🚨 Researchers uncovered 175 malicious npm packages used to host phishing redirects — downloaded 26,000+ times.

The campaign, dubbed Beamglea, abused npm + UNPKG to target 135 tech and energy firms worldwide.

No exploit. Just clever infrastructure abuse.

Read → https://thehackernews.com/2025/10/175-malicious-npm-packages-with-26000.html

⚠️ A zero-day in GoAnywhere MFT has been actively exploited since Sept 11.

Attackers bypassed cryptographic checks — no password, no auth. Microsoft says Storm-1175 used it to drop Medusa ransomware.

Full timeline + exploit details ↓ https://thehackernews.com/2025/10/from-detection-to-patch-fortra-reveals.html

🔴 ALERT: Your next “HR alert” email might not be from HR.

Storm-2657 is phishing employees, taking over Workday accounts, and swapping bank details to steal salaries — no malware, just manipulation.

Inside Microsoft’s latest findings ↓ https://thehackernews.com/2025/10/microsoft-warns-of-payroll-pirates.html

⚠️ New “Stealit” malware is using Node.js’ experimental SEA feature to slip full payloads into fake game & VPN installers — already spreading via Mediafire and Discord.

Read how → https://thehackernews.com/2025/10/stealit-malware-abuses-nodejs-single.html

🚨 Signal just threatened to leave the EU.

Why? The proposed “Chat Control” law would force apps to scan every private message before it’s sent.

The catch: even encrypted chats would be exposed. Experts call it “mass surveillance in disguise.”

The details you need to see ↓ https://thehackernews.com/2025/10/threatsday-bulletin-ms-teams-hack-mfa.html#opposition-to-e-u-chat-control

🚨 Hackers just turned a DFIR tool into a ransomware weapon.

Storm-2603 hijacked Velociraptor to deploy LockBit, Warlock & Babuk—even creating fake domain admins and disabling defenses.

Details here ↓ https://thehackernews.com/2025/10/hackers-turn-velociraptor-dfir-tool.html

⚠️ Over 100 SonicWall SSL VPN accounts breached — not brute-forced.

Attackers used legit creds and traced back to a single IP.

Even patched devices are falling to Akira ransomware campaigns.

Learn more → https://thehackernews.com/2025/10/experts-warn-of-widespread-sonicwall.html

⚡ Apple’s Siri recordings are under criminal investigation in France.

A whistleblower says they captured “intimate” conversations — enough to identify users.

Apple denies misuse, but prosecutors aren’t convinced.

Read ↓ https://thehackernews.com/2025/10/threatsday-bulletin-ms-teams-hack-mfa.html#france-opens-probe-into-apple-siri-voice-recordings

🐭 A $35 gaming mouse just became a spy tool.

UC Irvine researchers turned its optical sensor into a microphone that steals conversations from air-gapped PCs.

It hides inside legit apps like games. Read the PoC → https://thehackernews.com/2025/10/threatsday-bulletin-ms-teams-hack-mfa.html#mic-e-mouse-attack-for-covert-data-exfiltration

⚠️ WARNING: Oracle just confirmed a new vulnerability (CVE-2025-61884) in E-Business Suite.

No login required. Full data access possible.

Even worse—similar flaws were just exploited by Cl0p-linked actors.

Read the latest news here → https://thehackernews.com/2025/10/new-oracle-e-business-suite-bug-could.html

🚨A new Rust-based backdoor called ChaosBot is hijacking corporate networks — and running its C2 over Discord.

It hides behind Microsoft Edge, abuses service accounts, and even checks for VMware to dodge analysis.

One slip → full network access ↓ https://thehackernews.com/2025/10/new-rust-based-malware-chaosbot-hijacks.html

Hackers just turned GitHub into their command center.

When police take down their servers, the malware just… reboots itself from GitHub.

The twist? It hides configs inside images using steganography. This isn’t a glitch — it’s resilience by design.

Read how it works → https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html

⚠️ Microsoft just locked down Internet Explorer mode in Edge after real-world zero-day attacks.

Hackers abused the old IE engine (Chakra) to hijack devices — bypassing modern browser defenses.

Full story ↓ https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html

🟥 RondoDox Botnet just went nuclear.

It’s now exploiting 56 vulnerabilities across 30+ vendors — from routers to web servers.

The irony? 18 of those flaws don’t even have CVEs yet.

Learn more → https://thehackernews.com/2025/10/researchers-warn-rondodox-botnet-is.html

Your WAF can’t see this.

Attackers are skimming payment data right now through unmonitored JavaScript—while your dashboards stay clean.

The worst part? It’s happening in your customers’ browsers.

See what every retailer must fix before Black Friday ↓ https://thehackernews.com/2025/10/why-unmonitored-javascript-is-your.html

⚡ Latest Weekly Recap is out...

🚨 Oracle 0-Day exploited
🤖 Nation-state AI abuse on the rise
🎣 npm phishing spreading fast
💀 New ransomware cartel emerges

…and more

The threat landscape is moving fast — here’s what defenders need to know.

🔗 https://thehackernews.com/2025/10/weekly-recap-whatsapp-worm-critical.html

🚨 Threat Alert: A new group, TA585, is running end-to-end phishing campaigns delivering MonsterV2 malware.

No middlemen. Just pure, in-house cybercrime ops.

Phishing → fake CAPTCHAs → PowerShell payloads → MonsterV2.

Learn how their stack works → https://thehackernews.com/2025/10/researchers-expose-ta585s-monsterv2.html

🚨 Attackers are turning Discord into a command center — using webhooks to steal API keys and config files right from npm, PyPI, and Ruby installs.

⚙️ North Korean actors even pushed 300+ fake packages with 50K+ downloads.

Details here → https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html

⚡ New Android exploit “Pixnapping” steals 2FA codes via GPU side-channels.

— No special permissions
— Works across apps (Maps, Authenticator, etc.)
— Full 2FA capture in ~30s

Read the full story ↓ https://thehackernews.com/2025/10/new-pixnapping-android-flaw-lets-rogue.html

🧩 AMD’s “secure” virtualization can be broken with a single memory write.

A new flaw, RMPocalypse (CVE-2025-0033), lets attackers corrupt the Reverse Map Table and steal data from virtual machines — all through one 8-byte overwrite.

Read the details ↓ https://thehackernews.com/2025/10/rmpocalypse-single-8-byte-write.html

🤖 AI lets attackers map your environment before sending a payload.

No exploits needed — your JS, APIs, and error logs are enough. Harmless data is now reconnaissance fuel.

See how it changes defense strategy ↓ https://thehackernews.com/2025/10/what-ai-reveals-about-web-applications.html