Hackers just turned GitHub into their command center.
When police take down their servers, the malware just⦠reboots itself from GitHub.
The twist? It hides configs inside images using steganography. This isnβt a glitch β itβs resilience by design.
Read how it works β https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html
When police take down their servers, the malware just⦠reboots itself from GitHub.
The twist? It hides configs inside images using steganography. This isnβt a glitch β itβs resilience by design.
Read how it works β https://thehackernews.com/2025/10/astaroth-banking-trojan-abuses-github.html
π₯34π€10π±6π4β‘1
β οΈ Microsoft just locked down Internet Explorer mode in Edge after real-world zero-day attacks.
Hackers abused the old IE engine (Chakra) to hijack devices β bypassing modern browser defenses.
Full story β https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html
Hackers abused the old IE engine (Chakra) to hijack devices β bypassing modern browser defenses.
Full story β https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html
π₯16π6π€4π2π±2
π₯ RondoDox Botnet just went nuclear.
Itβs now exploiting 56 vulnerabilities across 30+ vendors β from routers to web servers.
The irony? 18 of those flaws donβt even have CVEs yet.
Learn more β https://thehackernews.com/2025/10/researchers-warn-rondodox-botnet-is.html
Itβs now exploiting 56 vulnerabilities across 30+ vendors β from routers to web servers.
The irony? 18 of those flaws donβt even have CVEs yet.
Learn more β https://thehackernews.com/2025/10/researchers-warn-rondodox-botnet-is.html
π€―10π±6π2β‘1
Your WAF canβt see this.
Attackers are skimming payment data right now through unmonitored JavaScriptβwhile your dashboards stay clean.
The worst part? Itβs happening in your customersβ browsers.
See what every retailer must fix before Black Friday β https://thehackernews.com/2025/10/why-unmonitored-javascript-is-your.html
Attackers are skimming payment data right now through unmonitored JavaScriptβwhile your dashboards stay clean.
The worst part? Itβs happening in your customersβ browsers.
See what every retailer must fix before Black Friday β https://thehackernews.com/2025/10/why-unmonitored-javascript-is-your.html
π₯12
β‘ Latest Weekly Recap is out...
π¨ Oracle 0-Day exploited
π€ Nation-state AI abuse on the rise
π£ npm phishing spreading fast
π New ransomware cartel emerges
β¦and more
The threat landscape is moving fast β hereβs what defenders need to know.
π https://thehackernews.com/2025/10/weekly-recap-whatsapp-worm-critical.html
π¨ Oracle 0-Day exploited
π€ Nation-state AI abuse on the rise
π£ npm phishing spreading fast
π New ransomware cartel emerges
β¦and more
The threat landscape is moving fast β hereβs what defenders need to know.
π https://thehackernews.com/2025/10/weekly-recap-whatsapp-worm-critical.html
β‘8π€1
π¨ Threat Alert: A new group, TA585, is running end-to-end phishing campaigns delivering MonsterV2 malware.
No middlemen. Just pure, in-house cybercrime ops.
Phishing β fake CAPTCHAs β PowerShell payloads β MonsterV2.
Learn how their stack works β https://thehackernews.com/2025/10/researchers-expose-ta585s-monsterv2.html
No middlemen. Just pure, in-house cybercrime ops.
Phishing β fake CAPTCHAs β PowerShell payloads β MonsterV2.
Learn how their stack works β https://thehackernews.com/2025/10/researchers-expose-ta585s-monsterv2.html
π15π₯1π±1
π¨ Attackers are turning Discord into a command center β using webhooks to steal API keys and config files right from npm, PyPI, and Ruby installs.
βοΈ North Korean actors even pushed 300+ fake packages with 50K+ downloads.
Details here β https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html
βοΈ North Korean actors even pushed 300+ fake packages with 50K+ downloads.
Details here β https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html
π15π2
β‘ New Android exploit βPixnappingβ steals 2FA codes via GPU side-channels.
β No special permissions
β Works across apps (Maps, Authenticator, etc.)
β Full 2FA capture in ~30s
Read the full story β https://thehackernews.com/2025/10/new-pixnapping-android-flaw-lets-rogue.html
β No special permissions
β Works across apps (Maps, Authenticator, etc.)
β Full 2FA capture in ~30s
Read the full story β https://thehackernews.com/2025/10/new-pixnapping-android-flaw-lets-rogue.html
π±21π5π3π€2β‘1
𧩠AMDβs βsecureβ virtualization can be broken with a single memory write.
A new flaw, RMPocalypse (CVE-2025-0033), lets attackers corrupt the Reverse Map Table and steal data from virtual machines β all through one 8-byte overwrite.
Read the details β https://thehackernews.com/2025/10/rmpocalypse-single-8-byte-write.html
A new flaw, RMPocalypse (CVE-2025-0033), lets attackers corrupt the Reverse Map Table and steal data from virtual machines β all through one 8-byte overwrite.
Read the details β https://thehackernews.com/2025/10/rmpocalypse-single-8-byte-write.html
π11π€7β‘1
π€ AI lets attackers map your environment before sending a payload.
No exploits needed β your JS, APIs, and error logs are enough. Harmless data is now reconnaissance fuel.
See how it changes defense strategy β https://thehackernews.com/2025/10/what-ai-reveals-about-web-applications.html
No exploits needed β your JS, APIs, and error logs are enough. Harmless data is now reconnaissance fuel.
See how it changes defense strategy β https://thehackernews.com/2025/10/what-ai-reveals-about-web-applications.html
π7π±5
π¨Billions lost. Operations frozen. Ransomware in 2025 is faster, smarter, and nearly unstoppable.
LockBit, Lazarus, and FunkLocker are already inside corporate networks worldwide.
Help your SOC detect threats early and respond with confidence β¬οΈ https://thn.news/enterprise-defense
LockBit, Lazarus, and FunkLocker are already inside corporate networks worldwide.
Help your SOC detect threats early and respond with confidence β¬οΈ https://thn.news/enterprise-defense
π9π₯7π2
β οΈ Security training β security.
Training teaches people to see risk β threat hunting proves whether it still exists. Real security starts before the first alert.
π Donβt just educate. Learn how to validate β https://thehackernews.com/2025/10/moving-beyond-awareness-how-threat.html
Training teaches people to see risk β threat hunting proves whether it still exists. Real security starts before the first alert.
π Donβt just educate. Learn how to validate β https://thehackernews.com/2025/10/moving-beyond-awareness-how-threat.html
π9π₯2
π¨ A Chinese APT hid inside ArcGIS for over a year.
They turned a legit Java extension into a web shell.
π Added a hardcoded key β exclusive access
πΎ Hid it in backups β survived restores
Thatβs what βliving off the landβ really means β https://thehackernews.com/2025/10/chinese-hackers-exploit-arcgis-server.html
They turned a legit Java extension into a web shell.
π Added a hardcoded key β exclusive access
πΎ Hid it in backups β survived restores
Thatβs what βliving off the landβ really means β https://thehackernews.com/2025/10/chinese-hackers-exploit-arcgis-server.html
π₯22π€―8π1
β οΈ Heads-up! SAP just re-patched a critical CVSS 10.0 flaw (CVE-2025-42944) in NetWeaver AS Java β a deserialization bug that lets attackers execute commands without authentication.
Apply. The. Fix. β https://thehackernews.com/2025/10/new-sap-netweaver-bug-lets-attackers.html
Apply. The. Fix. β https://thehackernews.com/2025/10/new-sap-netweaver-bug-lets-attackers.html
π₯13π€―2
πͺ A cookie that spawns a shell π
A critical flaw (CVE-2025-2611, CVSS 9.3) in ICTBroadcast autodialer software is under active exploitation.
Attackers inject commands via the BROADCAST session cookie for unauthenticated remote code execution.
No patch yet β check your stack β https://thehackernews.com/2025/10/hackers-target-ictbroadcast-servers-via.html
~200 servers are exposed.
A critical flaw (CVE-2025-2611, CVSS 9.3) in ICTBroadcast autodialer software is under active exploitation.
Attackers inject commands via the BROADCAST session cookie for unauthenticated remote code execution.
No patch yet β check your stack β https://thehackernews.com/2025/10/hackers-target-ictbroadcast-servers-via.html
~200 servers are exposed.
π15π₯7π1
π₯ Agentic AI isnβt just automatingβitβs thinking and acting.
Zscalerβs CEO says itβs a bigger shift than cloud or IoT.
The upside? Faster support and instant threat response.
The risk? Rogue AIs scanning your network right now.
Learn why Zero Trust isnβt optional anymore β https://thehackernews.com/videos/2025/10/exploring-agentic-ai-innovation-meets.html
Zscalerβs CEO says itβs a bigger shift than cloud or IoT.
The upside? Faster support and instant threat response.
The risk? Rogue AIs scanning your network right now.
Learn why Zero Trust isnβt optional anymore β https://thehackernews.com/videos/2025/10/exploring-agentic-ai-innovation-meets.html
π11π€2
βοΈ If you run industrial gear β check your Red Lion RTUs.
Two CVEs (both 10/10) let anyone pop root via one open port. Water, energy, transport β all at risk.
Patch ASAP. Details here β https://thehackernews.com/2025/10/two-cvss-100-bugs-in-red-lion-rtus.html
Two CVEs (both 10/10) let anyone pop root via one open port. Water, energy, transport β all at risk.
Patch ASAP. Details here β https://thehackernews.com/2025/10/two-cvss-100-bugs-in-red-lion-rtus.html
π11π2