🚨 North Korea–linked BlueNoroff is running two active campaigns — GhostCall & GhostHire — into 2025.

GhostCall fakes Zoom/Teams meetings to drop malware via bogus SDK “updates.”

GhostHire targets Web3 devs on Telegram with booby-trapped GitHub tests.

Full report ↓ https://thehackernews.com/2025/10/researchers-expose-ghostcall-and.html

🚨 New Android Trojan ‘Herodotus’ is on the move.

It’s hitting phones in 🇮🇹 Italy & 🇧🇷 Brazil — stealing 2FA codes, logins, even lock PINs — and typing like a human to slip past fraud detection.

🔗 Read full report → https://thehackernews.com/2025/10/new-android-trojan-herodotus-outsmarts.html

🔥 Researchers just broke Intel & AMD’s newest “secure” enclaves — again.

A sub-$1K hardware rig can steal attestation keys from fully patched systems running SGX, TDX, and SEV-SNP with Ciphertext Hiding.

Even constant-time crypto and DDR5 encryption couldn’t stop it.

Learn how TEE-Fail cracks open AI and confidential VMs ↓ https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html

🚨 CISA confirmed ACTIVE exploitation of new flaws in Dassault Systèmes’ DELMIA Apriso and XWiki.

One lets any guest run code.
Another gives full admin access.
Hackers are already dropping crypto miners.

Agencies have until Nov 18 to patch ↓ https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html

🚨 10 fake npm packages (~9.9K installs) hid a cross-platform info stealer.

It spawns a fake terminal, pulls a 24 MB payload from 195.133.79[.]43, and drains keyrings — not just browser creds.

Instant access to email, cloud, VPNs, and prod DBs.

Read details ↓ https://thehackernews.com/2025/10/10-npm-packages-caught-stealing.html

🚨 Russian hackers breached Ukrainian networks — no malware needed.

They hijacked Windows tools (PowerShell, RDPClip, OpenSSH) to steal data and stay hidden for months.

Real fileless persistence — living in memory, invisible to AV.

Learn how they did it & how to detect it ↓ https://thehackernews.com/2025/10/russian-hackers-target-ukrainian.html

🔴 The next big breach won’t start with a stolen password.

It’ll come from your own AI.

Agentic AIs are the new “confused deputies” — doing what attackers tell them, with the access you gave them.

The scariest part? You trained the threat ↓ https://thehackernews.com/2025/10/preparing-for-digital-battlefield-of.html

⚡ Your AI-driven compliance might already be non-compliant.

Regulators aren’t ready — but you can be.

Join the live session Nov 3 to uncover hidden risks and real fixes.

Register free → https://thehackernews.com/2025/10/discover-practical-ai-tactics-for-grc.html

⚠️ AI browsers like ChatGPT Atlas and Perplexity Comet can be tricked into using fake data.

A new exploit — “AI-targeted cloaking” — lets attackers show one version of a page to humans and another to AI crawlers.

Same old SEO trick.
New weapon: misinformation at scale.

Read how it works ↓ https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html

🚨 PHP servers are under attack.

Mirai, Mozi, and Gafgyt botnets are exploiting old CVEs to hijack WordPress and Craft CMS sites.

Some break-ins start from leftover PhpStorm debug sessions still running in production.

Check if yours is exposed ↓ https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html