CISOs planning 2026 budgets are rethinking priorities.

Data visibility & DSPM are moving from “nice-to-have” to the foundation for risk reduction, faster audits & ROI.

Read: Why Data Visibility Belongs in Your 2026 Cybersecurity Budget 👇 https://thn.news/security-priority-guide

🔥 The week in cyber: patches weren’t fast enough, trust wasn’t enough, and attackers weren’t waiting.

→ WSUS exploited
→ LockBit 5.0 returns
→ Telegram backdoor
→ F5 breach deepens
→ YouTube malware surge
→ MuddyWater spying
→ Lazarus fake jobs
→ CoPhish OAuth attack
→ Russia bug law
→ UN cyber treaty

⚡ Read the recap: https://thehackernews.com/2025/10/weekly-recap-wsus-exploited-lockbit-50.html

🚨 New exploit targets ChatGPT Atlas AI browser.

Researchers at LayerX found a CSRF flaw that lets attackers inject code into its persistent memory, surviving across browsers, sessions, and devices.

Once infected, even a normal chat can silently execute hidden commands.

Full report ↓ https://thehackernews.com/2025/10/new-chatgpt-atlas-browser-exploit-lets.html

⚠️ WARNING: X users with security keys (like YubiKeys) must re-enroll 2FA by Nov 10, 2025 — or get locked out.

The update moves keys from twitter[.]com to x[.]com as Twitter’s domain is retired.

Details ↓ https://thehackernews.com/2025/10/x-warns-users-with-security-keys-to-re.html

⚡ Security and speed shouldn’t be enemies.

But when AI agents multiply faster than controls can keep up, most orgs fall into firefighting mode.

Join our live session to see how forward-thinking teams are:

✅ Governing thousands of AI agents automatically
✅ Embedding security guardrails that scale
✅ Shipping AI features faster — and safer

Live webinar: Learn how to scale AI securely, without compromise → https://thehacker.news/securing-ai-adoption

⚠️ SideWinder hackers strike again.

A European embassy in New Delhi was hit using fake Adobe Reader updates and signed apps to sneak in StealerBot malware — stealing passwords, screenshots, and files.

Other targets: Sri Lanka, Pakistan, and Bangladesh.

Full report ↓ https://thehackernews.com/2025/10/sidewinder-adopts-new-clickonce-based.html

⚠️ ALERT: A Chrome zero-day (CVE-2025-2783) was exploited to deliver spyware built by Memento Labs — the firm behind past government surveillance tools.

One click in Chromium = full sandbox escape.

Read this → https://thehackernews.com/2025/10/chrome-zero-day-exploited-to-deliver.html

Google Workspace isn’t secure by default.

Many startups operate with open sharing, broad app access, and limited oversight.

The risk? It often looks completely normal.

See how lean teams are locking it down → https://thehackernews.com/2025/10/is-your-google-workspace-as-secure-as.html

AI-driven attacks move faster than humans can react.

The real risk? Teams flying blind.

ANYRUN flips the script — predicting attacks before they strike. 99% unique IOCs. Zero lag. Full context.

Early detection turns panic into power → https://thehackernews.com/2025/10/why-early-threat-detection-is-must-for.html

🚨 North Korea–linked BlueNoroff is running two active campaigns — GhostCall & GhostHire — into 2025.

GhostCall fakes Zoom/Teams meetings to drop malware via bogus SDK “updates.”

GhostHire targets Web3 devs on Telegram with booby-trapped GitHub tests.

Full report ↓ https://thehackernews.com/2025/10/researchers-expose-ghostcall-and.html

🚨 New Android Trojan ‘Herodotus’ is on the move.

It’s hitting phones in 🇮🇹 Italy & 🇧🇷 Brazil — stealing 2FA codes, logins, even lock PINs — and typing like a human to slip past fraud detection.

🔗 Read full report → https://thehackernews.com/2025/10/new-android-trojan-herodotus-outsmarts.html

🔥 Researchers just broke Intel & AMD’s newest “secure” enclaves — again.

A sub-$1K hardware rig can steal attestation keys from fully patched systems running SGX, TDX, and SEV-SNP with Ciphertext Hiding.

Even constant-time crypto and DDR5 encryption couldn’t stop it.

Learn how TEE-Fail cracks open AI and confidential VMs ↓ https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html

🚨 CISA confirmed ACTIVE exploitation of new flaws in Dassault Systèmes’ DELMIA Apriso and XWiki.

One lets any guest run code.
Another gives full admin access.
Hackers are already dropping crypto miners.

Agencies have until Nov 18 to patch ↓ https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html

🚨 10 fake npm packages (~9.9K installs) hid a cross-platform info stealer.

It spawns a fake terminal, pulls a 24 MB payload from 195.133.79[.]43, and drains keyrings — not just browser creds.

Instant access to email, cloud, VPNs, and prod DBs.

Read details ↓ https://thehackernews.com/2025/10/10-npm-packages-caught-stealing.html

🚨 Russian hackers breached Ukrainian networks — no malware needed.

They hijacked Windows tools (PowerShell, RDPClip, OpenSSH) to steal data and stay hidden for months.

Real fileless persistence — living in memory, invisible to AV.

Learn how they did it & how to detect it ↓ https://thehackernews.com/2025/10/russian-hackers-target-ukrainian.html

🔴 The next big breach won’t start with a stolen password.

It’ll come from your own AI.

Agentic AIs are the new “confused deputies” — doing what attackers tell them, with the access you gave them.

The scariest part? You trained the threat ↓ https://thehackernews.com/2025/10/preparing-for-digital-battlefield-of.html

⚡ Your AI-driven compliance might already be non-compliant.

Regulators aren’t ready — but you can be.

Join the live session Nov 3 to uncover hidden risks and real fixes.

Register free → https://thehackernews.com/2025/10/discover-practical-ai-tactics-for-grc.html

⚠️ AI browsers like ChatGPT Atlas and Perplexity Comet can be tricked into using fake data.

A new exploit — “AI-targeted cloaking” — lets attackers show one version of a page to humans and another to AI crawlers.

Same old SEO trick.
New weapon: misinformation at scale.

Read how it works ↓ https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html

🚨 PHP servers are under attack.

Mirai, Mozi, and Gafgyt botnets are exploiting old CVEs to hijack WordPress and Craft CMS sites.

Some break-ins start from leftover PhpStorm debug sessions still running in production.

Check if yours is exposed ↓ https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html