🚨 New Threat ALERT! Hackers are exploiting WordPress themes with fake Cloudflare checks, redirecting users to malware via porsasystem[.]com.

Meanwhile, new ClickFix phishing kits use cache smuggling to deliver “invisible” payloads—no downloads needed.

How to spot & kill it ↓ https://thehackernews.com/2025/10/hackers-exploit-wordpress-themes-to.html

🚨 Hackers are hijacking WordPress sites right now.

A critical flaw (CVE-2025-5947) in the Service Finder theme lets anyone log in as an admin — no password needed.

13,800+ exploit attempts. Still rising.
Most sites haven’t patched.

Details here → https://thehackernews.com/2025/10/critical-exploit-lets-hackers-bypass.html

Preemptive Defense is the next frontier of identity security.

It can block AI-driven attacks before a user even authenticates — no login required.

Here’s how it works (and why Gartner’s calling it the new IAM essential).

Learn more ↓ https://thehackernews.com/expert-insights/2025/10/identity-and-ai-threats-developing.html

Russian hackers are now using AI to write malware.

Ukraine’s cybersecurity agency says over 3,000 cyberattacks hit in early 2025 — many powered by AI-generated phishing and data-stealing code.

One strain, WRECKSTEEL, was built with AI tools to target state networks.

Full report → https://thehackernews.com/2025/10/from-phishing-to-malware-ai-becomes.html

⚡ Latest ThreatsDay Bulletin Out Now!

Hackers exploit MS Teams + MFA to breach orgs — plus a $2B crypto heist, .LNK malware with PowerShell implants, Autodesk zero-days, and IoT hub exploits.

🔗 Your quick intel brief → https://thehackernews.com/2025/10/threatsday-bulletin-ms-teams-hack-mfa.html

🚨 One stolen token can bypass MFA.

Last year, a single unrotated API key let attackers compromise Cloudflare’s internal systems — even after a full credential reset.

OAuth & API tokens are the new backdoors hiding in plain sight.

How to spot them before attackers do ↓ https://thehackernews.com/2025/10/saas-breaches-start-with-tokens-what.html

🟥 SonicWall breach ALERT!

Hackers accessed cloud-stored firewall backups — about 5% of customers affected.

The files hold encrypted credentials and configs that could help attackers target devices.

Check your MySonicWall portal for impacted devices → https://thehackernews.com/2025/10/hackers-access-sonicwall-cloud-firewall.html

🚨 A new Android spyware is spreading like a worm.

“ClayRat” infects phones, then messages every contact to spread further.

It hides as WhatsApp, YouTube, or Google Photos — even faking Play Store screens.

Full analysis ↓ https://thehackernews.com/2025/10/new-clayrat-spyware-targets-android.html

A China-backed group just turned AI into a cyber weapon.

They’re using it to write phishing emails and build malware — across English, Chinese, and Japanese targets.

The result? A new backdoor called GOVERSHELL spreading via fake research invites.

Read how ↓ https://thehackernews.com/2025/10/from-healthkick-to-govershell-evolution.html

🚨 Google confirms dozens of organizations breached via Oracle E-Business Suite zero-day (CVE-2025-61882).

Attackers exploited the flaw since July 2025, using multi-stage Java implants and extortion tactics.

🔹 Oracle issued an emergency patch Oct 4
🔹 Exploit code is now public — risk rising

🔗 Details: https://thehackernews.com/2025/10/cl0p-linked-hackers-breach-dozens-of.html

🚨 Active zero-day alert: Gladinet’s CentreStack & TrioFox are under live exploitation.

Hackers are chaining two CVEs to pull machine keys and trigger remote code execution — no patch yet.

Admins, disable the temp handler now ↓ https://thehackernews.com/2025/10/from-lfi-to-rce-active-exploitation.html

🚨 Researchers uncovered 175 malicious npm packages used to host phishing redirects — downloaded 26,000+ times.

The campaign, dubbed Beamglea, abused npm + UNPKG to target 135 tech and energy firms worldwide.

No exploit. Just clever infrastructure abuse.

Read → https://thehackernews.com/2025/10/175-malicious-npm-packages-with-26000.html

⚠️ A zero-day in GoAnywhere MFT has been actively exploited since Sept 11.

Attackers bypassed cryptographic checks — no password, no auth. Microsoft says Storm-1175 used it to drop Medusa ransomware.

Full timeline + exploit details ↓ https://thehackernews.com/2025/10/from-detection-to-patch-fortra-reveals.html

🔴 ALERT: Your next “HR alert” email might not be from HR.

Storm-2657 is phishing employees, taking over Workday accounts, and swapping bank details to steal salaries — no malware, just manipulation.

Inside Microsoft’s latest findings ↓ https://thehackernews.com/2025/10/microsoft-warns-of-payroll-pirates.html

⚠️ New “Stealit” malware is using Node.js’ experimental SEA feature to slip full payloads into fake game & VPN installers — already spreading via Mediafire and Discord.

Read how → https://thehackernews.com/2025/10/stealit-malware-abuses-nodejs-single.html

🚨 Signal just threatened to leave the EU.

Why? The proposed “Chat Control” law would force apps to scan every private message before it’s sent.

The catch: even encrypted chats would be exposed. Experts call it “mass surveillance in disguise.”

The details you need to see ↓ https://thehackernews.com/2025/10/threatsday-bulletin-ms-teams-hack-mfa.html#opposition-to-e-u-chat-control

🚨 Hackers just turned a DFIR tool into a ransomware weapon.

Storm-2603 hijacked Velociraptor to deploy LockBit, Warlock & Babuk—even creating fake domain admins and disabling defenses.

Details here ↓ https://thehackernews.com/2025/10/hackers-turn-velociraptor-dfir-tool.html

⚠️ Over 100 SonicWall SSL VPN accounts breached — not brute-forced.

Attackers used legit creds and traced back to a single IP.

Even patched devices are falling to Akira ransomware campaigns.

Learn more → https://thehackernews.com/2025/10/experts-warn-of-widespread-sonicwall.html

⚡ Apple’s Siri recordings are under criminal investigation in France.

A whistleblower says they captured “intimate” conversations — enough to identify users.

Apple denies misuse, but prosecutors aren’t convinced.

Read ↓ https://thehackernews.com/2025/10/threatsday-bulletin-ms-teams-hack-mfa.html#france-opens-probe-into-apple-siri-voice-recordings

🐭 A $35 gaming mouse just became a spy tool.

UC Irvine researchers turned its optical sensor into a microphone that steals conversations from air-gapped PCs.

It hides inside legit apps like games. Read the PoC → https://thehackernews.com/2025/10/threatsday-bulletin-ms-teams-hack-mfa.html#mic-e-mouse-attack-for-covert-data-exfiltration

⚠️ WARNING: Oracle just confirmed a new vulnerability (CVE-2025-61884) in E-Business Suite.

No login required. Full data access possible.

Even worse—similar flaws were just exploited by Cl0p-linked actors.

Read the latest news here → https://thehackernews.com/2025/10/new-oracle-e-business-suite-bug-could.html