News Archive — October 2025
Explore the latest news, real-world incidents, expert analysis, and trends in October 2025 — only on The Hacker News, the leading cybersecurity and IT news platform.| The Hacker News
Explore the latest news, real-world incidents, expert analysis, and trends in October 2025 — only on The Hacker News, the leading cybersecurity and IT news platform.| The Hacker News
A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. "The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents," Aryaka Threat Research Labs| The Hacker News
Google's DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company's ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive and| The Hacker News
For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single largest uncontrolled channel for corporate data| The Hacker News
Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. "XWorm's modular design is built around a core client and an array of specialized components known as plugins," Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis published last week. "These plugins are| The Hacker News
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. "An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free,| The Hacker News
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain| The Hacker News
CrowdStrike on Monday said it's attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The malicious activity involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical vulnerability that| The Hacker News
A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, which is known to share links with the| The Hacker News
The cyber world never hits pause, and staying alert matters more than ever. Every week brings new tricks, smarter attacks, and fresh lessons from the field. This recap cuts through the noise to share what really matters—key trends, warning signs, and stories shaping today’s security landscape. Whether you’re defending systems or just keeping up, these highlights help you spot what’s coming| The Hacker News
In the era of rapidly advancing artificial intelligence (AI) and cloud technologies, organizations are increasingly implementing security measures to protect sensitive data and ensure regulatory compliance. Among these measures, AI-SPM (AI Security Posture Management) solutions have gained traction to secure AI pipelines, sensitive data assets, and the overall AI ecosystem. These solutions help| The Hacker News
Oracle has released an emergency update to address a critical security flaw in its E-Business Suite software that it said has been exploited in the recent wave of Cl0p data theft attacks. The vulnerability, tracked as CVE-2025-61882 (CVSS score: 9.8), concerns an unspecified bug that could allow an unauthenticated attacker with network access via HTTP to compromise and take control of the Oracle| The Hacker News
Cybersecurity researchers have shed light on a Chinese-speaking cybercrime group codenamed UAT-8099 that has been attributed to search engine optimization (SEO) fraud and theft of high-value credentials, configuration files, and certificate data. The attacks are designed to target Microsoft Internet Information Services (IIS) servers, with most of the infections reported in India, Thailand| The Hacker News
A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military. Tracked as CVE-2025-27915 (CVSS score: 5.4), the vulnerability is a stored cross-site scripting (XSS) vulnerability in the Classic Web Client that arises as a result of insufficient sanitization of HTML content in ICS calendar files,| The Hacker News
Cybersecurity researchers have disclosed details of a new attack called CometJacking targeting Perplexity's agentic AI browser Comet by embedding malicious prompts within a seemingly innocuous link to siphon sensitive data, including from connected services, like email and calendar. The sneaky prompt injection attack plays out in the form of a malicious link that, when clicked, triggers the| The Hacker News
Threat intelligence firm GreyNoise disclosed on Friday that it has observed a massive spike in scanning activity targeting Palo Alto Networks login portals. The company said it observed a nearly 500% increase in IP addresses scanning Palo Alto Networks login portals on October 3, 2025, the highest level recorded in the last three months. It described the traffic as targeted and structured, and| The Hacker News
A threat actor named Detour Dog has been outed as powering campaigns distributing an information stealer known as Strela Stealer. That's according to findings from Infoblox, which found the threat actor to maintain control of domains hosting the first stage of the stealer, a backdoor called StarFish. The DNS threat intelligence firm said it has been tracking Detour Dog since August 2023, when| The Hacker News
The threat actor behind Rhadamanthys has also advertised two other tools called Elysium Proxy Bot and Crypt Service on their website, even as the flagship information stealer has been updated to support the ability to collect device and web browser fingerprints, among others. "Rhadamanthys was initially promoted through posts on cybercrime forums, but soon it became clear that the author had a| The Hacker News
Brazilian users have emerged as the target of a new self-propagating malware dubbed SORVEPOTEL that spreads via the popular messaging app WhatsApp. The campaign, codenamed Water Saci by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is "engineered for speed and propagation" rather than data theft or ransomware. "SORVEPOTEL has| The Hacker News
Passwork is positioned as an on-premises unified platform for both password and secrets management, aiming to address the increasing complexity of credential storage and sharing in modern organizations. The platform recently received a major update that reworks all the core mechanics. Passwork 7 introduces significant changes to how credentials are organized, accessed, and managed, reflecting| The Hacker News
A threat actor that's known to share overlaps with a hacking group called YoroTrooper has been observed targeting the Russian public sector with malware families such as FoalShell and StallionRAT. Cybersecurity vendor BI.ZONE is tracking the activity under the moniker Cavalry Werewolf. It's also assessed to have commonalities with clusters tracked as SturgeonPhisher, Silent Lynx, Comrade Saiga,| The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution. "| The Hacker News
The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor. "Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries -- especially in Pakistan – using spear-phishing and malicious documents as initial| The Hacker News
Cybersecurity researchers have flagged a malicious package on the Python Package Index (PyPI) repository that claims to offer the ability to create a SOCKS5 proxy service, while also providing a stealthy backdoor-like functionality to drop additional payloads on Windows systems. The deceptive package, named soopsocks, attracted a total of 2,653 downloads before it was taken down. It was first| The Hacker News
Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn’t kept up with today’s fast-moving threat landscape. Too often, findings are packaged into static reports, buried in PDFs or spreadsheets, and handed off manually to| The Hacker News
From unpatched cars to hijacked clouds, this week’s Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome’s settings to sneak in malicious extensions. On the defense side, AI is stepping up to block ransomware in real| The Hacker News
Google Mandiant and Google Threat Intelligence Group (GTIG) have disclosed that they are tracking a new cluster of activity possibly linked to a financially motivated threat actor known as Cl0p. The malicious activity involves sending extortion emails to executives at various organizations and claiming to have stolen sensitive data from their Oracle E-Business Suite. "This activity began on or| The Hacker News
Running a SOC often feels like drowning in alerts. Every morning, dashboards light up with thousands of signals; some urgent, many irrelevant. The job is to find the real threats fast enough to keep cases from piling up, prevent analyst burnout, and maintain client or leadership confidence. The toughest challenges, however, aren’t the alerts that can be dismissed quickly, but the ones that hide| The Hacker News
ESET uncovers ProSpy and ToSpy Android spyware posing as Signal and ToTok apps in U.A.E.| The Hacker News
New ransomware group EstateRansomware exploits Veeam software vulnerability, uses dormant VPN accounts for initial access, and deploys persistent back| The Hacker News
In yet another piece of research, academics from Georgia Institute of Technology and Purdue University have demonstrated that the security guarantees offered by Intel's Software Guard eXtensions (SGX) can be bypassed on DDR4 systems to passively decrypt sensitive data. SGX is designed as a hardware feature in Intel server processors that allows applications to be run in a Trusted Execution| The Hacker News
A high-severity security flaw has been disclosed in the One Identity OneLogin Identity and Access Management (IAM) solution that, if successfully exploited, could expose sensitive OpenID Connect (OIDC) application client secrets under certain circumstances. The vulnerability, tracked as CVE-2025-59363, has been assigned a CVSS score of 7.7 out of 10.0. It has been described as a case of| The Hacker News
AI is changing automation—but not always for the better. That’s why we’re hosting a new webinar, "Workflow Clarity: Where AI Fits in Modern Automation," with Thomas Kinsella, Co-founder & Chief Customer Officer at Tines, to explore how leading teams are cutting through the hype and building workflows that actually deliver.The rise of AI has changed how organizations think about automation.| The Hacker News
A severe security flaw has been disclosed in the Red Hat OpenShift AI service that could allow attackers to escalate privileges and take control of the complete infrastructure under certain conditions. OpenShift AI is a platform for managing the lifecycle of predictive and generative artificial intelligence (GenAI) models at scale and across hybrid cloud environments. It also facilitates data| The Hacker News
Bitdefender’s 2025 Cybersecurity Assessment Report paints a sobering picture of today’s cyber defense landscape: mounting pressure to remain silent after breaches, a gap between leadership and frontline teams, and a growing urgency to shrink the enterprise attack surface. The annual research combines insights from over 1,200 IT and security professionals across six countries, along with an| The Hacker News
Unknown threat actors are abusing Milesight industrial cellular routers to send SMS messages as part of a smishing campaign targeting users in European countries since at least February 2022. French cybersecurity company SEKOIA said the attackers are exploiting the cellular router's API to send malicious SMS messages containing phishing URLs, with the campaigns primarily targeting Sweden, Italy,| The Hacker News
A previously undocumented Android banking trojan called Klopatra has compromised over 3,000 devices, with a majority of the infections reported in Spain and Italy. Italian fraud prevention firm Cleafy, which discovered the sophisticated malware and remote access trojan (RAT) in late August 2025, said it leverages Hidden Virtual Network Computing (VNC) for remote control of infected devices and| The Hacker News
The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of new targeted cyber attacks in the country using a backdoor called CABINETRAT. The activity, observed in September 2025, has been attributed to a threat cluster it tracks as UAC-0245. The agency said it spotted the attack following the discovery of software tools taking the form of XLL files, which refer to Microsoft Excel| The Hacker News
A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors. "We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid| The Hacker News
Government and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years. "Phantom Taurus' main focus areas include ministries of foreign affairs, embassies, geopolitical events, and military operations," Palo Alto Networks Unit 42| The Hacker News
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. "They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud| The Hacker News
Microsoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the Sentinel data lake. In addition, the tech giant said it's also releasing a public preview of Sentinel Graph and Sentinel Model Context Protocol (MCP) server to turn telemetry into a security graph and allow AI| The Hacker News
The Problem: Legacy SOCs and Endless Alert Noise Every SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up like a slot machine, analysts scrambling to keep pace. The harder they try to scale people or buy new tools, the faster the chaos multiplies. The problem is not just volume; it is the model itself. Traditional SOCs start with rules, wait for alerts to fire,| The Hacker News
A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), a local privilege escalation bug affecting the following versions - VMware Cloud Foundation 4.x and 5.x VMware| The Hacker News
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly. Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting "active senior| The Hacker News
The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and development to finance and HR. This transformation unlocks innovation and efficiency, but it also| The Hacker News
A Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K. confiscated £5.5 billion (about $7.39 billion) during a raid of her home in London. The cryptocurrency seizure, amounting to 61,000 Bitcoin, is believed to be the single largest such effort in the world, the Metropolitan Police said. Zhimin Qian (aka Yadi Zhang),| The Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to| The Hacker News
Threat actors have been observed using seemingly legitimate artificial intelligence (AI) tools and software to sneakily slip malware for future attacks on organizations worldwide. According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various regions, including Europe, the Americas, and the Asia, Middle East, and Africa (AMEA) region.| The Hacker News
Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway. From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week’s roundup gives you the biggest security moves to know. Whether you’re protecting key systems or locking down cloud apps, these are the updates you need before making your next security| The Hacker News
Security leaders are embracing AI for triage, detection engineering, and threat hunting as alert volumes and burnout hit breaking points. A comprehensive survey of 282 security leaders at companies across industries reveals a stark reality facing modern Security Operations Centers: alert volumes have reached unsustainable levels, forcing teams to leave critical threats uninvestigated. You can| The Hacker News
Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads and evade security defenses. "Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a synthetic structure| The Hacker News
PlugX and Bookworm campaigns strike Asian telecom and ASEAN targets using DLL side-loading and modular RATs.| The Hacker News
RedNovember, a Chinese state-backed group, hacked global sectors using Pantegana and Cobalt Strike.| The Hacker News
UNC5221 uses BRICKSTORM malware to maintain 393-day stealthy access to U.S. SaaS, legal, and tech sectors.| The Hacker News
Chinese-speaking actor uses BadIIS to poison search results in East Asia, enabling remote access and SEO fraud.| The Hacker News
Microsoft patched CVE-2025-55241 July 17, 2025; CVSS 10.0 Entra ID bug via legacy Graph enabled cross-tenant impersonation risking tenant compromise.| The Hacker News
DPRK used ClickFix to deliver compiled BeaverTail to crypto marketers; Windows build used password-protected archives, revealing a tactical shift.| The Hacker News
ShadowLeak zero-click flaw in ChatGPT Deep Research leaks Gmail data via hidden HTML prompts, bypassing security| The Hacker News
AI-driven Tines workflow automates Confluence SOP execution, reducing MTTR and ensuring consistent, documented security incident response.| The Hacker News
Two UK teens tied to Scattered Spider’s $115M ransomware attacks face U.S. fraud charges and potential 95-year sentence for global cybercrime spree.| The Hacker News
Scattered Spider targets U.S. financial services in new cyberattacks, using Azure AD social engineering and cloud data exfiltration to evade law enfor| The Hacker News
Shadow AI Agents multiply unchecked across enterprises today, leaking data and impersonating users, outpacing governance.| The Hacker News
The Hacker News is the top cybersecurity news platform, delivering real-time updates, threat intelligence, data breach reports, expert analysis, and actionable insights for infosec professionals and decision-makers.| The Hacker News
Meta Shuts Down Covert Iranian, Chinese, and Romanian Influence Ops Using Fake Accounts in Q1 2025| The Hacker News
SpyNote malware disguised as Chrome installs hidden APKs via fake Play Store pages, stealing sensitive Android data.| The Hacker News
OpenAI banned accounts using ChatGPT for AI-powered surveillance and influence campaigns linked to China, Iran, and North Korea.| The Hacker News
Warning: APT5 hackers are exploiting a new critical zero-day RCE vulnerability (CVE-2022-27518) in Citrix ADC and Gateway.| The Hacker News
Explore the latest news, real-world incidents, expert analysis, and trends in June 2025 — only on The Hacker News, the leading cybersecurity and IT news platform.| The Hacker News
Explore the latest news, real-world incidents, expert analysis, and trends in March 2021 — only on The Hacker News, the leading cybersecurity and IT news platform.| The Hacker News
Threat actors abused Velociraptor via Cloudflare Workers in 2024, enabling C2 tunneling and ransomware precursors| The Hacker News
Salt Typhoon hit 600 organizations in 80 countries since 2019, exploiting router flaws for global espionage.| The Hacker News
Chinese threat actors exploited a new zero-day vulnerability in Barracuda's Email Security Gateway (ESG) appliances.| The Hacker News
Explore the latest news, real-world incidents, expert analysis, and trends in September 2025 — only on The Hacker News, the leading cybersecurity and IT news platform.| The Hacker News
45 domains linked to Salt Typhoon date back to May 2020, revealing ongoing China-backed cyber espionage.| The Hacker News
Embedding compliance from the start reduces risk, avoids fines, and improves security across operations.| The Hacker News
Vulnerabilities found in TensorFlow CI/CD pipeline allow malware upload and token theft.| The Hacker News
New Android malware 'Ajina.Banker' targets bank customers in Central Asia, stealing financial data and intercepting 2FA messages via Telegram channels| The Hacker News
83% of breaches in 2023 fueled by stolen credentials! Uncover the latest attacker tactics and fortify your defenses against this escalating threat.| The Hacker News
Third-party online trackers are capturing visitors' email addresses and passwords even before they submit a form on several sites.| The Hacker News
Microsoft and Europol dismantled Lumma’s 2,300-domain C2 network after 10M infections tied to credential and crypto theft.| The Hacker News
Silver Fox hackers target Chinese-speaking users with fake sites delivering Sainbox RAT and Hidden rootkit| The Hacker News
North Korean hackers used deepfake Zoom calls and Telegram links to infect Mac systems at a crypto firm.| The Hacker News
U.S. DoJ seizes $7.74M in crypto linked to North Korean IT worker scheme exploiting AI, fake IDs, and BYOD loopholes.| The Hacker News
Malware campaign hijacks expired Discord invite links to steal crypto wallets and infect users globally.| The Hacker News
OpenAI banned ChatGPT accounts tied to Russian, Chinese, and Iranian hackers using AI for malware and influence campaigns.| The Hacker News
Recent flaw in Microsoft Exchange servers believed to have infected tens of thousands of businesses, government entities.| The Hacker News
Google exposes cloaking scams targeting users with fake sites and AI-driven fraud, bolstering defenses with real-time scam detection.| The Hacker News
Scammers exploit AI video testimonials and phishing ads, growing Nomani scam by 335% in 2024, stealing data and $6.3M through fake trading platforms.| The Hacker News
Discover how a patched Microsoft 365 Copilot vulnerability could have led to data theft using ASCII smuggling and prompt injection techniques.| The Hacker News
Cheetah Android Apps With More Than 2 Billion Downloads Accused of Running Massive Ad Fraud Scheme| The Hacker News
North Korea's BlueNoroff, part of Lazarus Group, has upgraded their macOS malware, Rustbucket, to avoid detection and persist longer.| The Hacker News
Why Human Error Remains the #1 Security Threat to Your Business| The Hacker News
