⚠️ Security training ≠ security.

Training teaches people to see risk — threat hunting proves whether it still exists. Real security starts before the first alert.

🔍 Don’t just educate. Learn how to validate ↓ https://thehackernews.com/2025/10/moving-beyond-awareness-how-threat.html

🚨 A Chinese APT hid inside ArcGIS for over a year.

They turned a legit Java extension into a web shell.

🔑 Added a hardcoded key → exclusive access
💾 Hid it in backups → survived restores

That’s what “living off the land” really means ↓ https://thehackernews.com/2025/10/chinese-hackers-exploit-arcgis-server.html

⚠️ Heads-up! SAP just re-patched a critical CVSS 10.0 flaw (CVE-2025-42944) in NetWeaver AS Java — a deserialization bug that lets attackers execute commands without authentication.

Apply. The. Fix. → https://thehackernews.com/2025/10/new-sap-netweaver-bug-lets-attackers.html

🍪 A cookie that spawns a shell 💀

A critical flaw (CVE-2025-2611, CVSS 9.3) in ICTBroadcast autodialer software is under active exploitation.

Attackers inject commands via the BROADCAST session cookie for unauthenticated remote code execution.

No patch yet — check your stack → https://thehackernews.com/2025/10/hackers-target-ictbroadcast-servers-via.html

~200 servers are exposed.

🔥 Agentic AI isn’t just automating—it’s thinking and acting.

Zscaler’s CEO says it’s a bigger shift than cloud or IoT.

The upside? Faster support and instant threat response.
The risk? Rogue AIs scanning your network right now.

Learn why Zero Trust isn’t optional anymore → https://thehackernews.com/videos/2025/10/exploring-agentic-ai-innovation-meets.html

⚙️ If you run industrial gear — check your Red Lion RTUs.

Two CVEs (both 10/10) let anyone pop root via one open port. Water, energy, transport — all at risk.

Patch ASAP. Details here → https://thehackernews.com/2025/10/two-cvss-100-bugs-in-red-lion-rtus.html

🔴 Microsoft just dropped fixes for 183 security flaws.

3 are already being exploited — including one buried in every Windows PC since XP.

...and at the same time, it is ending Windows 10 support (unless you pay).

Details + patch info ↓ https://thehackernews.com/2025/10/two-new-windows-zero-days-exploited-in.html

🔥 New free playbook from Pillar Security : a hands-on framework for red-teaming agentic AI systems.

Covers the AI Kill Chain, context engineering, and the CFS model for crafting and testing realistic attack simulations.

🔗 No sign-up required: https://thn.news/agentic-defend

🚨 Over 100 VS Code extensions leaked access tokens — letting attackers push malicious updates to 150,000+ installs.

A single exposed key could’ve weaponized the software supply chain.

Full story ↓ https://thehackernews.com/2025/10/over-100-vs-code-extensions-exposed.html

👀 F5 just confirmed a nation-state breach that went undetected for months.

Hackers stole BIG-IP source code and data on undisclosed vulnerabilities.

Full story ↓ https://thehackernews.com/2025/10/f5-breach-exposes-big-ip-source-code.html

🚨 China-linked “Jewelbug” hackers quietly lived inside a Russian IT provider for 5 months.

They used Microsoft’s own debugger to slip past defenses — and exfiltrated data to Yandex Cloud.

Full story ↓ https://thehackernews.com/2025/10/chinese-threat-group-jewelbug-quietly.html

🚨 CISA just flagged a 10.0-severity flaw in Adobe Experience Manager.

A single debug page can open the door to remote code execution — no login required.

Attackers are already exploiting it, and many orgs still haven’t patched.

Details ↓ https://thehackernews.com/2025/10/cisa-flags-adobe-aem-flaw-with-perfect.html

This week in ThreatsDay:

⚡ $15B crypto empire seized
🔭 Satellites leaking private calls
💬 MFA phishing kits evolving fast
📡 Cloud tools turned into covert C2

Read the full bulletin → https://thehackernews.com/2025/10/threatsday-bulletin-15b-crypto-bust.html

🔐 Pen tests are meant to protect you. But the classic approach might be costing 💸 you instead.

Admin overheads. Scope creep. Endless retests.

Here’s why traditional pen testing drains time and budget — and how PTaaS fixes it ↓ https://thehackernews.com/2025/10/beware-hidden-costs-of-pen-testing.html

🚨 Hackers just turned a Cisco zero-day (CVE-2025-20352) into a Linux rootkit dropper—hitting routers before the patch dropped.

The backdoor’s universal password was “disco.”

Learn more about the Operation Zero Disco ↓ https://thehackernews.com/2025/10/hackers-deploy-linux-rootkits-via-cisco.html

Security teams are overwhelmed — 960+ alerts a day, and 40% go unchecked.

The real danger? Some of those missed alerts are actual breaches.

AI-SOCs promise to handle every alert automatically — but not all AI delivers.

Here’s how to tell what’s real vs. hype ↓ https://thehackernews.com/2025/10/architectures-risks-and-adoption-how-to.html

Researchers uncovered "LinkPro," a Golang-based Linux rootkit that uses eBPF to hide processes and activate remotely via a secret “magic packet.”

It spread through a malicious Docker image deployed on vulnerable Jenkins servers.

Full report ↓ https://thehackernews.com/2025/10/linkpro-linux-rootkit-uses-ebpf-to-hide.html

🔴 Hackers are hiding malware inside blockchain smart contracts.

They’re pushing stealers like Atomic & Lumma from hacked WordPress sites — updating payloads without ever touching them.

Google found 14,000+ infected pages.

Details here → https://thehackernews.com/2025/10/hackers-abuse-blockchain-smart.html

⚡ North Korean hackers just used the blockchain to hide malware — the first time ever seen.

Google says they used EtherHiding to plant code inside smart contracts, making it nearly impossible to remove and easy to update for just $1.37 in gas fees.

Full story ↓ https://thehackernews.com/2025/10/north-korean-hackers-use-etherhiding-to.html

Get an inside look at Georgetown's Cybersecurity Master's program. Register for the virtual sample class on October 29.

Attend here → https://thn.news/georgetown-cyber-class