Capita to pay £14 million for data breach impacting 6.6 million people

The Information Commissioner's Office (ICO) in the UK has fined Capita, a provider of data-driven business process services, £14 million ($18.7 million) for a data breach incident in 2023 that exposed the personal information of 6.6 million people. [...]

https://www.bleepingcomputer.com/news/security/capita-to-pay-14-million-for-data-breach-impacting-66-million-people/

 YouTube is down worldwide with playback error

YouTube is currently facing a global outage, with users reporting playback errors on both the website and mobile apps. [...]

https://www.bleepingcomputer.com/news/google/youtube-is-down-worldwide-with-playback-error/

 Microsoft debuts Copilot Actions for agentic AI-driven Windows tasks

Microsoft announced today a new Windows 11 Copilot feature called Copilot Actions that enables AI agents to perform real tasks on local files and applications. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-debuts-copilot-actions-for-agentic-ai-driven-windows-tasks/

 North Korean hackers use EtherHiding to hide malware on the blockchain

North Korean hackers were observed employing the 'EtherHiding' tactic to deliver malware, steal cryptocurrency, and perform espionage with stealth and resilience. [...]

https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-etherhiding-to-hide-malware-on-the-blockchain/

 Unified Exposure Management Platforms: The Future of Preemptive Cyber Defense

Traditional MDR focuses on reacting to attacks already in motion — but modern threats demand prevention. Picus Security explains how Unified Exposure Management Platforms continuously identifies, validates, and fixes exploitable risks before adversaries strike. [...]

https://www.bleepingcomputer.com/news/security/unified-exposure-management-platforms-the-future-of-preemptive-cyber-defense/

 CISA: Maximum-severity Adobe flaw now exploited in attacks

CISA has warned that attackers are actively exploiting a maximum-severity vulnerability in Adobe Experience Manager to execute code on unpatched systems. [...]

https://www.bleepingcomputer.com/news/security/cisa-maximum-severity-adobe-flaw-now-exploited-in-attacks/

 Gladinet fixes actively exploited zero-day in file-sharing software

Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. [...]

https://www.bleepingcomputer.com/news/security/gladinet-fixes-actively-exploited-zero-day-in-file-sharing-software/

 Microsoft: Office 2016 and Office 2019 have reach end of support

​​​​​Microsoft reminded customers this week that Office 2016 and Office 2019 have reached the end of extended support on October 14, 2025. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2016-and-office-2019-have-reach-end-of-support/

 Microsoft disrupts ransomware attacks targeting Teams users

Microsoft has disrupted a wave of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign malicious Teams installers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-disrupts-ransomware-attacks-targeting-teams-users/

 Hackers exploit Cisco SNMP flaw to deploy rootkit on switches

Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in older, unprotected Cisco networking devices to deploy a Linux rootkit and gain persistent access. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-cisco-snmp-flaw-to-deploy-rootkit-on-switches/

 Have I Been Pwned: Prosper data breach impacts 17.6 million accounts

Hackers stole the personal information of over 17.6 million people after breaching the systems of financial services company Prosper. [...]

https://www.bleepingcomputer.com/news/security/have-i-been-pwned-warns-of-prosper-data-breach-impacting-176-million-accounts/

 Auction giant Sotheby’s says data breach exposed customer information

Major international auction house Sotheby's is notifying customers of a data breach incident on its systems where threat actors stole sensitive information, including financial details. [...]

https://www.bleepingcomputer.com/news/security/auction-giant-sothebys-says-data-breach-exposed-customer-information/

 Windows 11 updates break localhost (127.0.0.1) HTTP/2 connections

Microsoft's October Windows 11 updates have broken the "localhost" functionality, making applications that connect back to 127.0.0.1 over HTTP/2 no longer function properly. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-updates-break-localhost-127001-http-2-connections/

 Over 266,000 F5 BIG-IP instances exposed to remote attacks

Internet security nonprofit Shadowserver Foundation has found more than 266,000 F5 BIG-IP instances exposed online after the security breach disclosed by cybersecurity company F5 this week. [...]

https://www.bleepingcomputer.com/news/security/over-266-000-f5-big-ip-instances-exposed-to-remote-attacks/

 Microsoft fixes Windows bug breaking localhost HTTP connections

Microsoft has fixed a known issue breaking HTTP/2 localhost (127.0.0.1) connections and IIS websites after installing recent Windows security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-bug-breaking-localhost-http-connections/

 VMware Certification: Your Next Career Power Move

VMware certification isn't just about passing exams — it's about mastering systems, proving expertise, and your career. Gain hands-on labs, discounts, and mentorship with VMUG Advantage to reach your next goal faster. [...]

https://www.bleepingcomputer.com/news/security/vmware-certification-your-next-career-power-move/

 Microsoft fixes highest-severity ASP.NET Core flaw ever

Earlier this week, Microsoft patched a vulnerability that was flagged with the "highest ever" severity rating received by an ASP.NET Core security flaw. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-highest-severity-aspnet-core-flaw-ever/

 Europol dismantles SIM box operation renting numbers for cybercrime

European law enforcement in an operation codenamed 'SIMCARTEL' has dismantled an illegal SIM-box service that enabled more than 3,200 fraud cases and caused at least 4.5 million euros in losses. [...]

https://www.bleepingcomputer.com/news/security/europol-dismantles-sim-box-operation-renting-numbers-for-cybercrime/

 Microsoft lifts more safeguard holds blocking Windows 11 updates

Microsoft has removed two more compatibility holds preventing customers from installing Windows 11 24H2 via Windows Update. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-lifts-more-safeguard-holds-blocking-windows-11-updates/

 American Airlines subsidiary Envoy confirms Oracle data theft attack

Envoy Air, a regional airline carrier owned by American Airlines, confirms that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its data leak site. [...]

https://www.bleepingcomputer.com/news/security/american-airlines-subsidiary-envoy-confirms-oracle-data-theft-attack/

 ConnectWise fixes Automate bug allowing AiTM update attacks

ConnectWise released a security update to address vulnerabilities, one of them with critical severity, in Automate product that could expose sensitive communications to interception and modification. [...]

https://www.bleepingcomputer.com/news/security/connectwise-fixes-automate-bug-allowing-aitm-update-attacks/