gap in enterprise AI deploymentsSILVER SPRING, Md., Oct. 30, 2025, CyberNewswire — Aembit today announced the launch of Aembit Identity and Access Management (IAM) for Agentic AI, a set of capabilities that help organizations safely provide and enforce access policies for AI agents as … (more…) The post N…LASTWATCHDOG.COM
30 OctWindows Server Update Services (WSUS) vulnerability abused to harvest sensitive data – Sophos Newssubmitted by kid to cybersecurity 2 points | 0 comments https://news.sophos.com/en-us/2025/10/29/windows-server-update-services-wsus-vulnerability-abused-to-harvest-sensitive-data/SH.ITJUST.WORKS
30 OctCISA orders feds to patch VMware Tools flaw exploited by Chinese hackersCISA has ordered federal agencies to patch a high-severity vulnerability in Broadcom's VMware Aria Operations and VMware Tools software, exploited by Chinese hackers since October 2024. [...]BLEEPINGCOMPUTER.COM
30 OctCybersecurity Is Dead - PSW #898In the security news this week: * Cybersecurity is dead, and AI killed it * Exploiting the patching system * Apple makes it easier for spyware * Who is patching Cisco ASA? * Shove that DMCA somewhere * HTTPS - a requirement * Russia wants to own all the exploits * Abandonware cha…YOUTUBE.COM
📢 SECURITY ADVISORIES 7[−]
30 OctGrüne fordern schnellstmögliche Sicherheitsoffensivesrcset="https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_2493857225.jpg?quality=50&strip=all 4200w, https://b2b-contenthub.com/wp-content/uploads/2025/10/shutterstock_2493857225.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
30 OctCybersecurity management for boards: Metrics that matterRansomware doesn’t schedule a meeting with your CISO. It hits your core systems, deletes your backups and leaks your data. And while the security team races to contain the breach, your board is left with a more pressing question: How bad is it? Most boards don’t know. Patch count…CSOONLINE.COM
30 OctCISA and NSA share tips on securing Microsoft Exchange serversThe Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks. [...]BLEEPINGCOMPUTER.COM
30 OctJoint guidance on Microsoft Exchange Server security best practicesThis joint guidance provides security best practices to help administrators harden on-premises Exchange servers by enforcing a prevention posture and hardening authentication and encryption.CYBER.GC.CA
🔥 INCIDENT REPORTING 9[−]
30 OctNFC Relay Attack: 700+ Android Apps Harvest Banking Login DetailsA sophisticated cybercrime campaign leveraging Near Field Communication technology has exploded across multiple continents, with researchers at zLabs identifying over 760 malicious Android applications designed to steal banking credentials and facilitate fraudulent transactions. …GBHACKERS.COM
30 OctMajor US Telecom Backbone Firm Hacked by Nation-State ActorsRibbon Communications provides technology for communications networks and its customers include the US government and major telecom firms. The post Major US Telecom Backbone Firm Hacked by Nation-State Actors appeared first on SecurityWeek .SECURITYWEEK.COM
30 OctAirstalk Malware: Multi-Threaded C2 Steals Windows LoginsCybersecurity researchers have uncovered a sophisticated Windows malware family dubbed Airstalk, which leverages legitimate mobile device management infrastructure to establish covert command-and-control communications and exfiltrate sensitive browser credentials. The malware, av…GBHACKERS.COM
30 OctMillions Impacted by Conduent Data BreachThe hackers stole names, addresses, dates of birth, Social Security numbers, and health and insurance information. The post Millions Impacted by Conduent Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
30 OctMore than 10 million impacted by breach of government contractor Conduent | The Record from Recorded Future Newssubmitted by kid to cybersecurity 0 points | 0 comments https://therecord.media/millions-impacted-breach-conduentSH.ITJUST.WORKS
30 OctBPO giant Conduent confirms data breach impacts 10.5 million peopleAmerican business services giant Conduent has confirmed that a 2024 data breach has impacted over 10.5 million people, according to notifications filed with the US Attorney General's offices. [...]BLEEPINGCOMPUTER.COM
30 OctCanada says hacktivists breached water and energy facilitiessubmitted by kid to cybersecurity 2 points | 0 comments https://www.bleepingcomputer.com/news/security/canada-says-hacktivists-breached-water-and-energy-facilities/SH.ITJUST.WORKS
30 Octreuters.comsubmitted by kid to cybersecurity 0 points | 1 comments https://www.reuters.com/business/media-telecom/us-company-with-access-biggest-telecom-firms-uncovers-breach-by-nation-state-2025-10-29/SH.ITJUST.WORKS
30 OctMajor telecom services provider Ribbon breached by state hackersRibbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December 2024. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 19[−]
30 OctISC Stormcast For Thursday, October 30th, 2025 https://isc.sans.edu/podcastdetail/9678, (Thu, Oct 30th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
30 OctPhantomRaven Attack Discovered in 126 Malicious npm Packages, Exceeding 86,000 DownloadsThe global developer community has been rocked by the emergence of PhantomRaven, a far-reaching campaign involving 126 malicious npm packages with more than 86,000 downloads. Lurking beneath the surface, these packages actively steal npm tokens, GitHub credentials, and CI/CD secr…GBHACKERS.COM
30 OctChrome 142 Update Patches 20 Security Flaws Enabling Code ExecutionGoogle has released Chrome version 142 to the stable channel, addressing multiple critical security vulnerabilities that could allow attackers to execute malicious code on affected systems. The update, now rolling out to Windows, Mac, and Linux users, contains fixes for 20 securi…GBHACKERS.COM
30 Oct136 NPM Packages Delivering Infostealers Downloaded 100,000 TimesThe packages deployed malicious code harvesting system information, credentials, tokens, API keys, and other sensitive information. The post 136 NPM Packages Delivering Infostealers Downloaded 100,000 Times appeared first on SecurityWeek .SECURITYWEEK.COM
30 OctCanada Says Hackers Tampered With ICS at Water Facility, Oil and Gas FirmThe Canadian Centre for Cyber Security has warned CISOs that hacktivists are increasingly targeting internet-exposed ICS. The post Canada Says Hackers Tampered With ICS at Water Facility, Oil and Gas Firm appeared first on SecurityWeek .SECURITYWEEK.COM
30 OctWhen a “Contact Us” Form Becomes “Contact a Cybercriminal”Lead Analysts: Lucy Gee and James Dyer Cybercriminals want their payday. Unfortunately for the targets of phishing (and the organizations they work for) that means they’re constantly refining their tactics to create more sophisticated attacks that are harder to detect – by both e…KNOWBE4.COM
30 OctYou are invited to our hackerspace on SimpleXsubmitted by nemesis1733 to cybersecurity 2 points | 0 comments We are building our own hackerspace on SimpleX and new members are welcome!!! What is it about? It’s a place for people who love tech to come together, work on projects, share ideas, and learn new skills. Link to joi…SH.ITJUST.WORKS
30 OctReflectiz Raises $22 Million for Website Security SolutionThe company will expand its product offering, establish global headquarters in Boston, and fuel growth and go-to-market efforts. The post Reflectiz Raises $22 Million for Website Security Solution appeared first on SecurityWeek .SECURITYWEEK.COM
30 OctLampion Stealer Resurfaces with ClickFix Attack to Steal User Credentials StealthilyA Brazilian cybercriminal group has refined its long-running malware distribution campaign by incorporating innovative social engineering techniques and multi-stage infection chains to deliver the Lampion banking trojan. The campaign, which has operated continuously since at leas…GBHACKERS.COM
30 OctSpektrum Labs Emerges From Stealth to Help Companies Prove ResilienceSpektrum Labs has raised $10 million in seed funding for its cyber resilience platform. The post Spektrum Labs Emerges From Stealth to Help Companies Prove Resilience appeared first on SecurityWeek .SECURITYWEEK.COM
30 OctEY Data Leak - Massive 4TB SQL Server Backup Exposed Publicly on Microsoft Azuresubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/ey-data-leak/SH.ITJUST.WORKS
30 Oct10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linuxsubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/10/10-npm-packages-caught-stealing.htmlSH.ITJUST.WORKS
30 OctNpm Malware Uses Invisible Dependencies to Infect Dozens of Packages - Infosecurity Magazinesubmitted by kid to cybersecurity 1 points | 0 comments https://www.infosecurity-magazine.com/news/npm-malware-invisible-dependencies/SH.ITJUST.WORKS
30 OctThe 5 generative AI security threats you need to know about detailed in new e-bookIn this blog post, we’ll highlight the key themes covered in the e-book, including the challenges organizations face, the top generative AI threats to organizations, and how companies can enhance their security posture to meet the dangers of today’s unpredictable AI environments.…MICROSOFT.COM
30 OctPHP Servers and IoT Devices Face Growing Cyber-Attack Risks - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 1 comments https://www.infosecurity-magazine.com/news/php-servers-and-iot-devices-cyber/SH.ITJUST.WORKS
30 OctVintageStory's wiki emails you a temporary password when requesting a password reset, is this insecure?submitted by moosetwin to cybersecurity 1 points | 0 comments Note: The password in this image is no longer valid, don’t kill me This is just used by their wiki, the side with the payment stuff uses a different system (and a separate login)SH.ITJUST.WORKS
30 OctHow Android provides the most effective protection to keep you safe from mobile scamsPosted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek, Manager, Android Messaging & Chrome Extensions Security As Cybersecurity Awareness Month wraps up, we’re focusing on one …SECURITY.GOOGLEBLOG.COM
30 OctData Leak Outs Students of Iran's MOIS Training Academysubmitted by kid to cybersecurity 1 points | 0 comments https://www.darkreading.com/threat-intelligence/data-leak-students-iran-mois-training-academySH.ITJUST.WORKS
30 OctSomeone Snuck Into a Cellebrite Microsoft Teams Call and Leaked Phone Unlocking Detailssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.404media.co/someone-snuck-into-a-cellebrite-microsoft-teams-call-and-leaked-phone-unlocking-details/ archive.is/LeS5LINFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 3[−]
30 OctThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs RisingThe comfort zone in cybersecurity is gone. Attackers are scaling down, focusing tighter, and squeezing more value from fewer, high-impact targets. At the same time, defenders face growing blind spots — from spoofed messages to large-scale social engineering. This week&rsquo…THEHACKERNEWS.COM
30 OctPhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From DevsCybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has be…THEHACKERNEWS.COM
30 OctMassive surge of NFC relay malware steals Europeans’ credit cardsNear-Field Communication (NFC) relay malware has grown massively popular in Eastern Europe, with researchers discovering over 760 malicious Android apps using the technique to steal people's payment card information in the past few months. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 16[−]
30 OctLinkedIn gives you until Monday to stop AI from training on your profileIf you live in the UK/EU/Canada/Hong Kong, LinkedIn has given you until Monday to stop AI from training on your profile. You have to opt-out if you don't want this to happen to your data. Take action now, and tell your friends. Read more in my article on the Hot for Security blog…BITDEFENDER.COM
30 OctMicrosoft promises more Copilot features in Microsoft 365 companion appsMicrosoft 365 companion apps will be getting more Copilot features in the coming weeks. [...]BLEEPINGCOMPUTER.COM
30 OctMXDR solution for SMBs | Kaspersky official blogWe discuss what a Managed Extended Detection and Response (MXDR) solution for small and medium-sized businesses should be like.KASPERSKY.COM
30 OctX-Request-Purpose: Identifying "research" and bug bounty related scans?, (Thu, Oct 30th)This week, I noticed some new HTTP request headers that I had not seen before: ISC.SANS.EDU
30 OctBuild a prevention-first defense: The Sophos Cybersecurity ToolkitExplore the Cybersecurity toolkit and start building your prevention-first strategy today.SOPHOS.COM
30 OctRethinking identity security in the age of autonomous AI agentsAI agents now make decisions and access systems on their own, creating identity blind spots traditional tools can't see. Learn how Token Security brings identity-first security to agentic AI — making every agent verified, owned, and accountable. [...]BLEEPINGCOMPUTER.COM
30 OctLinkedIn phishing targets finance execs with fake board invitesHackers are abusing LinkedIn to target finance executives with direct-message phishing attacks that impersonate executive board invitations, aiming to steal their Microsoft credentials. [...]BLEEPINGCOMPUTER.COM
30 OctThe human cost of the UK Government’s Afghan data leakCan data leaks do real harm? Yes, they can. And so can a failure to respond appropriately.GRAHAMCLULEY.COM
30 OctSpam text scammer fined £200,000 for targeting people in debt, after sending nearly one million messagesThe UK Information Commissioner’s Office (ICO) has levied a fine of £200,000 against a sole trader who sent almost one million spam text messages to people across the country - many of whom were already struggling with debt. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
30 OctGoogle's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a MonthGoogle on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month. The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communi…THEHACKERNEWS.COM
30 OctWhatsApp adds passkey protection to end-to-end encrypted backupsThis means if you lose your device, you can use methods like fingerprint, face, or the screen lock code of your previous device to access WhatsApp's backup.TECHCRUNCH.COM
30 OctWhatsApp adds passwordless chat backups on iOS and AndroidWhatsApp is rolling out passkey-encrypted backups for iOS and Android devices, enabling users to encrypt their chat history using their fingerprint, face, or a screen lock code. [...]BLEEPINGCOMPUTER.COM
30 OctLeaker reveals which Pixels are vulnerable to Cellebrite phone hackingCellebrite can apparently extract data from most Pixel phones, unless they're running GrapheneOS.ARSTECHNICA.COM
30 OctOpenAI confirms GPT-5 is now better at handling mental and emotional distressOpenAI confirmed that it shipped an update on October 5, which allows GPT-5 to better handle sensitive conversations, especially when a user is experiencing emotional or mental distress. [...]BLEEPINGCOMPUTER.COM
30 OctFraud prevention: How to help older family members avoid scamsFamilies that combine open communication with effective behavioral and technical safeguards can cut the risk dramaticallyWELIVESECURITY.COM