π΄ The next big breach wonβt start with a stolen password.
Itβll come from your own AI.
Agentic AIs are the new βconfused deputiesβ β doing what attackers tell them, with the access you gave them.
The scariest part? You trained the threat β https://thehackernews.com/2025/10/preparing-for-digital-battlefield-of.html
Itβll come from your own AI.
Agentic AIs are the new βconfused deputiesβ β doing what attackers tell them, with the access you gave them.
The scariest part? You trained the threat β https://thehackernews.com/2025/10/preparing-for-digital-battlefield-of.html
π€―6π5π3π₯1
β‘ Your AI-driven compliance might already be non-compliant.
Regulators arenβt ready β but you can be.
Join the live session Nov 3 to uncover hidden risks and real fixes.
Register free β https://thehackernews.com/2025/10/discover-practical-ai-tactics-for-grc.html
Regulators arenβt ready β but you can be.
Join the live session Nov 3 to uncover hidden risks and real fixes.
Register free β https://thehackernews.com/2025/10/discover-practical-ai-tactics-for-grc.html
π8
β οΈ AI browsers like ChatGPT Atlas and Perplexity Comet can be tricked into using fake data.
A new exploit β βAI-targeted cloakingβ β lets attackers show one version of a page to humans and another to AI crawlers.
Same old SEO trick.
New weapon: misinformation at scale.
Read how it works β https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html
A new exploit β βAI-targeted cloakingβ β lets attackers show one version of a page to humans and another to AI crawlers.
Same old SEO trick.
New weapon: misinformation at scale.
Read how it works β https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html
π14π1
π¨ PHP servers are under attack.
Mirai, Mozi, and Gafgyt botnets are exploiting old CVEs to hijack WordPress and Craft CMS sites.
Some break-ins start from leftover PhpStorm debug sessions still running in production.
Check if yours is exposed β https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html
Mirai, Mozi, and Gafgyt botnets are exploiting old CVEs to hijack WordPress and Craft CMS sites.
Some break-ins start from leftover PhpStorm debug sessions still running in production.
Check if yours is exposed β https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html
π9π₯2π2π1
π¨ PhantomRaven hit the npm registry β 126 malicious packages, 86K+ installs, stealing npm tokens, GitHub creds, and CI/CD secrets.
They hide malware in remote dynamic dependencies that show 0 deps, so scanners miss them.
Details β https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html
They hide malware in remote dynamic dependencies that show 0 deps, so scanners miss them.
Details β https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html
π€―10π₯3π1
β‘ Cybercrime just got quieter, cheaper, and a lot more precise.
π₯ DNS flaws exploited
π₯ Rust binaries hiding payloads
π₯ Supply-chain heists rising
π₯ New RATs everywhere
Your weekly ThreatsDay recap has it all β https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html
π₯ DNS flaws exploited
π₯ Rust binaries hiding payloads
π₯ Supply-chain heists rising
π₯ New RATs everywhere
Your weekly ThreatsDay recap has it all β https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html
π10π4π2β‘1π₯1
π¨ A single line of JavaScript can crash any Chromium browser.
Researcher Jose Pino calls it Brash β it abuses how document.title handles rapid updates.
24 million title changes per second = instant crash.
Still unpatched. Details β https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html
Researcher Jose Pino calls it Brash β it abuses how document.title handles rapid updates.
24 million title changes per second = instant crash.
Still unpatched. Details β https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html
π₯8π7π€―7
β οΈ βPatch everythingβ is dead.
At the BAS Summit, CISOs said it straight β not every vuln matters, only the exploitable ones do.
Breach simulation shows where you bleed, not where scanners scream.
Proof beats panic. Read how BAS powers real defense β https://thehackernews.com/2025/10/the-death-of-security-checkbox-bas-is.html
At the BAS Summit, CISOs said it straight β not every vuln matters, only the exploitable ones do.
Breach simulation shows where you bleed, not where scanners scream.
Proof beats panic. Read how BAS powers real defense β https://thehackernews.com/2025/10/the-death-of-security-checkbox-bas-is.html
π₯3
π₯ A tool built for defenders is now arming attackers.
AdaptixC2 β an open-source C2 in Golang β was made for red teams.
Now, Russian ransomware gangs use it in fake Microsoft Teams help-desk scams.
Details β https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html
AdaptixC2 β an open-source C2 in Golang β was made for red teams.
Now, Russian ransomware gangs use it in fake Microsoft Teams help-desk scams.
Details β https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html
π€―7π€4π₯2
π Google says it blocks over 10 billion scam calls and messages every month.
But scammers have adapted β theyβve gone social.
Now they send fake job offers in group chats, even adding fake βfriendsβ to make it look real.
The new scam tactic most experts overlooked β https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html
But scammers have adapted β theyβve gone social.
Now they send fake job offers in group chats, even adding fake βfriendsβ to make it look real.
The new scam tactic most experts overlooked β https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html
π20π€11π4π₯2
CISA added a new VMware zero-day to its KEV list.
CVE-2025-41244 (CVSS 7.8) lets local users on VMs with VMware Tools + Aria Operations gain root access.
Exploited since Oct 2024 by China-linked UNC5174.
Patch released last month β https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html
CVE-2025-41244 (CVSS 7.8) lets local users on VMs with VMware Tools + Aria Operations gain root access.
Exploited since Oct 2024 by China-linked UNC5174.
Patch released last month β https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html
π9π2
Developers accidentally leaked VS Code tokens β letting attackers publish fake extensions.
Eclipse has revoked the tokens and added new safeguards after a campaign dubbed βGlassWorm.β
Read β https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html
Eclipse has revoked the tokens and added new safeguards after a campaign dubbed βGlassWorm.β
Read β https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html
π₯7π6π1
A Mac app just bypassed macOS permission checks β silently turning on the mic and camera.
ThreatLockerβs new Device Access Control (DAC) for macOS, now in Beta, flags hidden risks like unencrypted drives, SMBv1, and weak sharing settings β before attackers can exploit them.
Learn more β https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html
ThreatLockerβs new Device Access Control (DAC) for macOS, now in Beta, flags hidden risks like unencrypted drives, SMBv1, and weak sharing settings β before attackers can exploit them.
Learn more β https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html
π₯10π6
CISA and NSA just issued a warning:
Exchange servers are still getting hacked. Now a new WSUS flaw (CVE-2025-59287) lets attackers run code remotely.
Even patched systems arenβt fully safe.
If you manage Exchange or WSUS, read this β https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html
Exchange servers are still getting hacked. Now a new WSUS flaw (CVE-2025-59287) lets attackers run code remotely.
Even patched systems arenβt fully safe.
If you manage Exchange or WSUS, read this β https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html
β‘15π±3π1
Most MSPs are walking straight into a trap.
Clients now expect enterprise-level cybersecurity β but many providers are still selling basic IT support.
The result? Lost clients, slower growth, and higher risk exposure.
Is your MSP ready to lead with security? β https://thehackernews.com/2025/10/the-msp-cybersecurity-readiness-guide.html
Clients now expect enterprise-level cybersecurity β but many providers are still selling basic IT support.
The result? Lost clients, slower growth, and higher risk exposure.
Is your MSP ready to lead with security? β https://thehackernews.com/2025/10/the-msp-cybersecurity-readiness-guide.html
π7
β οΈ Chinese hackers are exploiting a critical 9.3 CVE (CVE-2025-61932) in Motex Lanscope Endpoint Manager.
It lets them run SYSTEM-level commands and plant a Gokcpdoor backdoor with new multiplexed C2 channels.
Active attacks confirmed β https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html
It lets them run SYSTEM-level commands and plant a Gokcpdoor backdoor with new multiplexed C2 channels.
Active attacks confirmed β https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html
π15π±4β‘1π€―1
π¨ China-backed hackers exploited an unpatched Windows shortcut bug to breach European diplomats.
UNC6384 used fake βEU Commissionβ and NATO meeting invites to plant PlugX malware (CVE-2025-9491) β still unpatched by Microsoft.
Full story β https://thehackernews.com/2025/10/china-linked-hackers-exploit-windows.html
UNC6384 used fake βEU Commissionβ and NATO meeting invites to plant PlugX malware (CVE-2025-9491) β still unpatched by Microsoft.
Full story β https://thehackernews.com/2025/10/china-linked-hackers-exploit-windows.html
π±13π6π2π€―1
Nation-state hackers built Airstalk, a new malware abusing VMware Workspace ONEβs MDM API as a covert C2 channel.
Signed with a stolen cert, itβs exfiltrating browser data from BPO networks.
Full analysis β https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html
Signed with a stolen cert, itβs exfiltrating browser data from BPO networks.
Full analysis β https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html
π12π3π€―1
π₯ OpenAI just launched an AI #cybersecurity researcher.
It finds bugs, proves theyβre real, and patches them β all by itself.
Powered by GPT-5, itβs already discovered 10 vulnerabilities.
The age of autonomous bug hunters starts now β https://thehackernews.com/2025/10/openai-unveils-aardvark-gpt-5-agent.html
It finds bugs, proves theyβre real, and patches them β all by itself.
Powered by GPT-5, itβs already discovered 10 vulnerabilities.
The age of autonomous bug hunters starts now β https://thehackernews.com/2025/10/openai-unveils-aardvark-gpt-5-agent.html
β‘24π±13π₯9π9π5π€2π1
π Chrome is going fully HTTPS by default starting April 2026.
Google will make βAlways Use Secure Connectionsβ the default settingβfirst for Enhanced Safe Browsing users, then for everyone by October 2026.
No more HTTP by default. Safer web, less room for attacks.
Full details β https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html#chrome-takes-final-step-toward-full-https-web
#ThreatsDay
Google will make βAlways Use Secure Connectionsβ the default settingβfirst for Enhanced Safe Browsing users, then for everyone by October 2026.
No more HTTP by default. Safer web, less room for attacks.
Full details β https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html#chrome-takes-final-step-toward-full-https-web
#ThreatsDay
π₯32π9β‘5π€2π1π€―1