⚠️ CERT-UA: Hackers are sneaking a new CABINETRAT backdoor into Ukraine via Excel XLL add-ins shared on Signal.

Shellcode is hidden inside a PNG (“Office.png”), launched by excel.exe /e in stealth mode.

Details here → https://thehackernews.com/2025/10/ukraine-warns-of-cabinetrat-backdoor.html

🚨 New Android banking trojan spotted — Klopatra has hijacked 3,000+ devices in Spain & Italy.

It hides with Virbox-grade protection (never seen before in Android malware), uses hidden VNC to drain bank accounts at night—while victims think their phone is off.

Details here → https://thehackernews.com/2025/10/new-android-banking-trojan-klopatra.html

🚨 Attackers are hijacking industrial routers to blast out smishing texts across Europe.

Milesight routers expose an API that lets anyone send SMS without authentication. At least 572 devices remain wide open.

Find details here → https://thehackernews.com/2025/10/hackers-exploit-milesight-routers-to.html

🚨 58% of security pros were told to hide a breach this year — a 38% spike since 2023.

The irony? While execs boast “confidence,” 84% of real attacks slip in through tools already inside your network.

The part no one’s talking about ↓ https://thehackernews.com/2025/10/2025-cybersecurity-reality-check.html

🚨 A single Jupyter notebook user could hijack an entire AI platform.

Red Hat OpenShift AI flaw (CVE-2025-10725) lets low-privileged accounts escalate to full cluster admin—total takeover possible.

That’s not the scariest part ↓ https://thehackernews.com/2025/10/critical-red-hat-openshift-ai-flaw.html

⚠️ Automation alone won’t save you.

Too much AI = black-box risk.
Too many rules = brittle systems.
Too much human = bottlenecks.

The strongest workflows blend all three—intentionally.

See how in our next webinar ↓ https://thehackernews.com/2025/10/how-leading-security-teams-blend-ai.html

🚨 New CVE in OneLogin (7.7 CVSS): API flaw exposed all OIDC client secrets.

Any attacker with valid keys could impersonate apps + move laterally.

Patched in 2025.3.0 — details here ↓ https://thehackernews.com/2025/10/onelogin-bug-let-attackers-use-api-keys.html

🚨 Researchers just cracked Intel SGX on DDR4.

Attackers can now steal enclave keys with a $1k device bought online.

They can masquerade as genuine SGX hardware—while spying on your data.

The exploit: “WireTap.” Details ↓ https://thehackernews.com/2025/10/new-wiretap-attack-extracts-intel-sgx.html

Companies are spending millions on DDoS defense.

The result? Every single one surveyed still got hit.

The reason: defenses still rely on humans.

Full report ↓ https://thehackernews.com/expert-insights/2025/09/the-state-of-ddos-defenses-unpacking.html

🚨 Your “Signal” app might not be Signal at all!

Two spyware strains—ProSpy & ToSpy—masquerade as Signal and ToTok to infect Androids—and they’ve been active for years.

One version hides by launching the real app—while stealing your files, messages, and contacts.

Details ↓ https://thehackernews.com/2025/10/warning-beware-of-android-spyware.html

🚨 Switching to a continuous detection workflow surfaced up to 58% more threats and cut MTTR by 21 min per case.

The gap? Tool-switching—not alert floods.

Unique detail: an interactive sandbox reveals click-triggered payloads & staged downloads.

See the 3 steps ↓ https://thehackernews.com/2025/10/how-to-close-threat-detection-gaps-your.html

🚨 Hundreds of hacked accounts are blasting extortion emails at execs.

Hackers claim Oracle E-Business Suite data theft—leveraging Cl0p’s name for credibility.

Google can’t confirm it’s Cl0p… but the contact details match their leak site.

Details → https://thehackernews.com/2025/10/google-mandiant-probes-new-oracle.html

⚠️ This week’s Threatsday Bulletin is here.

🔹 CarPlay exploit (CVE-2025-24132)
🔹 Root access—no clicks needed
🔹 Patch released, but OEMs haven’t applied it
🔹 and more critical threats you can’t ignore...

Your systems may already be at risk.

Read ↓ https://thehackernews.com/2025/10/threatsday-bulletin-carplay-exploit.html

🚨Pentest findings are still being buried in PDFs. By the time they reach IT, attackers may already be in.

The twist? The fix isn’t more reports—it’s automation. Real-time ticketing, instant alerts, zero lag.

The 7 workflows every security team should automate ↓ https://thehackernews.com/2025/10/automating-pentest-delivery-7-key.html

🚨 Malicious PyPI package spotted: “soopsocks” hit 2,653 downloads before takedown.

Advertised as a SOCKS5 proxy, it secretly:
– Dropped a Go-based backdoor (_AUTORUN.EXE)
– Ran PowerShell + VBScript
– Changed firewall rules
– Exfiltrated system data

Full report ↓ https://thehackernews.com/2025/10/alert-malicious-pypi-package-soopsocks.html

🚨 A single click on a shortcut file was enough.

Confucius hackers just stole passwords, screenshots & files across Pakistan’s government and defense networks.

They hid the breach behind routine Windows .LNK files — a trick most security tools missed.

Read ↓ https://thehackernews.com/2025/10/confucius-hackers-hit-pakistan-with-new.html

🚨 U.K. just ordered Apple to break iCloud encryption.

The target? Every Briton’s backups.

Officials want far more than just disabling Advanced Data Protection—secret orders demand access to entire categories of iCloud data.

How deep does this go? ↓ https://thehackernews.com/2025/10/threatsday-bulletin-carplay-exploit.html#u-k-demands-access-targets-britons-backups

🚨 Ordinary PDFs just became hacker weapons.

A new “MatrixPDF” toolkit turns any file into a phishing lure. Even legit docs now hide fake secure prompts + JS redirects.

One click = stolen creds or malware payload.

Details ↓ https://thehackernews.com/2025/10/threatsday-bulletin-carplay-exploit.html#normal-pdfs-turn-into-malware-traps

🚨 Google Drive now pauses itself when it detects ransomware.

The AI spots mass file encryption attempts—then halts syncing before your data gets nuked.

It learned its tricks from millions of real victim files.

How it works → https://thehackernews.com/2025/10/threatsday-bulletin-carplay-exploit.html#drive-pauses-syncs-buys-you-minutes

#threatsday #cybersecurity

🚨 CISA just flagged a live zero-day in Smartbedded Meteobridge.

Remote attackers can hijack weather stations → full root access.

No login needed—just click a link. CGI script + eval = instant code execution.

Patches only dropped in May ↓ https://thehackernews.com/2025/10/cisa-flags-meteobridge-cve-2025-4008.html

🚨 A new APT group is hijacking real government email accounts to hack Russian state agencies.

Their malware exfiltrates data through a Telegram bot.

And it’s not just Russia—English & Arabic filenames suggest the target list is much wider.

Read ↓ https://thehackernews.com/2025/10/new-cavalry-werewolf-attack-hits.html