🚨 Google Drive now pauses itself when it detects ransomware.

The AI spots mass file encryption attempts—then halts syncing before your data gets nuked.

It learned its tricks from millions of real victim files.

How it works → https://thehackernews.com/2025/10/threatsday-bulletin-carplay-exploit.html#drive-pauses-syncs-buys-you-minutes

#threatsday #cybersecurity

🚨 CISA just flagged a live zero-day in Smartbedded Meteobridge.

Remote attackers can hijack weather stations → full root access.

No login needed—just click a link. CGI script + eval = instant code execution.

Patches only dropped in May ↓ https://thehackernews.com/2025/10/cisa-flags-meteobridge-cve-2025-4008.html

🚨 A new APT group is hijacking real government email accounts to hack Russian state agencies.

Their malware exfiltrates data through a Telegram bot.

And it’s not just Russia—English & Arabic filenames suggest the target list is much wider.

Read ↓ https://thehackernews.com/2025/10/new-cavalry-werewolf-attack-hits.html

⚡ Enterprises are hitting a new blind spot.

Passwork 7 now combines password + secrets management in one platform.

That means SSH keys, tokens, and DB logins live next to everyday credentials — all gated by roles and vault design.

One misstep = organization-wide exposure.

Here’s how it works ↓ https://thehackernews.com/2025/10/product-walkthrough-how-passwork-7.html

🕵️ One click. One ZIP.

SORVEPOTEL self-replicates through WhatsApp Web — blasting itself to all your contacts and groups until your account is banned.

Targets enterprises, uses LNK → PowerShell for persistence.

Read more → https://thehackernews.com/2025/10/researchers-warn-of-self-spreading.html

Test version.

Commit Message:

update to 12.1.1 (6211)

See commit details 3ff2913

Changes since last build:

🐛 Fixes
• use system emoji on OneUI 8
• NPE in addToSelectedMessages
• NPE in checkOption
• NPE in processLoadedDialogs
• NPE in ChatActivityAdapter.onCreateViewHolder
• ensure text truncation in TextCheckCell
• unintended behavior in makeReplyButtonClick
• apply zalgoFilter in translations
• create sticker from photo

🧹 Others
• update to 12.1.1 (6211)
• Include Polish translation thanks to r.kazierski.

Full changes

Generated by openai/gpt-4.1

https://github.com/simonpunk/NReZygisk-fork/

NReZygisk fork

WARNING

This fork is primarily intended for my own personal use. It is in no way affiliated with, approved by or supported by PerformanC or ThePedroo.

Note that, on one hand, this fork is what I use on my daily driver phone, so it is in my best interest for it to be stable and properly tested. On the other hand, I am unlikely to put any effort into fixing issues that do not manifest on any of my devices, and as such, I cannot recommend that you flash this module on your device.
Fork info
The majority of changes in this fork aim to demonstrate unique approaches to hiding root from applications. In addition, there are some changes to make the module better

align with my personal preferences.
Transparent implementation of Zygisk.

⚠️ Rhadamanthys now fingerprints devices and hides malware inside PNG/JPEG/WAV files.

It’s sold by subscription from $299/mo — a business, not a hobby.

Expert detail: payloads need a secret key from the C2 server to decrypt (stego delivery).

Read the stealth trick that beats many scanners → https://thehackernews.com/2025/10/rhadamanthys-stealer-evolves-adds.html

💀 Another breach caused by a “secure” password.
Hackers don’t need zero-days when your policy is the backdoor.

See why complexity rules fail—and how to block breached creds before attackers use them.

📅 Join the live webinar. Save your spot → https://thehacker.news/password-graveyard

🚨 Detour Dog just flipped the script!

The group once known for shady redirects is now pushing Strela Stealer via hacked WordPress sites + DNS TXT records.

90% of sites look normal—until they quietly fetch malware.

Learn more ↓ https://thehackernews.com/2025/10/detour-dog-caught-running-dns-powered.html

🧨 500% surge in scans hitting Palo Alto Networks logins.

GreyNoise says it’s the highest spike in months — and eerily mirrors Cisco ASA activity seen right before two zero-days dropped.

History may be repeating itself.

Read what they saw first → https://thehackernews.com/2025/10/scanning-activity-on-palo-alto-networks.html

🚨 New: “CometJacking” turns Perplexity’s Comet into an insider threat.

A single URL hijacks the agent, queries memory (collection=…), and Base64s your Gmail/Calendar off-box—no creds needed.

Perplexity says “no impact.”

See the exact payload + defenses → https://thehackernews.com/2025/10/cometjacking-one-click-can-turn.html

🚨 Oracle just rushed a patch for CVE-2025-61882 — a 9.8 critical flaw in E-Business Suite already exploited by Cl0p in live data theft attacks.

The zero-day lets attackers seize control without a username or password.

Experts warn many may already be breached.

Details here ↓ https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html

A “harmless” ICS calendar file exploited Zimbra’s XSS zero-day flaw (CVE-2025-27915) — turning an invite into a full data stealer.

Target: Brazil’s military.
The script waited 72 hours before exfiltrating credentials.

Read → https://thehackernews.com/2025/10/zimbra-zero-day-exploited-to-target.html

[New] China-linked group UAT-8099 is hijacking Microsoft IIS servers across 🇮🇳🇹🇭🇻🇳🇨🇦🇧🇷 — not to steal data, but to manipulate Google search rankings and loot credentials.

The kicker? Their malware only activates when Googlebot visits.

Inside: RDP persistence, BadIIS variants, and stealth backlink fraud ↓ https://thehackernews.com/2025/10/chinese-cybercrime-group-runs-global.html

Your AI models may already be leaking data.

The worst part? Most “AI security tools” can’t even see it.

Here’s what to ask before trusting any AI-SPM solution ↓ https://thehackernews.com/2025/10/5-critical-questions-for-adopting-ai.html

⚡ The threat landscape never slows down — but awareness keeps you ahead.

This week’s highlights focus on patching smarter, spotting early risks, and staying ready for what’s next.

🛡️ Stay sharp. Patch fast. Defend better.

🔗 Read the full recap: https://thehackernews.com/2025/10/weekly-recap-oracle-0-day-bitlocker.html

🚨 Chrome prefs can be poisoned.

Attackers can force malicious extensions active by default—bypassing policies.

The secret? A flaw in Chrome’s super_mac.

Learn how it works → https://thehackernews.com/2025/10/threatsday-bulletin-carplay-exploit.html#prefs-can-be-poisoned-extensions-forced-active

🚨 A Chinese research lab — BIETA — linked to Beijing’s spy agency has been developing covert communication and malware tools for years, according to a new report.

They’ve been selling them under the guise of “forensics” and “network testing” products.

Full story ↓ https://thehackernews.com/2025/10/new-report-links-research-firms-bieta.html

🚨 Attackers now exploit new vulnerabilities within hours—but most orgs still patch once a month.

The result? $5M average breach cost and rising.

The old patch cycle isn’t slow—it’s negligent.

The future is continuous, real-time remediation ↓ https://thehackernews.com/expert-insights/2025/10/continuous-patch-management-why-future.html