π¨ 194,000 fake sites. $1B stolen.
The Smishing Triad is posing as USPS, banks, and toll services β all hosted on U.S. clouds to stay invisible.
Next target: brokerage accounts.
Full report β https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html
The Smishing Triad is posing as USPS, banks, and toll services β all hosted on U.S. clouds to stay invisible.
Next target: brokerage accounts.
Full report β https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html
π15π±4π₯1
β‘ OpenAIβs new ChatGPT Atlas browser can be hijacked by a fake URL.
A prompt injection disguised as a normal link tricks the omnibox into running hidden commands.
One click, and your AI agent takes orders from attackers.
Read here β https://thehackernews.com/2025/10/chatgpt-atlas-browser-can-be-tricked-by.html
A prompt injection disguised as a normal link tricks the omnibox into running hidden commands.
One click, and your AI agent takes orders from attackers.
Read here β https://thehackernews.com/2025/10/chatgpt-atlas-browser-can-be-tricked-by.html
π±21π13β‘4π₯4
Qilin ransomware just got smarter.
Itβs hitting Windows and Linux together, wiping Veeam backups, and using a vulnerable driver to shut down security tools β all in one strike.
Over 100 victims in June alone.
Full story β https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html
Itβs hitting Windows and Linux together, wiping Veeam backups, and using a vulnerable driver to shut down security tools β all in one strike.
Over 100 victims in June alone.
Full story β https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html
π₯15π±5π€―2π1
CISOs planning 2026 budgets are rethinking priorities.
Data visibility & DSPM are moving from βnice-to-haveβ to the foundation for risk reduction, faster audits & ROI.
Read: Why Data Visibility Belongs in Your 2026 Cybersecurity Budget π https://thn.news/security-priority-guide
Data visibility & DSPM are moving from βnice-to-haveβ to the foundation for risk reduction, faster audits & ROI.
Read: Why Data Visibility Belongs in Your 2026 Cybersecurity Budget π https://thn.news/security-priority-guide
π₯9π2
π₯ The week in cyber: patches werenβt fast enough, trust wasnβt enough, and attackers werenβt waiting.
β WSUS exploited
β LockBit 5.0 returns
β Telegram backdoor
β F5 breach deepens
β YouTube malware surge
β MuddyWater spying
β Lazarus fake jobs
β CoPhish OAuth attack
β Russia bug law
β UN cyber treaty
β‘ Read the recap: https://thehackernews.com/2025/10/weekly-recap-wsus-exploited-lockbit-50.html
β WSUS exploited
β LockBit 5.0 returns
β Telegram backdoor
β F5 breach deepens
β YouTube malware surge
β MuddyWater spying
β Lazarus fake jobs
β CoPhish OAuth attack
β Russia bug law
β UN cyber treaty
β‘ Read the recap: https://thehackernews.com/2025/10/weekly-recap-wsus-exploited-lockbit-50.html
π₯10π€3
π¨ New exploit targets ChatGPT Atlas AI browser.
Researchers at LayerX found a CSRF flaw that lets attackers inject code into its persistent memory, surviving across browsers, sessions, and devices.
Once infected, even a normal chat can silently execute hidden commands.
Full report β https://thehackernews.com/2025/10/new-chatgpt-atlas-browser-exploit-lets.html
Researchers at LayerX found a CSRF flaw that lets attackers inject code into its persistent memory, surviving across browsers, sessions, and devices.
Once infected, even a normal chat can silently execute hidden commands.
Full report β https://thehackernews.com/2025/10/new-chatgpt-atlas-browser-exploit-lets.html
π13π₯8π±1
β οΈ WARNING: X users with security keys (like YubiKeys) must re-enroll 2FA by Nov 10, 2025 β or get locked out.
The update moves keys from twitter[.]com to x[.]com as Twitterβs domain is retired.
Details β https://thehackernews.com/2025/10/x-warns-users-with-security-keys-to-re.html
The update moves keys from twitter[.]com to x[.]com as Twitterβs domain is retired.
Details β https://thehackernews.com/2025/10/x-warns-users-with-security-keys-to-re.html
π11π€4
β‘ Security and speed shouldnβt be enemies.
But when AI agents multiply faster than controls can keep up, most orgs fall into firefighting mode.
Join our live session to see how forward-thinking teams are:
β Governing thousands of AI agents automatically
β Embedding security guardrails that scale
β Shipping AI features faster β and safer
Live webinar: Learn how to scale AI securely, without compromise β https://thehacker.news/securing-ai-adoption
But when AI agents multiply faster than controls can keep up, most orgs fall into firefighting mode.
Join our live session to see how forward-thinking teams are:
β Governing thousands of AI agents automatically
β Embedding security guardrails that scale
β Shipping AI features faster β and safer
Live webinar: Learn how to scale AI securely, without compromise β https://thehacker.news/securing-ai-adoption