🚨 Developers, check your NuGet packages.

A fake NuGet package “Netherеum.All” — spelled with a Cyrillic ‘e’ — was stealing wallet keys from Ethereum .NET projects.

It even faked 11.7M downloads to look real.

Full story ↓ https://thehackernews.com/2025/10/fake-nethereum-nuget-package-used.html

🔴 A fake “Zoom meeting” from Ukraine’s President’s Office just hacked aid workers. The CAPTCHA wasn’t real — it opened a live remote shell through WebSocket.

A one-day domain. Six months of setup. Russian servers behind it.

The trojan’s still active ↓ https://thehackernews.com/2025/10/ukraine-aid-groups-targeted-through.html

⚠️ An Iranian hacking group used a real email account to plant a new backdoor in 100+ Middle East government networks.

They sent it through real diplomatic inboxes — and it worked.

Read ↓ https://thehackernews.com/2025/10/iran-linked-muddywater-targets-100.html

🚨 CISA just warned about a critical bug in Motex Lanscope (CVE-2025-61932).

Hackers can take control of systems by sending one malicious packet.

It’s already being used in real attacks.

Fix it before Nov 12 ↓ https://thehackernews.com/2025/10/critical-lanscope-endpoint-manager-bug.html

🚨 New Adobe Commerce flaw (CVE-2025-54236, CVSS 9.1) under active attack.

Over 250 exploit attempts in 24 hours—mostly on unpatched Magento sites.

PoC is public. Patch now.

Details → https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html

🎁 Hackers found a new jackpot — cloud gift cards.

A group called Jingle Thief broke into retail cloud systems and quietly issued fake gift cards for months, hiding inside Microsoft 365 accounts.

Full story ↓ https://thehackernews.com/2025/10/jingle-thief-hackers-exploit-cloud.html

In this 20-minute session, learn how to harden your images, secure dependencies, and lock down your CI/CD pipeline against real-world supply chain attacks.

📅 Tuesday, Oct 28 | 8 AM PST | 11 AM EST

🎥 Register Now ↓ https://thn.news/secure-stack-webinar

🚨 Static secrets are fading fast.

Teams using managed identities cut 95% of credential hassle—yet hidden API keys still lurk in legacy systems.

The fix? Run NHI discovery to find every key, then migrate 70–80% to managed identities.

Your roadmap ↓ https://thehackernews.com/2025/10/why-organizations-are-abandoning-static.html

From crypto fines to malware & data leaks — the week’s biggest cyber hits:

🇨🇦 Cryptomus fined $176M
🛰️ Starlink scam crackdown
🤖 AI vuln in Oat++ MCP
📧 Tykit phishing campaign

.... 15+ more important news stories.

Read the latest #ThreatsDay Bulletin 👇 https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html

📢 WEBINAR ALERT!

You can’t secure what you can’t see. AI agents are spreading fast — unseen, unmanaged & risky.

Join this free #cybersecurity session to learn how leading security teams are regaining control & speed.

🗓️ 27 Oct, 2025

🔗 Watch This ↓ https://thehackernews.com/2025/10/secure-ai-at-scale-and-speed-learn.html

North Korean hackers are posing as recruiters—again.

This time, they’re stealing drone tech from Europe’s defense firms.

The trap? A fake job PDF hiding a remote access tool.

It’s been active—undetected—since March.

Read → https://thehackernews.com/2025/10/north-korean-hackers-lure-defense.html

🚨 GlassWorm hits VS Code extensions — 14 infected builds, ~35K installs since Oct 17 2025.

It steals dev creds, drains crypto wallets, turns machines into bots — and auto-updates itself.

Read ↓ https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html

🚨 Hackers turned YouTube into a malware factory. Over 3,000 fake “tutorials” hide stealers like Lumma and Rhadamanthys.

They hijack real channels — likes, comments, and all — to look legit.

Even that “Photoshop crack” or “Roblox cheat” video could infect you.

Read here ↓ https://thehackernews.com/2025/10/3000-youtube-videos-exposed-as-malware.html

Your SOC passed every test.
But your people? Failed the real one.

Modern AEV tools prove your defenses work —
until humans enter the equation.

The next frontier of validation isn’t technical.
It’s behavioral ↓ https://thehackernews.com/expert-insights/2025/10/beyond-tools-why-testing-human.html

🚨 A bug in the FIA driver portal exposed Formula 1 drivers’ personal data — including passports and licenses.

Anyone could become an “admin” with a single API request.

The flaw is now fixed — but it was open for days ↓ https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html#admin-bug-exposes-formula-1-driver-data

India’s BOSS Linux systems are under silent attack.

A Pakistan-linked group just dropped a new Golang RAT — DeskRAT — hidden inside fake government PDFs.

It sticks around with 4 persistence tricks and steals files through WebSockets.

Read ↓ https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html

Microsoft just patched a critical WSUS flaw (CVE-2025-59287) — and attackers are already using it.

One crafted request = full SYSTEM control.

The twist? It comes from BinaryFormatter — the same tool Microsoft killed off last year.

Patch now ↓ https://thehackernews.com/2025/10/microsoft-issues-emergency-patch-for.html

🚨 194,000 fake sites. $1B stolen.

The Smishing Triad is posing as USPS, banks, and toll services — all hosted on U.S. clouds to stay invisible.

Next target: brokerage accounts.

Full report ↓ https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html

⚡ OpenAI’s new ChatGPT Atlas browser can be hijacked by a fake URL.

A prompt injection disguised as a normal link tricks the omnibox into running hidden commands.

One click, and your AI agent takes orders from attackers.

Read here ↓ https://thehackernews.com/2025/10/chatgpt-atlas-browser-can-be-tricked-by.html

Qilin ransomware just got smarter.

It’s hitting Windows and Linux together, wiping Veeam backups, and using a vulnerable driver to shut down security tools — all in one strike.

Over 100 victims in June alone.

Full story ↓ https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html