North Korean hackers are posing as recruiters—again.

This time, they’re stealing drone tech from Europe’s defense firms.

The trap? A fake job PDF hiding a remote access tool.

It’s been active—undetected—since March.

Read → https://thehackernews.com/2025/10/north-korean-hackers-lure-defense.html

🚨 GlassWorm hits VS Code extensions — 14 infected builds, ~35K installs since Oct 17 2025.

It steals dev creds, drains crypto wallets, turns machines into bots — and auto-updates itself.

Read ↓ https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html

🚨 Hackers turned YouTube into a malware factory. Over 3,000 fake “tutorials” hide stealers like Lumma and Rhadamanthys.

They hijack real channels — likes, comments, and all — to look legit.

Even that “Photoshop crack” or “Roblox cheat” video could infect you.

Read here ↓ https://thehackernews.com/2025/10/3000-youtube-videos-exposed-as-malware.html

Your SOC passed every test.
But your people? Failed the real one.

Modern AEV tools prove your defenses work —
until humans enter the equation.

The next frontier of validation isn’t technical.
It’s behavioral ↓ https://thehackernews.com/expert-insights/2025/10/beyond-tools-why-testing-human.html

🚨 A bug in the FIA driver portal exposed Formula 1 drivers’ personal data — including passports and licenses.

Anyone could become an “admin” with a single API request.

The flaw is now fixed — but it was open for days ↓ https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html#admin-bug-exposes-formula-1-driver-data

India’s BOSS Linux systems are under silent attack.

A Pakistan-linked group just dropped a new Golang RAT — DeskRAT — hidden inside fake government PDFs.

It sticks around with 4 persistence tricks and steals files through WebSockets.

Read ↓ https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html

Microsoft just patched a critical WSUS flaw (CVE-2025-59287) — and attackers are already using it.

One crafted request = full SYSTEM control.

The twist? It comes from BinaryFormatter — the same tool Microsoft killed off last year.

Patch now ↓ https://thehackernews.com/2025/10/microsoft-issues-emergency-patch-for.html

🚨 194,000 fake sites. $1B stolen.

The Smishing Triad is posing as USPS, banks, and toll services — all hosted on U.S. clouds to stay invisible.

Next target: brokerage accounts.

Full report ↓ https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html

⚡ OpenAI’s new ChatGPT Atlas browser can be hijacked by a fake URL.

A prompt injection disguised as a normal link tricks the omnibox into running hidden commands.

One click, and your AI agent takes orders from attackers.

Read here ↓ https://thehackernews.com/2025/10/chatgpt-atlas-browser-can-be-tricked-by.html

Qilin ransomware just got smarter.

It’s hitting Windows and Linux together, wiping Veeam backups, and using a vulnerable driver to shut down security tools — all in one strike.

Over 100 victims in June alone.

Full story ↓ https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html

CISOs planning 2026 budgets are rethinking priorities.

Data visibility & DSPM are moving from “nice-to-have” to the foundation for risk reduction, faster audits & ROI.

Read: Why Data Visibility Belongs in Your 2026 Cybersecurity Budget 👇 https://thn.news/security-priority-guide

🔥 The week in cyber: patches weren’t fast enough, trust wasn’t enough, and attackers weren’t waiting.

→ WSUS exploited
→ LockBit 5.0 returns
→ Telegram backdoor
→ F5 breach deepens
→ YouTube malware surge
→ MuddyWater spying
→ Lazarus fake jobs
→ CoPhish OAuth attack
→ Russia bug law
→ UN cyber treaty

⚡ Read the recap: https://thehackernews.com/2025/10/weekly-recap-wsus-exploited-lockbit-50.html

🚨 New exploit targets ChatGPT Atlas AI browser.

Researchers at LayerX found a CSRF flaw that lets attackers inject code into its persistent memory, surviving across browsers, sessions, and devices.

Once infected, even a normal chat can silently execute hidden commands.

Full report ↓ https://thehackernews.com/2025/10/new-chatgpt-atlas-browser-exploit-lets.html

⚠️ WARNING: X users with security keys (like YubiKeys) must re-enroll 2FA by Nov 10, 2025 — or get locked out.

The update moves keys from twitter[.]com to x[.]com as Twitter’s domain is retired.

Details ↓ https://thehackernews.com/2025/10/x-warns-users-with-security-keys-to-re.html

⚡ Security and speed shouldn’t be enemies.

But when AI agents multiply faster than controls can keep up, most orgs fall into firefighting mode.

Join our live session to see how forward-thinking teams are:

✅ Governing thousands of AI agents automatically
✅ Embedding security guardrails that scale
✅ Shipping AI features faster — and safer

Live webinar: Learn how to scale AI securely, without compromise → https://thehacker.news/securing-ai-adoption

⚠️ SideWinder hackers strike again.

A European embassy in New Delhi was hit using fake Adobe Reader updates and signed apps to sneak in StealerBot malware — stealing passwords, screenshots, and files.

Other targets: Sri Lanka, Pakistan, and Bangladesh.

Full report ↓ https://thehackernews.com/2025/10/sidewinder-adopts-new-clickonce-based.html

⚠️ ALERT: A Chrome zero-day (CVE-2025-2783) was exploited to deliver spyware built by Memento Labs — the firm behind past government surveillance tools.

One click in Chromium = full sandbox escape.

Read this → https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html

Google Workspace isn’t secure by default.

Many startups operate with open sharing, broad app access, and limited oversight.

The risk? It often looks completely normal.

See how lean teams are locking it down → https://thehackernews.com/2025/10/is-your-google-workspace-as-secure-as.html

AI-driven attacks move faster than humans can react.

The real risk? Teams flying blind.

ANYRUN flips the script — predicting attacks before they strike. 99% unique IOCs. Zero lag. Full context.

Early detection turns panic into power → https://thehackernews.com/2025/10/why-early-threat-detection-is-must-for.html

🚨 North Korea–linked BlueNoroff is running two active campaigns — GhostCall & GhostHire — into 2025.

GhostCall fakes Zoom/Teams meetings to drop malware via bogus SDK “updates.”

GhostHire targets Web3 devs on Telegram with booby-trapped GitHub tests.

Full report ↓ https://thehackernews.com/2025/10/researchers-expose-ghostcall-and.html

🚨 New Android Trojan ‘Herodotus’ is on the move.

It’s hitting phones in 🇮🇹 Italy & 🇧🇷 Brazil — stealing 2FA codes, logins, even lock PINs — and typing like a human to slip past fraud detection.

🔗 Read full report → https://thehackernews.com/2025/10/new-android-trojan-herodotus-outsmarts.html