π₯ Researchers just broke Intel & AMDβs newest βsecureβ enclaves β again.
A sub-$1K hardware rig can steal attestation keys from fully patched systems running SGX, TDX, and SEV-SNP with Ciphertext Hiding.
Even constant-time crypto and DDR5 encryption couldnβt stop it.
Learn how TEE-Fail cracks open AI and confidential VMs β https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html
A sub-$1K hardware rig can steal attestation keys from fully patched systems running SGX, TDX, and SEV-SNP with Ciphertext Hiding.
Even constant-time crypto and DDR5 encryption couldnβt stop it.
Learn how TEE-Fail cracks open AI and confidential VMs β https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html
π11π6π€―2
π¨ CISA confirmed ACTIVE exploitation of new flaws in Dassault SystΓ¨mesβ DELMIA Apriso and XWiki.
One lets any guest run code.
Another gives full admin access.
Hackers are already dropping crypto miners.
Agencies have until Nov 18 to patch β https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html
One lets any guest run code.
Another gives full admin access.
Hackers are already dropping crypto miners.
Agencies have until Nov 18 to patch β https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html
π₯4π3
π¨ 10 fake npm packages (~9.9K installs) hid a cross-platform info stealer.
It spawns a fake terminal, pulls a 24 MB payload from 195.133.79[.]43, and drains keyrings β not just browser creds.
Instant access to email, cloud, VPNs, and prod DBs.
Read details β https://thehackernews.com/2025/10/10-npm-packages-caught-stealing.html
It spawns a fake terminal, pulls a 24 MB payload from 195.133.79[.]43, and drains keyrings β not just browser creds.
Instant access to email, cloud, VPNs, and prod DBs.
Read details β https://thehackernews.com/2025/10/10-npm-packages-caught-stealing.html
π€―10π5π1
π¨ Russian hackers breached Ukrainian networks β no malware needed.
They hijacked Windows tools (PowerShell, RDPClip, OpenSSH) to steal data and stay hidden for months.
Real fileless persistence β living in memory, invisible to AV.
Learn how they did it & how to detect it β https://thehackernews.com/2025/10/russian-hackers-target-ukrainian.html
They hijacked Windows tools (PowerShell, RDPClip, OpenSSH) to steal data and stay hidden for months.
Real fileless persistence β living in memory, invisible to AV.
Learn how they did it & how to detect it β https://thehackernews.com/2025/10/russian-hackers-target-ukrainian.html
π€―18π₯8π7π1
π΄ The next big breach wonβt start with a stolen password.
Itβll come from your own AI.
Agentic AIs are the new βconfused deputiesβ β doing what attackers tell them, with the access you gave them.
The scariest part? You trained the threat β https://thehackernews.com/2025/10/preparing-for-digital-battlefield-of.html
Itβll come from your own AI.
Agentic AIs are the new βconfused deputiesβ β doing what attackers tell them, with the access you gave them.
The scariest part? You trained the threat β https://thehackernews.com/2025/10/preparing-for-digital-battlefield-of.html
π€―6π5π3π₯1
β‘ Your AI-driven compliance might already be non-compliant.
Regulators arenβt ready β but you can be.
Join the live session Nov 3 to uncover hidden risks and real fixes.
Register free β https://thehackernews.com/2025/10/discover-practical-ai-tactics-for-grc.html
Regulators arenβt ready β but you can be.
Join the live session Nov 3 to uncover hidden risks and real fixes.
Register free β https://thehackernews.com/2025/10/discover-practical-ai-tactics-for-grc.html
π8
β οΈ AI browsers like ChatGPT Atlas and Perplexity Comet can be tricked into using fake data.
A new exploit β βAI-targeted cloakingβ β lets attackers show one version of a page to humans and another to AI crawlers.
Same old SEO trick.
New weapon: misinformation at scale.
Read how it works β https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html
A new exploit β βAI-targeted cloakingβ β lets attackers show one version of a page to humans and another to AI crawlers.
Same old SEO trick.
New weapon: misinformation at scale.
Read how it works β https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html
π14π1
π¨ PHP servers are under attack.
Mirai, Mozi, and Gafgyt botnets are exploiting old CVEs to hijack WordPress and Craft CMS sites.
Some break-ins start from leftover PhpStorm debug sessions still running in production.
Check if yours is exposed β https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html
Mirai, Mozi, and Gafgyt botnets are exploiting old CVEs to hijack WordPress and Craft CMS sites.
Some break-ins start from leftover PhpStorm debug sessions still running in production.
Check if yours is exposed β https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html
π9π₯2π2π1
π¨ PhantomRaven hit the npm registry β 126 malicious packages, 86K+ installs, stealing npm tokens, GitHub creds, and CI/CD secrets.
They hide malware in remote dynamic dependencies that show 0 deps, so scanners miss them.
Details β https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html
They hide malware in remote dynamic dependencies that show 0 deps, so scanners miss them.
Details β https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html
π€―10π₯3π1
β‘ Cybercrime just got quieter, cheaper, and a lot more precise.
π₯ DNS flaws exploited
π₯ Rust binaries hiding payloads
π₯ Supply-chain heists rising
π₯ New RATs everywhere
Your weekly ThreatsDay recap has it all β https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html
π₯ DNS flaws exploited
π₯ Rust binaries hiding payloads
π₯ Supply-chain heists rising
π₯ New RATs everywhere
Your weekly ThreatsDay recap has it all β https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html
π10π4π2β‘1π₯1
π¨ A single line of JavaScript can crash any Chromium browser.
Researcher Jose Pino calls it Brash β it abuses how document.title handles rapid updates.
24 million title changes per second = instant crash.
Still unpatched. Details β https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html
Researcher Jose Pino calls it Brash β it abuses how document.title handles rapid updates.
24 million title changes per second = instant crash.
Still unpatched. Details β https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html
π₯8π7π€―7
β οΈ βPatch everythingβ is dead.
At the BAS Summit, CISOs said it straight β not every vuln matters, only the exploitable ones do.
Breach simulation shows where you bleed, not where scanners scream.
Proof beats panic. Read how BAS powers real defense β https://thehackernews.com/2025/10/the-death-of-security-checkbox-bas-is.html
At the BAS Summit, CISOs said it straight β not every vuln matters, only the exploitable ones do.
Breach simulation shows where you bleed, not where scanners scream.
Proof beats panic. Read how BAS powers real defense β https://thehackernews.com/2025/10/the-death-of-security-checkbox-bas-is.html
π₯3
π₯ A tool built for defenders is now arming attackers.
AdaptixC2 β an open-source C2 in Golang β was made for red teams.
Now, Russian ransomware gangs use it in fake Microsoft Teams help-desk scams.
Details β https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html
AdaptixC2 β an open-source C2 in Golang β was made for red teams.
Now, Russian ransomware gangs use it in fake Microsoft Teams help-desk scams.
Details β https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html
π€―7π€4π₯2
π Google says it blocks over 10 billion scam calls and messages every month.
But scammers have adapted β theyβve gone social.
Now they send fake job offers in group chats, even adding fake βfriendsβ to make it look real.
The new scam tactic most experts overlooked β https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html
But scammers have adapted β theyβve gone social.
Now they send fake job offers in group chats, even adding fake βfriendsβ to make it look real.
The new scam tactic most experts overlooked β https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html
π20π€11π4π₯2
CISA added a new VMware zero-day to its KEV list.
CVE-2025-41244 (CVSS 7.8) lets local users on VMs with VMware Tools + Aria Operations gain root access.
Exploited since Oct 2024 by China-linked UNC5174.
Patch released last month β https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html
CVE-2025-41244 (CVSS 7.8) lets local users on VMs with VMware Tools + Aria Operations gain root access.
Exploited since Oct 2024 by China-linked UNC5174.
Patch released last month β https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html
π9π2
Developers accidentally leaked VS Code tokens β letting attackers publish fake extensions.
Eclipse has revoked the tokens and added new safeguards after a campaign dubbed βGlassWorm.β
Read β https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html
Eclipse has revoked the tokens and added new safeguards after a campaign dubbed βGlassWorm.β
Read β https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html
π₯7π5π1
A Mac app just bypassed macOS permission checks β silently turning on the mic and camera.
ThreatLockerβs new Device Access Control (DAC) for macOS, now in Beta, flags hidden risks like unencrypted drives, SMBv1, and weak sharing settings β before attackers can exploit them.
Learn more β https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html
ThreatLockerβs new Device Access Control (DAC) for macOS, now in Beta, flags hidden risks like unencrypted drives, SMBv1, and weak sharing settings β before attackers can exploit them.
Learn more β https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html
π₯10π6
CISA and NSA just issued a warning:
Exchange servers are still getting hacked. Now a new WSUS flaw (CVE-2025-59287) lets attackers run code remotely.
Even patched systems arenβt fully safe.
If you manage Exchange or WSUS, read this β https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html
Exchange servers are still getting hacked. Now a new WSUS flaw (CVE-2025-59287) lets attackers run code remotely.
Even patched systems arenβt fully safe.
If you manage Exchange or WSUS, read this β https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html
β‘14π±3π1
Most MSPs are walking straight into a trap.
Clients now expect enterprise-level cybersecurity β but many providers are still selling basic IT support.
The result? Lost clients, slower growth, and higher risk exposure.
Is your MSP ready to lead with security? β https://thehackernews.com/2025/10/the-msp-cybersecurity-readiness-guide.html
Clients now expect enterprise-level cybersecurity β but many providers are still selling basic IT support.
The result? Lost clients, slower growth, and higher risk exposure.
Is your MSP ready to lead with security? β https://thehackernews.com/2025/10/the-msp-cybersecurity-readiness-guide.html
π7
β οΈ Chinese hackers are exploiting a critical 9.3 CVE (CVE-2025-61932) in Motex Lanscope Endpoint Manager.
It lets them run SYSTEM-level commands and plant a Gokcpdoor backdoor with new multiplexed C2 channels.
Active attacks confirmed β https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html
It lets them run SYSTEM-level commands and plant a Gokcpdoor backdoor with new multiplexed C2 channels.
Active attacks confirmed β https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html
π15π±4β‘1