10/30/2025 October 30, 2025November 2, 2025 ~ The Cyber Beat ~ Leave a comment Diplomatic Entities in Belgium and Hungary Hacked in China-Linked Spy CampaignLeaker Reveals Which Pixels Are Vulnerable to Cellebrite Phone HackingShadow AI: One In Four Employees Use Unapproved AI Tools, Research FindsLinkedIn Phishing Targets Finance Execs With Fake Board InvitesProton Trains New Service to Expose Corporate Infosec Cover-UpsNASA’s Quiet Supersonic Jet Takes FlightCoalition Calls on FTC to Block Meta From Using Chatbot Interactions to Target Ads, Personalize ContentThreat Actors Utilize AdaptixC2 for Malicious Payload DeliveryCritical Flaws Found in Elementor King Addons Affect 10,000 SitesMassive Surge of NFC Relay Malware Steals Europeans’ Credit CardsMalicious NPM Packages Fetch Infostealer for Windows, Linux, macOSCISA Orders Feds to Patch VMware Tools Flaw Exploited by Chinese HackersCyber Info Sharing ‘Holding Steady’ Despite Lapse in CISA 2015, Official SaysThe AI Trust Paradox: Why Security Teams Fear Automated Remediation
10/29/2025 October 29, 2025October 29, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Company Ribbon Communications With Access to Biggest Telecom Firms Uncovers Breach by Unnamed Nation-State HackersRussian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land TacticsNew Names Surface for NSA Director, Other Top Jobs at Spy AgencyThe Microsoft Azure Outage Shows the Harsh Reality of Cloud FailuresKrebs: Aisuru Botnet Shifts from DDoS to Residential ProxiesNew AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified FactsEx-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian FirmCISOs Finally Get a Seat at the Board’s Table — But There’s a Big CatchCanada Says Hacktivists Breached Water and Energy FacilitiesCloud Atlas Hackers Target Russian Agriculture Sector Ahead of Industry ForumEY Exposes 4TB+ SQL Database to Open Internet for Who Knows How LongTata Motors Confirms It Fixed Security Flaws, Which Exposed Company and Customer DataMore Than 10 Million Impacted by Breach of Government Contractor ConduentInvestment Scams Spread Across Asia With International ReachPhantomRaven: Npm Malware Uses Invisible Dependencies to Infect Dozens of PackagesWordPress Security Plugin Exposes Private Data to Site SubscribersWindows 11 KB5067036 Update Rolls out Administrator Protection Feature
10/28/2025 October 28, 2025October 28, 2025 ~ The Cyber Beat ~ Leave a comment SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian DiplomatsResearchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware ChainsNation-State Cyber Ecosystems Weakened by Sanctions, Report RevealsClearview AI Faces Criminal Heat for Ignoring EU Data FinesAI Browsers Face a Security Flaw as Inevitable as Death and TaxesPalo Alto Networks Debuts Automated AI Agents to Fight CyberattacksSublime Raises $150 Million for AI-Powered Email SecurityA Quarter of Scam Victims Have Considered Self-HarmAdvertising Giant Dentsu Reports Data Breach at Subsidiary MerkleNew Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems by Typing Like a HumanNew Atroposia Malware Comes With a Local Vulnerability ScannerNew TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure EnclavesCISA Warns of Two More Actively Exploited Dassault VulnerabilitiesGoogle Chrome to Warn Users by Default Before Opening Insecure HTTP SitesFCC Adopts New Rule Targeting RobocallsF5 Expects Big Revenue Hit From Recent Cyber Attack Compromising Many
10/27/2025 October 27, 2025October 27, 2025 ~ The Cyber Beat ~ Leave a comment Chatbots Are Pushing Sanctioned Russian PropagandaIran’s School for Cyberspies Could’ve Used a Few More Lessons in Preventing BreachesItalian Spyware Vendor Linked to Chrome Zero-Day AttacksEuropol Warns of Rising Threat From Caller ID Spoofing Attacks‘There Isn’t Really Another Choice:’ Signal Chief Explains Why the Encrypted Messenger Relies on AWSX: Re-Enroll 2FA Security Keys by November 10 or Get Locked OutYou Have One Week to Opt Out or Become Fodder for LinkedIn AI TrainingShaquille O’Neal’s Custom Range Rover Stolen During Transport in Suspected HackHundreds of People With ‘Top Secret’ Clearance Exposed by House Democrats’ WebsiteGoogle Disputes False Claims of Massive Gmail Data BreachSweden’s Power Grid Operator Confirms Data Breach Claimed by Everest Ransomware GangQilin Ransomware Group Publishes Over 40 Cases MonthlyRansomware Profits Drop as Victims Stop Paying HackersQNAP Warns of Critical ASP.NET Flaw in its Windows Backup SoftwareCISA Releases Warning About Windows Server Update Service Bug, Orders Agencies to PatchGoogle Says Everyone Will Be Able to Vibe Code Video Games
10/24-26/2025 October 27, 2025October 27, 2025 ~ The Cyber Beat ~ Leave a comment Blitz Spear Phishing Campaign Targets NGOs Supporting UkraineUN Cybercrime Treaty to Be Signed in Hanoi to Tackle Global OffencesFake LastPass Death Claims Used to Breach Password VaultsMPs Urge Government to Stop Britain’s Phone Theft Wave Through TechHow Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBAHackers Earn $1,024,750 for 73 Zero-Days at Pwn2Own IrelandEverest Ransomware Says It Stole 1.5m Dublin Airport Passenger RecordsNew LockBit Ransomware Victims Identified by Security ResearchersHackers Steal Discord Accounts With RedTiger-Based InfostealerHackers Launch Mass Attacks Exploiting Outdated WordPress PluginsWindows Server Emergency Patches Fix WSUS Bug with PoC Exploit…Critical WSUS Flaw in Windows Server Now Exploited in Attacks
10/23/2025 October 23, 2025October 23, 2025 ~ The Cyber Beat ~ Leave a comment Lazarus Group’s Operation DreamJob Targets European Defense FirmsPakistani-Linked Hacker Group Targets Indian Government with DeskRATHackers Posing as Kyrgyz Officials Target Russian Agencies in Cyber Espionage CampaignEurope’s Offshore Wind Sector Faces Dilemma Over China’s Grip on SectorUK Cyber Law Delays ‘Deeply Concerning,’ Say MPsThe ‘Universal Browser’ Privacy Browser Has Dangerous Hidden Features23andMe’s Data-Theft Victims Offered ‘Genetic Monitoring’ to Ward Off HackersFormer Polish Official Indicted Over Spyware PurchasePlaytime’s Over: Crooks Swipe Toys R Us Canada Customer Data and Dump It Online“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift CardsSpoofed AI Sidebars Can Trick Atlas, Comet Users Into Dangerous ActionsTired of Unpaid Toll Texts? Blame the ‘Smishing Triad’CISA Warns of Lanscope Endpoint Manager Flaw Exploited in AttacksMicrosoft Disables File Explorer Preview for Downloads to Block AttacksGoogle Nukes 3,000 YouTube Videos That Sowed Malware Disguised as Cracked SoftwareTrump Pardons Former Binance CEO After Guilty Plea in Letting Cybercrime Proceeds Flow Through Platform
10/22/2025 October 22, 2025October 22, 2025 ~ The Cyber Beat ~ Leave a comment PhantomCaptcha Campaign Targets Ukraine Relief OrganizationsMuddyWater Uses Compromised Mailboxes in Global Phishing CampaignThe Long Tail of the AWS OutageScattered Lapsus$ Hunters Signal Shift in TacticsUN Cybercrime Pact to Be Signed in Hanoi Raises Hopes, ConcernsKrebs: Canada Fines Cybercrime Friendly Cryptomus $176MJLR Hack UK’s Costliest Ever, Hitting Economy with £1.9bn LossNo, ICE (Probably) Didn’t Buy Guided Missile WarheadsSpaceX Disables More Than 2,000 Starlink Devices Used in Myanmar Scam CompoundsIt Takes Only 250 Documents to Poison Any AI ModelCyber Incidents in Texas, Tennessee and Indiana Impacting Critical Government ServicesRansomware Gang Steals Meeting Videos, Financial Secrets From Fence WholesalerSummit Golf Brands Allegedly Subjected to Massive INC Ransom BreachFake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet KeysTARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code ExecutionHackers Exploiting Critical “SessionReaper” Flaw in Adobe MagentoChinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July PatchPwn2Own Day 2: Hackers Exploit 56 Zero-Days for $790,000
10/21/2025 October 22, 2025October 22, 2025 ~ The Cyber Beat ~ Leave a comment Russian Coldriver Hackers Deploy New ‘NoRobot’, ‘YesRobot’, and ‘MaybeRobot’ Malware‘PassiveNeuron’ Cyber Spies Target Orgs With Custom MalwareLumma Stealer Developers Doxxed in Underground Rival Cybercrime CampaignMeta Rolls Out New Tools to Protect WhatsApp and Messenger Users from ScamsHow Malware Vaccines Could Stop Ransomware’s RampageMedical Specialist Group Fined £100K After Hack Exposed Patient DataCloud Data Firm Veeam to Buy Securiti AI for $1.73 BillionRussia Pressures Apple to Make Russian Search Engines Default on Locally-Sold iPhonesAmazon Says AWS Cloud Service Back to Normal After Outage Disrupts Businesses WorldwideSingapore Officials Impersonated in Sophisticated Investment ScamHackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom NetworkVidar Stealer 2.0 Adds Multi-Threaded Data Theft, Better EvasionPolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet CampaignCursor, Windsurf IDEs Riddled with 94+ N-Day Chromium VulnerabilitiesTP-Link Warns of Critical Command Injection Flaw in Omada GatewaysHackers Exploit 34 Zero-Days on the First Day of Pwn2Own Ireland 2025
10/20/2025 October 20, 2025October 20, 2025 ~ The Cyber Beat ~ Leave a comment Amazon’s AWS Struggles to Recover After Major Outage Disrupts Apps, Services Worldwide…What the Huge AWS Outage Reveals About the InternetSalt Typhoon Uses Citrix Flaw in Global Cyber-AttackFlawed Vendor Guidance Exposes Enterprises to Avoidable RiskCyberattacks Cripple Small Businesses, Even When They Aren’t HackedDNS0.EU Private DNS Service Shuts Down Over Sustainability IssuesEvilginx’s Creator Reckons With the Dark Side of Red-Team ToolsJudge Bars NSO From Targeting WhatsApp Users With Spyware, Reduces Damages in Landmark CaseWhat to Know About the Shocking Louvre Jewelry HeistThe Fraudster Behind Steve Ballmer’s NBA NightmareRetail Giant Muji Halts Online Sales After Ransomware Attack on SupplierHome Security Firm Verisure Reports Data Breach at Swedish SubsidiaryJapanese Retailer Askul Halts Online Orders, Shipments After Ransomware Attack131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam CampaignSelf-Spreading GlassWorm Malware Hits OpenVSX, VS Code RegistriesCyber Defenders From All Around Sound the Alarm as F5 Hack Exposes Broad RisksCISA: High-Severity Windows SMB Flaw Now Exploited in Attacks…Five New Exploited Bugs Land in CISA’s Catalog — Oracle and Microsoft Among TargetsMicrosoft Warns of Windows Smart Card Auth Issues After October Updates
10/17-19/2025 October 20, 2025October 20, 2025 ~ The Cyber Beat ~ Leave a comment Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ OfficialsNorth Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS MalwareTeen Tied to Russian Hackers in Dutch Cyber Espionage ProbeOver 266,000 F5 BIG-IP Instances Exposed to Remote AttacksChina Accuses U.S. of Cyberattack on National Time CenterMicrosoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware CampaignEuropol Dismantles SIM Farm Network Powering 49 Million Fake Accounts WorldwideExperian Fined $3.2 Million for Mass-Collecting Personal DataLabor Unions Sue Trump Administration Over Social Media SurveillanceAmerican Airlines Subsidiary Envoy Air Confirms Oracle Data Theft AttackAI Girlfriend Apps Leak Millions of Private ChatsNew .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPsKrebs: Email Bombs Exploit Lax Authentication in ZendeskGoogle Ads for Fake Homebrew, LogMeIn Sites Push InfostealersTikTok Videos Continue to Push Infostealers, Including Aura Stealer, in ClickFix AttacksResearchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over DevicesConnectWise Fixes Automate Bug Allowing AiTM Update AttacksMicrosoft Fixes Highest-Severity ASP.NET Core Flaw Ever
10/16/2025 October 16, 2025October 20, 2025 ~ The Cyber Beat ~ Leave a comment Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks…Breach at U.S.-Based Cybersecurity Provider F5 Blamed on China, Say Sources…Cybersecurity Firm F5′S Stock Sinks 10%‘Categorically Untrue’ That China Hacked UK Intelligence Systems, Say OfficialsHacked Airport P.A. Systems Broadcast Anti-Trump and Pro-Hamas MessagesNorth Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart ContractsMicrosoft Disrupts Ransomware Attacks Targeting Teams UsersMicrosoft Debuts Copilot Actions for Agentic AI-Driven Windows TasksRing to Partner With Flock, Giving Law Enforcement Easier Access to Home Security Camera FootageCambodia to Repatriate South Koreans Ensnared by Scam Industry Amid Diplomatic PressureEx-Trump National Security Adviser Bolton Charged With Storing and Sharing Classified InformationVulnerability Scores, Huh, What Are They Good For? Almost NothingNintendo Denies Data Leak After Online ReportsAuction Giant Sotheby’s Says Data Breach Exposed Customer InformationHave I Been Pwned: Prosper Data Breach Impacts 17.6 Million AccountsList of Major Companies Hit by Massive Salesforce Data Breach Continues to GrowDairy Farmers of America Confirms June Cyberattack Leaked Personal DataHackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress SitesMicrosoft Warns of a 32% Surge in Identity Hacks, Mainly Driven by Stolen PasswordsLinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP PacketsNew Rootkit Campaign Exploits Cisco SNMP Flaw to Gain PersistenceGladinet Fixes Actively Exploited Zero-Day CVE-2025-11371 in File-Sharing SoftwareCISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
10/15/2025 October 15, 2025October 15, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Warns That Hackers Using F5 Devices to Target Government Networks…Emergency Order…F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive IntrusionChinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for MonthsWhen Face Recognition Doesn’t Know Your Face Is a FaceGoogle Will Let Friends Help You Recover an AccountOutsourcing Firm Capita Fined £14M After Millions Had Data StolenNew York Secures $14 Million in Fines From 8 Car Insurance Companies After Data BreachesUK, U.S. Sanction Southeast Asia-Based Online Scam NetworkPowerSchool Hacker Gets Sentenced to Four Years in PrisonScouts Can Now Earn AI and Cybersecurity BadgesCisco Must Share More Information About Effects of Severe Bugs on Businesses, Senator Cassidy SaysSalesforce-Linked Security Breach Fallout Escalates With Qantas LeakClothing Giant MANGO Discloses Data Breach Exposing Customer InfoTexas Electric Cooperatives Purportedly Breached by QilinWhisper 2FA Behind One Million Phishing Attempts Since JulyFake LastPass, Bitwarden Breach Alerts Lead to PC HijacksHackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell AccessFlaw in Slider Revolution Plugin Exposed 4m WordPress SitesNew SAP NetWeaver Bug Lets Attackers Take Over Servers Without LoginRMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential ComputingTwo CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial ControlKrebs: Patch Tuesday, October 2025 ‘End of 10’ Edition…Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
10/14/2025 October 14, 2025October 14, 2025 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Use Trusted ArcGIS App For Year-Long PersistenceTaiwan Flags Rise in Chinese Cyberattacks, Warns of ‘Online Troll Army’Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate DataSalesforce Deepens AI Ties With OpenAI, Anthropic to Power Agentforce PlatformSenior Execs Falling Short on Cyber-Attack Preparedness, NCSC Warns…Cyber Attack Contingency Plans Should Be Put On Paper, Firms Told…NCSC Reports 130% Spike in “Nationally Significant” Cyber IncidentsUK Firms Lose Average of £2.9m to AI RiskCritical infrastructure CISOs Can’t Ignore ‘Back-Office Clutter’ DataFeds Seize Record-Breaking $15 Billion in Bitcoin From Alleged Scam EmpireFlorida Sues Roku for Illegally Selling Children’s Data, Including Precise GeolocationSecurity Firms Dispute Credit for Overlapping CVE ReportsDiscord Blamed a Vendor for Its Data Breach — Now the Vendor Says It Was ‘Not Hacked’npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord ChannelsPersonal Data Potentially Stolen in Asahi Cyber-AttackHarvard Says ‘Limited Number of Parties’ Impacted by Breach Linked to Oracle Zero-DayMichigan City (IN) Confirms Ransomware Hackers Behind September IncidentHacker Group TA585 Emerges With Advanced Attack InfrastructureMalicious Crypto-Stealing VSCode Extensions Resurface on OpenVSXNew Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without PermissionsSecure Boot Bypass Risk Threatens Nearly 200,000 Linux Framework LaptopsLegacy Windows Protocols Still Expose Networks to Credential TheftMicrosoft October 2025 Patch Tuesday Fixes 6 Zero-Days, 172 FlawsOracles Silently Fixes Zero-Day Exploit Leaked by ShinyHunters
10/13/2025 October 13, 2025October 13, 2025 ~ The Cyber Beat ~ Leave a comment Ukraine Takes Steps to Launch Dedicated Cyber Force for Offensive StrikesChina Probes Qualcomm’s Autotalks Deal Amid Rising U.S. Trade TensionsDutch Government Puts Nexperia on a Short Leash Over Chip Security FearsUK Ofcom Fines 4chan £20K and Counting for Pretending UK’s Online Safety Act Doesn’t ExistAstaroth Banking Trojan Abuses GitHub to Remain Operational After TakedownsMicrosoft Locks Down IE Mode After Hackers Turned Legacy Feature Into BackdoorApple Bug Bounty Payouts Can Now Top $5mFired California Cybersecurity Chief Speaks Out on Sudden Termination, Security ConcernsScattered Lapsus$ Hunters Rage-Quit the Internet (Again), Promise to Return Next YearHarvard Investigating Breach Linked to Oracle Zero-Day ExploitSimonMed Says 1.2 Million Patients Impacted in January Data BreachGoosehead Insurance Confirms Data Breach Exposes SSNs Following Ransomware AttackWellborn & Company Data Breach Affecting Clients’ Personal InformationHackers Target ScreenConnect Features For Network IntrusionsMassive Multi-Country Botnet Targets RDP Services in the U.S.New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCsSonicWall VPN Accounts Breached Using Stolen Creds in Widespread Attacks
10/10-12/2025 October 12, 2025October 12, 2025 ~ The Cyber Beat ~ Leave a comment What Are the Latest Sticking Points in U.S.-China Tensions?White House Lays off Thousands of U.S. Government Workers, Blaming Shutdown…Federal Cyber Cuts Raise National Security AlarmsActing U.S. Cyber Command, NSA Chief Won’t Be Nominated for the Job, Sources SayNorth Korean Scammers Are Doing Architectural Design NowKrebs: DDoS Botnet Aisuru Blankets U.S. ISPs in Record DDoSSpyware Maker NSO Group Confirms Acquisition by U.S. Investors…Led by Hollywood ProducerCops Nuke BreachForums (Again) Amid Cybercrime Supergroup Extortion BlitzSpain Dismantles “GXC Team” Cybercrime Syndicate, Arrests LeaderProsecutors Seek 7-Year Prison Term for ‘Sophisticated’ PowerSchool HackerFinland’s Trial of Men Charged Over Baltic Sea Cable Damage Hits Choppy WatersMicrosoft Violated EU Law in Handling of Kids’ Data, Austrian Privacy Regulator FindsUK Techies’ Union Prospect Warns Members After Breach Exposes Sensitive Personal DetailsAustralian Airline Qantas Airways Says Hackers Leaked Data on Its CustomersPrivate Data Exposed in Georgia Department of Human Services Email BreachKearney Public Schools (NE) Hit by a Cybersecurity AttackHouston Suburb Sugar Land (TX) Says Some Online Services Taken Down by CyberattackFake ‘Inflation Refund’ Texts Target New Yorkers in New Scam175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing CampaignStealit Malware Abuses Node.js Single Executable Feature via Game and VPN InstallersFrom Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 ExploitationHackers Exploiting Zero-Day in Gladinet File Sharing SoftwareNew Oracle E-Business Suite Bug Could Let Hackers Access Data Without LoginApple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
10/9/2025 October 9, 2025October 9, 2025 ~ The Cyber Beat ~ Leave a comment China Honing Abilities for a Possible Future Attack, Taiwan Defence Report WarnsFrom HealthKick to GOVERSHELL: The Evolution of UTA0388’s Espionage MalwarePro-Russian Hacktivist Group ‘Twonet’ Target Critical Infrastructure, Hit Decoy PlantClaude’s New AI File-Creation Feature Ships With Security Risks Built InResearchers Warn of Security Gaps in AI BrowsersIt’s Trivially Easy to Poison LLMs Into Spitting Out Gibberish, Says AnthropicGitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates DataTake Note: Cyber-Risks With AI NotetakersHigh Number of Windows 10 Users Remain as End-of-Life LoomsRenewal of Cyber Information-Sharing Law Must Mind the Gap, Senator SaysGoogle Says ‘Likely Over 100’ Affected by Oracle-Linked Hacking CampaignAll SonicWall Cloud Backup Users Have Firewall Configuration Files StolenHackers Claim Discord Breach Exposed Data of 5.5 Million UsersRhode Island Lottery Tech Supplier Brightstar Lottery Group Breach Impacted ThousandsQilin Ransomware Gang Claims San Francisco’s Cal Club, Exposing Members of Exclusive Golf ClubClayRat Spyware Campaign Targets Android Users in RussiaMicrosoft: Storm-2657 Hackers Target Universities in “Payroll Pirate” AttacksHackers Now Use Velociraptor DFIR Tool in Ransomware AttacksChaos Ransomware Upgrades With Aggressive New C++ VariantRondoDox Botnet Targets 56 N-Day Flaws in Worldwide Attacks
10/8/2025 October 8, 2025October 8, 2025 ~ The Cyber Beat ~ Leave a comment OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for CyberattacksRussian Hackers Turn to AI as Old Tactics Fail, Ukrainian CERT SaysRussia Is at ‘Hybrid War’ With Europe, Warns EU Chief, Calling for Members ‘To Take It Very Seriously’Nezha Tool Used by Chinese Hackers in New Cyber Campaign Targeting Web ApplicationsBybit Theft Drives Record-Breaking $2bn Haul for North KoreaU.S. Government Shutdown: Who Is Still Working and Who Has Been Furloughed?Digital Fraud Costs Companies Worldwide 7.7% of Annual RevenueSalesforce Says It Won’t Pay Extortion Demand in 1 Billion Records BreachKrebs: ShinyHunters Wage Broad Corporate Extortion SpreeCybersecurity Gets C-Suite Attention as Companies Dive Into AI1Password Says It Can Fix Login Security for AI Browser AgentsGermany Slams Brakes on EU’s Chat Control Device-Scanning SnoopfestDiscord Says 70,000 Users May Have Had Their Government IDs Leaked in BreachMajor U.S. Law Firm Williams & Connolly Says Hackers Broke Into Attorneys’ Emails AccountsLockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware EcosystemCrimson Collective Hackers Target AWS Cloud Instances for Data TheftNew FileFix Attack Uses Cache Smuggling to Evade Security SoftwareHackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing AttacksHackers Exploit Auth Bypass in Service Finder WordPress ThemeSevere Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch NowDocker Makes Hardened Images Catalog Affordable for Small BusinessesCalifornia Enacts Law Giving Consumers Ability to Universally Opt Out of Data SharingTime’s Running Out to Claim Your Part of the $177 Million AT&T Data Breach Settlement
10/7/2025 October 7, 2025October 7, 2025 ~ The Cyber Beat ~ Leave a comment Russia Blocks Mobile Internet for Foreign SIM Cards, Citing Drone ThreatsOpenAI Bans Suspected Chinese Accounts Using ChatGPT to Plan SurveillanceEmployees Regularly Paste Company Secrets into ChatGPTDespite AI-Related Job Loss Fears, Tech Hiring Holds Steady – And Here Are the Most In-Demand SkillsGoogle Won’t Fix New ASCII Smuggling Attack in GeminiGoogle’s New AI Bug Bounty Program Pays up to $30,000 for FlawsMan and Teenage Boy Arrested Over Cyber-Attack on London NurseriesCyberattacks Upset British Life, Disrupting Car Factories and Grocery Stores‘Qilin’ Cybercrime Gang Claims Hack on Japan’s Asahi GroupQilin Claims Ransomware Attack on Mecklenburg Schools (VA)Electronics Giant Avnet Confirms Breach, Says Stolen Data UnreadableDraftKings Warns of Account Breaches in Credential Stuffing AttacksBatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job SeekersCalifornia Sets 30 Day Deadline for Data Breach Notifications
10/6/2025 October 7, 2025October 7, 2025 ~ The Cyber Beat ~ Leave a comment Suspected Chinese Cyber Spies Targeted Serbian Aviation AgencyNew Report Links Research Firms BIETA and CIII to China’s MSS Cyber OperationsOne iPhone Led Police to Gang Suspected of Sending up to 40,000 Stolen UK Phones to ChinaVibe Coding Is the New Open Source—In the Worst Way PossibleGoogle Confirms Android Dev Verification Will Have Free and Paid Tiers, No Public List of DevsOpenAI, AMD Announce Massive Computing Deal, Marking New Phase of AI BoomA Biological 0-Day? Threat-Screening Tools May Miss AI-Designed Proteins.The True Cost of Cyber Attacks – And the Business Weak Spots That Allow Them to HappenSAIC to Acquire Silveredge Government Solutions for $205 MillionEuropol Calls for Stronger Data Laws to Combat CybercrimeSignal Calls on Germany to Vote Against ‘Chat Control,’ Saying It Would Leave EU MarketScattered Lapsus$ Hunters Offering $10 in Bitcoin to ‘Endlessly Harass’ ExecsRed Hat Data Breach Escalates as ShinyHunters Joins ExtortionRansomware Group “Trinity of Chaos” Launches Data Leak SiteDoctors Imaging Group (FL) Suffers Data Breach – 171,800+ Users Data ExposedXWorm Malware Resurfaces With Ransomware Module, Over 35 PluginsNew Malware Sorvepotel Leverages WhatsApp to Target Brazilian Government and BusinessesRedis Warns of Critical Flaw Impacting Thousands of InstancesMicrosoft: Critical GoAnywhere Bug Exploited by Storm-1175 in Medusa Ransomware AttacksSteam and Microsoft Warn of Unity Flaw Exposing Gamers to AttacksOracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft AttacksZeroday Cloud Hacking Contest Offers $4.5 Million in BountiesPhishing Is Moving From Email to Mobile. Is Your Security?
10/3-5/2025 October 5, 2025October 5, 2025 ~ The Cyber Beat ~ Leave a comment ShinyHunters Launches Salesforce Data Leak Site to Extort 39 Victims…Salesforce Providing Support to Customers Listed on Scattered Spider Extortion SiteApple Drops ICE-Tracking Apps From App Store…Google Too…ICE Wants to Build Out a 24/7 Social Media Surveillance TeamCongress Let Cyber-Intel Sharing Act Lapse. Does it Matter?National Security, Legal Readiness, and U.S. Engagement for International Dual-Use Technology CompaniesUK Government Says Digital ID Won’t Be Compulsory – HonestConsumers More Likely to Pay for ‘Responsible’ AI Tools, Deloitte Survey SaysChatGPT Social Could Be a Thing, as Leak Shows Direct Messages SupportOpenAI Wants ChatGPT to be Your Emotional SupportSignal Adds New Cryptographic Defense Against Quantum AttacksMunich Airport Chaos After Drone Sightings Spook Air Traffic ControlParkMobile Pays… $1 Each for 2021 Data Breach That Hit 22 MillionLinkedIn Sues Software Company Allegedly Scraping Data From Millions of ProfilesCalifornia AG Sues City for Allowing Out-Of-State Searches of License Plate Reader DatabaseOracle Links Clop Extortion Attacks to July 2025 VulnerabilitiesDiscord Customer Service Data Breach Leaks User Info and Scanned Photo IDsRenault and Dacia UK Warn of Data Breach Impacting CustomersSix Out of 10 UK Secondary Schools Hit by Cyber-Attack or Breach in Past YearJapan Faces Asahi Beer Shortage After Cyber-AttackNew “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRATMassive Surge in Scans Targeting Palo Alto Networks Login PortalsChinese-Speaking Cybercrime Group Hijacks IIS Servers for SEO FraudDetour Dog Caught Running DNS-Powered Malware Factory for Strela StealerRhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography PayloadsResearchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTELCometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data ThiefHackers Exploited Zimbra Flaw as Zero-Day Using iCalendar FilesCISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the WildLicense Plate Reader Company Flock Launches New Product That Detects Human Voices
10/2/2025 October 2, 2025October 2, 2025 ~ The Cyber Beat ~ Leave a comment U.S. to Provide Ukraine With Intelligence for Missile Strikes Deep Inside Russia…Trump’s Drone Deal With Ukraine to Give U.S. Access to Battlefield TechU.S. Government Shutdown to Slash Federal Cybersecurity Staff…Shutdown Guts U.S. Cybersecurity Agency at Perilous Time…U.S. Stocks Rally on Shutdown’s Second DayGoogle Says Self-Reported Cl0p Hackers Are Sending Extortion Emails to Corporate ExecutivesGmail’s End-To-End Encryption for Organizations Now Works Across Email ProvidersEU Funds Are Flowing Into Spyware Companies, and Politicians Are Demanding AnswersHackerOne Paid $81 Million in Bug Bounties Over the Past YearCybercrims Claim Raid on 28,000 Red Hat Repos, Say They Have Sensitive Customer FilesSubpoena Tracking Platform Blames Outage on AWS Social Engineering AttackConcerns for Patient Data After Suspected Cyberattack on Shamir Medical CenterConfucius Shifts from Document Stealers to Python BackdoorsWarning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok ProAlert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before TakedownDrayTek Warns of Remote Code Execution Bug in Vigor RoutersMicrosoft Outlook Stops Displaying Inline SVG Images Used in AttacksMicrosoft Defender Bug Triggers Erroneous BIOS Update Alerts
10/1/2025 October 1, 2025October 1, 2025 ~ The Cyber Beat ~ Leave a comment Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPsGeopolitics Drives More CyberattacksChina Imposes One-Hour Reporting Rule for Major Cyber IncidentsExpiration of Cyber Information-Sharing Act Leaves U.S. Very VulnerableF-Droid Project Threatened by Google’s New Dev Registration RulesSchools and Colleges Are Swotting up on Security Yet Still Flunk Recovery When Cyberattacks Inevitably StrikeSeniors Targeted in Global Facebook Scam Spreading New Android MalwareAI Data Analytics Startup Dataiku Picked Multiple Banks for U.S. IPO, Sources SayAllianz Life Says July Data Breach Impacts 1.5 Million PeopleData Breach at Dealership Software Provider Motility Software Solutions Impacts 766K ClientsAdobe Analytics Bug Leaked Customer Tracking Data to Other TenantsHackers Exploit Milesight Routers to Send Phishing SMS to European UsersShortcut-based Credential Lures Deliver DLL ImplantsNew WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer‘Delightful’ Root-Access Bug in Red Hat OpenShift AI Allows Full Cluster TakeoverOneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps