11/5/2025 November 5, 2025November 5, 2025 ~ The Cyber Beat ~ Leave a comment SonicWall Says State-Sponsored Hackers Behind September Security BreachRussia-Linked ‘Curly COMrades’ Turn to Malicious Virtual Machines for Digital Spy CampaignsZohran Mamdani Just Inherited the NYPD Surveillance StateChina Sentences 5 Myanmar Scam Kingpins to DeathOperation Chargeback Uncovers €300m Fraud Scheme in 193 CountriesUK Carriers to Block Spoofed Phone Numbers in Fraud CrackdownTelecoms Cyber Chiefs Adopt Financial Sector’s Model of Collective DefenseGoogle Gets the U.S. Government’s Green Light to Acquire Wiz for $32BArmis Raises $435 Million, Valuing Cybersecurity Startup at $6.1 BillionCyberattack Ate up Profits for First Half of Year, Retailer M&S SaysUNK_SmudgedSerpent Targets Academics With Political LuresHyundai AutoEver America Data Breach Exposes SSNs, Drivers LicensesCentral New Jersey Medical Center Suffers Ransomware AttackUniversity of Pennsylvania Confirms Hacker Stole Data During CyberattackGootloader Malware Is Back With a Bang With New Tricks After 7-Month BreakResearchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking DataGoogle Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code HourlyAMD Red-Faced Over Random-Number Bug That Kills Cryptographic SecurityCISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
11/4/2025 November 4, 2025November 4, 2025 ~ The Cyber Beat ~ Leave a comment Russian Spies Pack Custom Malware Into Hidden VMs on Windows MachinesOperation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense SectorsData Brokers Selling Location Info That Can Be Used to Track EU Officials, Report FindsEurope Sees Increase in Ransomware, Extortion AttacksA Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join ForcesDragonForce Cartel Emerges as Conti-Derived Ransomware ThreatLawmakers Say Stolen Police Logins Are Exposing Flock Surveillance Cameras to HackersFBI Warns of Criminals Posing as ICE, Urges Agents to ID ThemselvesTreasury Sanctions 8 for Laundering North Korea Earnings From Cybercrime, IT Worker SchemeEuropol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global SweepFrench Police Seize €1.6m Amid Crypto Scam Network CrackdownHealth Privacy Bill Seeks Protections for Data Collected by Apps, SmartwatchesData Breach at Major Swedish Software Supplier Impacts 1.5 MillionMedia Giant Nikkei Reports Data Breach Impacting 17,000 PeoplePolish Loan Platform Hacked; Mobile Payment System and Other Businesses DisruptedHundreds of South Gloucestershire Residents’ Details Shared in Data BreachPenn Data Breach Involves Decades of Student and Alumni InformationApache OpenOffice Disputes Data Breach Claims by Akira Ransomware GangMalicious Android Apps on Google Play Downloaded 42 Million TimesMicrosoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages UnnoticedHackers Exploit WordPress Plugin Post SMTP to Hijack Admin AccountsHackers Exploit Critical Auth Bypass Flaw in JobMonster WordPress ThemeGoogle’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKitMicrosoft Removing Defender Application Guard From Office
11/3/2025 November 4, 2025November 4, 2025 ~ The Cyber Beat ~ Leave a comment New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South KoreaHomeland Security Biometric Policy for Foreign Travelers Poses Data-Theft RisksHack Exposes Kansas City’s Secret Police Misconduct ListCybercrooks Team Up With Organized Crime to Steal Pricey CargoRansomware Negotiator, Pay Thyself!…U.S. Cybersecurity Experts Indicted for BlackCat Ransomware AttacksMIT Sloan Quietly Shelves AI Ransomware Study After Researcher Calls BSAWS, Nvidia, CrowdStrike Seek Security Startups to Enter the ArenaData Breach Costs Lead to 90% Drop In Operating Profit at South Korean Telecom GiantHackers Are Attacking Britain’s Drinking Water SuppliersHacker Steals Over $120 Million From Balancer DeFi Crypto ProtocolJapanese Retailer Askul Confirms Data Leak After Cyberattack Claimed by Russia-Linked GroupMalicious VSX Extension “SleepyDuck” Uses Ethereum to Keep Its Command Server AliveResearchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial DataMicrosoft: SesameOp Malware Abuses OpenAI Assistants API in AttacksNew GDI Flaws Could Enable Remote Code Execution in WindowsMicrosoft: Patch for WSUS Flaw Disabled Windows Server HotpatchingCISA and NSA Outline Best Practices to Secure Exchange Servers
10/31-11/2/2025 November 2, 2025November 2, 2025 ~ The Cyber Beat ~ Leave a comment China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate SystemsNation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain AttackHow to Hack a Poker Game RevealedSecurity Concerns Persist Over System at Heart of Digital IDKrebs: Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. CustodyAlleged Conti Ransomware Gang Affiliate Appears in Tennessee Court After Ireland ExtraditionRussia Finally Bites the Cybercrooks It Raised, Arresting Suspected Meduza Infostealer DevsFCC Plans Vote to Remove Cyber Regulations Installed After Theft of Trump Info From TelecomsSling TV Settles With California for Allegedly Violating State Consumer Privacy LawHackers Threaten to Leak ‘Woke’ University of Pennsylvania Student DataAttackers Dig Up $11M in Garden Finance Crypto ExploitEclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz DiscoveryRhysida Oysterloader Malvertising Campaign Leverages 40+ Code-Signing CertificatesASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE VulnerabilityCISA: High-Severity Linux Flaw Now Exploited by Ransomware GangsChinese Hackers Scanning, Exploiting Cisco ASA Firewalls Used by Governments WorldwideMicrosoft Edge Gets Scareware Sensor for Faster Scam DetectionCybersecurity Earnings Rise as AI Dominates Strategies
10/30/2025 October 30, 2025November 2, 2025 ~ The Cyber Beat ~ Leave a comment Diplomatic Entities in Belgium and Hungary Hacked in China-Linked Spy CampaignLeaker Reveals Which Pixels Are Vulnerable to Cellebrite Phone HackingShadow AI: One In Four Employees Use Unapproved AI Tools, Research FindsLinkedIn Phishing Targets Finance Execs With Fake Board InvitesProton Trains New Service to Expose Corporate Infosec Cover-UpsNASA’s Quiet Supersonic Jet Takes FlightCoalition Calls on FTC to Block Meta From Using Chatbot Interactions to Target Ads, Personalize ContentThreat Actors Utilize AdaptixC2 for Malicious Payload DeliveryCritical Flaws Found in Elementor King Addons Affect 10,000 SitesMassive Surge of NFC Relay Malware Steals Europeans’ Credit CardsMalicious NPM Packages Fetch Infostealer for Windows, Linux, macOSCISA Orders Feds to Patch VMware Tools Flaw Exploited by Chinese HackersCyber Info Sharing ‘Holding Steady’ Despite Lapse in CISA 2015, Official SaysThe AI Trust Paradox: Why Security Teams Fear Automated Remediation
10/29/2025 October 29, 2025October 29, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Company Ribbon Communications With Access to Biggest Telecom Firms Uncovers Breach by Unnamed Nation-State HackersRussian Hackers Target Ukrainian Organizations Using Stealthy Living-Off-the-Land TacticsNew Names Surface for NSA Director, Other Top Jobs at Spy AgencyThe Microsoft Azure Outage Shows the Harsh Reality of Cloud FailuresKrebs: Aisuru Botnet Shifts from DDoS to Residential ProxiesNew AI-Targeted Cloaking Attack Tricks AI Crawlers Into Citing Fake Info as Verified FactsEx-L3Harris Cyber Boss Pleads Guilty to Selling Trade Secrets to Russian FirmCISOs Finally Get a Seat at the Board’s Table — But There’s a Big CatchCanada Says Hacktivists Breached Water and Energy FacilitiesCloud Atlas Hackers Target Russian Agriculture Sector Ahead of Industry ForumEY Exposes 4TB+ SQL Database to Open Internet for Who Knows How LongTata Motors Confirms It Fixed Security Flaws, Which Exposed Company and Customer DataMore Than 10 Million Impacted by Breach of Government Contractor ConduentInvestment Scams Spread Across Asia With International ReachPhantomRaven: Npm Malware Uses Invisible Dependencies to Infect Dozens of PackagesWordPress Security Plugin Exposes Private Data to Site SubscribersWindows 11 KB5067036 Update Rolls out Administrator Protection Feature
10/28/2025 October 28, 2025October 28, 2025 ~ The Cyber Beat ~ Leave a comment SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian DiplomatsResearchers Expose GhostCall and GhostHire: BlueNoroff’s New Malware ChainsNation-State Cyber Ecosystems Weakened by Sanctions, Report RevealsClearview AI Faces Criminal Heat for Ignoring EU Data FinesAI Browsers Face a Security Flaw as Inevitable as Death and TaxesPalo Alto Networks Debuts Automated AI Agents to Fight CyberattacksSublime Raises $150 Million for AI-Powered Email SecurityA Quarter of Scam Victims Have Considered Self-HarmAdvertising Giant Dentsu Reports Data Breach at Subsidiary MerkleNew Android Trojan ‘Herodotus’ Outsmarts Anti-Fraud Systems by Typing Like a HumanNew Atroposia Malware Comes With a Local Vulnerability ScannerNew TEE.Fail Side-Channel Attack Extracts Secrets from Intel and AMD DDR5 Secure EnclavesCISA Warns of Two More Actively Exploited Dassault VulnerabilitiesGoogle Chrome to Warn Users by Default Before Opening Insecure HTTP SitesFCC Adopts New Rule Targeting RobocallsF5 Expects Big Revenue Hit From Recent Cyber Attack Compromising Many
10/27/2025 October 27, 2025October 27, 2025 ~ The Cyber Beat ~ Leave a comment Chatbots Are Pushing Sanctioned Russian PropagandaIran’s School for Cyberspies Could’ve Used a Few More Lessons in Preventing BreachesItalian Spyware Vendor Linked to Chrome Zero-Day AttacksEuropol Warns of Rising Threat From Caller ID Spoofing Attacks‘There Isn’t Really Another Choice:’ Signal Chief Explains Why the Encrypted Messenger Relies on AWSX: Re-Enroll 2FA Security Keys by November 10 or Get Locked OutYou Have One Week to Opt Out or Become Fodder for LinkedIn AI TrainingShaquille O’Neal’s Custom Range Rover Stolen During Transport in Suspected HackHundreds of People With ‘Top Secret’ Clearance Exposed by House Democrats’ WebsiteGoogle Disputes False Claims of Massive Gmail Data BreachSweden’s Power Grid Operator Confirms Data Breach Claimed by Everest Ransomware GangQilin Ransomware Group Publishes Over 40 Cases MonthlyRansomware Profits Drop as Victims Stop Paying HackersQNAP Warns of Critical ASP.NET Flaw in its Windows Backup SoftwareCISA Releases Warning About Windows Server Update Service Bug, Orders Agencies to PatchGoogle Says Everyone Will Be Able to Vibe Code Video Games
10/24-26/2025 October 27, 2025October 27, 2025 ~ The Cyber Beat ~ Leave a comment Blitz Spear Phishing Campaign Targets NGOs Supporting UkraineUN Cybercrime Treaty to Be Signed in Hanoi to Tackle Global OffencesFake LastPass Death Claims Used to Breach Password VaultsMPs Urge Government to Stop Britain’s Phone Theft Wave Through TechHow Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBAHackers Earn $1,024,750 for 73 Zero-Days at Pwn2Own IrelandEverest Ransomware Says It Stole 1.5m Dublin Airport Passenger RecordsNew LockBit Ransomware Victims Identified by Security ResearchersHackers Steal Discord Accounts With RedTiger-Based InfostealerHackers Launch Mass Attacks Exploiting Outdated WordPress PluginsWindows Server Emergency Patches Fix WSUS Bug with PoC Exploit…Critical WSUS Flaw in Windows Server Now Exploited in Attacks
10/23/2025 October 23, 2025October 23, 2025 ~ The Cyber Beat ~ Leave a comment Lazarus Group’s Operation DreamJob Targets European Defense FirmsPakistani-Linked Hacker Group Targets Indian Government with DeskRATHackers Posing as Kyrgyz Officials Target Russian Agencies in Cyber Espionage CampaignEurope’s Offshore Wind Sector Faces Dilemma Over China’s Grip on SectorUK Cyber Law Delays ‘Deeply Concerning,’ Say MPsThe ‘Universal Browser’ Privacy Browser Has Dangerous Hidden Features23andMe’s Data-Theft Victims Offered ‘Genetic Monitoring’ to Ward Off HackersFormer Polish Official Indicted Over Spyware PurchasePlaytime’s Over: Crooks Swipe Toys R Us Canada Customer Data and Dump It Online“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift CardsSpoofed AI Sidebars Can Trick Atlas, Comet Users Into Dangerous ActionsTired of Unpaid Toll Texts? Blame the ‘Smishing Triad’CISA Warns of Lanscope Endpoint Manager Flaw Exploited in AttacksMicrosoft Disables File Explorer Preview for Downloads to Block AttacksGoogle Nukes 3,000 YouTube Videos That Sowed Malware Disguised as Cracked SoftwareTrump Pardons Former Binance CEO After Guilty Plea in Letting Cybercrime Proceeds Flow Through Platform
10/22/2025 October 22, 2025October 22, 2025 ~ The Cyber Beat ~ Leave a comment PhantomCaptcha Campaign Targets Ukraine Relief OrganizationsMuddyWater Uses Compromised Mailboxes in Global Phishing CampaignThe Long Tail of the AWS OutageScattered Lapsus$ Hunters Signal Shift in TacticsUN Cybercrime Pact to Be Signed in Hanoi Raises Hopes, ConcernsKrebs: Canada Fines Cybercrime Friendly Cryptomus $176MJLR Hack UK’s Costliest Ever, Hitting Economy with £1.9bn LossNo, ICE (Probably) Didn’t Buy Guided Missile WarheadsSpaceX Disables More Than 2,000 Starlink Devices Used in Myanmar Scam CompoundsIt Takes Only 250 Documents to Poison Any AI ModelCyber Incidents in Texas, Tennessee and Indiana Impacting Critical Government ServicesRansomware Gang Steals Meeting Videos, Financial Secrets From Fence WholesalerSummit Golf Brands Allegedly Subjected to Massive INC Ransom BreachFake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet KeysTARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code ExecutionHackers Exploiting Critical “SessionReaper” Flaw in Adobe MagentoChinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July PatchPwn2Own Day 2: Hackers Exploit 56 Zero-Days for $790,000
10/21/2025 October 22, 2025October 22, 2025 ~ The Cyber Beat ~ Leave a comment Russian Coldriver Hackers Deploy New ‘NoRobot’, ‘YesRobot’, and ‘MaybeRobot’ Malware‘PassiveNeuron’ Cyber Spies Target Orgs With Custom MalwareLumma Stealer Developers Doxxed in Underground Rival Cybercrime CampaignMeta Rolls Out New Tools to Protect WhatsApp and Messenger Users from ScamsHow Malware Vaccines Could Stop Ransomware’s RampageMedical Specialist Group Fined £100K After Hack Exposed Patient DataCloud Data Firm Veeam to Buy Securiti AI for $1.73 BillionRussia Pressures Apple to Make Russian Search Engines Default on Locally-Sold iPhonesAmazon Says AWS Cloud Service Back to Normal After Outage Disrupts Businesses WorldwideSingapore Officials Impersonated in Sophisticated Investment ScamHackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom NetworkVidar Stealer 2.0 Adds Multi-Threaded Data Theft, Better EvasionPolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet CampaignCursor, Windsurf IDEs Riddled with 94+ N-Day Chromium VulnerabilitiesTP-Link Warns of Critical Command Injection Flaw in Omada GatewaysHackers Exploit 34 Zero-Days on the First Day of Pwn2Own Ireland 2025
10/20/2025 October 20, 2025October 20, 2025 ~ The Cyber Beat ~ Leave a comment Amazon’s AWS Struggles to Recover After Major Outage Disrupts Apps, Services Worldwide…What the Huge AWS Outage Reveals About the InternetSalt Typhoon Uses Citrix Flaw in Global Cyber-AttackFlawed Vendor Guidance Exposes Enterprises to Avoidable RiskCyberattacks Cripple Small Businesses, Even When They Aren’t HackedDNS0.EU Private DNS Service Shuts Down Over Sustainability IssuesEvilginx’s Creator Reckons With the Dark Side of Red-Team ToolsJudge Bars NSO From Targeting WhatsApp Users With Spyware, Reduces Damages in Landmark CaseWhat to Know About the Shocking Louvre Jewelry HeistThe Fraudster Behind Steve Ballmer’s NBA NightmareRetail Giant Muji Halts Online Sales After Ransomware Attack on SupplierHome Security Firm Verisure Reports Data Breach at Swedish SubsidiaryJapanese Retailer Askul Halts Online Orders, Shipments After Ransomware Attack131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam CampaignSelf-Spreading GlassWorm Malware Hits OpenVSX, VS Code RegistriesCyber Defenders From All Around Sound the Alarm as F5 Hack Exposes Broad RisksCISA: High-Severity Windows SMB Flaw Now Exploited in Attacks…Five New Exploited Bugs Land in CISA’s Catalog — Oracle and Microsoft Among TargetsMicrosoft Warns of Windows Smart Card Auth Issues After October Updates
10/17-19/2025 October 20, 2025October 20, 2025 ~ The Cyber Beat ~ Leave a comment Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ OfficialsNorth Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS MalwareTeen Tied to Russian Hackers in Dutch Cyber Espionage ProbeOver 266,000 F5 BIG-IP Instances Exposed to Remote AttacksChina Accuses U.S. of Cyberattack on National Time CenterMicrosoft Revokes 200 Fraudulent Certificates Used in Rhysida Ransomware CampaignEuropol Dismantles SIM Farm Network Powering 49 Million Fake Accounts WorldwideExperian Fined $3.2 Million for Mass-Collecting Personal DataLabor Unions Sue Trump Administration Over Social Media SurveillanceAmerican Airlines Subsidiary Envoy Air Confirms Oracle Data Theft AttackAI Girlfriend Apps Leak Millions of Private ChatsNew .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPsKrebs: Email Bombs Exploit Lax Authentication in ZendeskGoogle Ads for Fake Homebrew, LogMeIn Sites Push InfostealersTikTok Videos Continue to Push Infostealers, Including Aura Stealer, in ClickFix AttacksResearchers Uncover WatchGuard VPN Bug That Could Let Attackers Take Over DevicesConnectWise Fixes Automate Bug Allowing AiTM Update AttacksMicrosoft Fixes Highest-Severity ASP.NET Core Flaw Ever
10/16/2025 October 16, 2025October 20, 2025 ~ The Cyber Beat ~ Leave a comment Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks…Breach at U.S.-Based Cybersecurity Provider F5 Blamed on China, Say Sources…Cybersecurity Firm F5′S Stock Sinks 10%‘Categorically Untrue’ That China Hacked UK Intelligence Systems, Say OfficialsHacked Airport P.A. Systems Broadcast Anti-Trump and Pro-Hamas MessagesNorth Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart ContractsMicrosoft Disrupts Ransomware Attacks Targeting Teams UsersMicrosoft Debuts Copilot Actions for Agentic AI-Driven Windows TasksRing to Partner With Flock, Giving Law Enforcement Easier Access to Home Security Camera FootageCambodia to Repatriate South Koreans Ensnared by Scam Industry Amid Diplomatic PressureEx-Trump National Security Adviser Bolton Charged With Storing and Sharing Classified InformationVulnerability Scores, Huh, What Are They Good For? Almost NothingNintendo Denies Data Leak After Online ReportsAuction Giant Sotheby’s Says Data Breach Exposed Customer InformationHave I Been Pwned: Prosper Data Breach Impacts 17.6 Million AccountsList of Major Companies Hit by Massive Salesforce Data Breach Continues to GrowDairy Farmers of America Confirms June Cyberattack Leaked Personal DataHackers Abuse Blockchain Smart Contracts to Spread Malware via Infected WordPress SitesMicrosoft Warns of a 32% Surge in Identity Hacks, Mainly Driven by Stolen PasswordsLinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP PacketsNew Rootkit Campaign Exploits Cisco SNMP Flaw to Gain PersistenceGladinet Fixes Actively Exploited Zero-Day CVE-2025-11371 in File-Sharing SoftwareCISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
10/15/2025 October 15, 2025October 15, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Warns That Hackers Using F5 Devices to Target Government Networks…Emergency Order…F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive IntrusionChinese Threat Group ‘Jewelbug’ Quietly Infiltrated Russian IT Network for MonthsWhen Face Recognition Doesn’t Know Your Face Is a FaceGoogle Will Let Friends Help You Recover an AccountOutsourcing Firm Capita Fined £14M After Millions Had Data StolenNew York Secures $14 Million in Fines From 8 Car Insurance Companies After Data BreachesUK, U.S. Sanction Southeast Asia-Based Online Scam NetworkPowerSchool Hacker Gets Sentenced to Four Years in PrisonScouts Can Now Earn AI and Cybersecurity BadgesCisco Must Share More Information About Effects of Severe Bugs on Businesses, Senator Cassidy SaysSalesforce-Linked Security Breach Fallout Escalates With Qantas LeakClothing Giant MANGO Discloses Data Breach Exposing Customer InfoTexas Electric Cooperatives Purportedly Breached by QilinWhisper 2FA Behind One Million Phishing Attempts Since JulyFake LastPass, Bitwarden Breach Alerts Lead to PC HijacksHackers Target ICTBroadcast Servers via Cookie Exploit to Gain Remote Shell AccessFlaw in Slider Revolution Plugin Exposed 4m WordPress SitesNew SAP NetWeaver Bug Lets Attackers Take Over Servers Without LoginRMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential ComputingTwo CVSS 10.0 Bugs in Red Lion RTUs Could Hand Hackers Full Industrial ControlKrebs: Patch Tuesday, October 2025 ‘End of 10’ Edition…Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
10/14/2025 October 14, 2025October 14, 2025 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Use Trusted ArcGIS App For Year-Long PersistenceTaiwan Flags Rise in Chinese Cyberattacks, Warns of ‘Online Troll Army’Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate DataSalesforce Deepens AI Ties With OpenAI, Anthropic to Power Agentforce PlatformSenior Execs Falling Short on Cyber-Attack Preparedness, NCSC Warns…Cyber Attack Contingency Plans Should Be Put On Paper, Firms Told…NCSC Reports 130% Spike in “Nationally Significant” Cyber IncidentsUK Firms Lose Average of £2.9m to AI RiskCritical infrastructure CISOs Can’t Ignore ‘Back-Office Clutter’ DataFeds Seize Record-Breaking $15 Billion in Bitcoin From Alleged Scam EmpireFlorida Sues Roku for Illegally Selling Children’s Data, Including Precise GeolocationSecurity Firms Dispute Credit for Overlapping CVE ReportsDiscord Blamed a Vendor for Its Data Breach — Now the Vendor Says It Was ‘Not Hacked’npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord ChannelsPersonal Data Potentially Stolen in Asahi Cyber-AttackHarvard Says ‘Limited Number of Parties’ Impacted by Breach Linked to Oracle Zero-DayMichigan City (IN) Confirms Ransomware Hackers Behind September IncidentHacker Group TA585 Emerges With Advanced Attack InfrastructureMalicious Crypto-Stealing VSCode Extensions Resurface on OpenVSXNew Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without PermissionsSecure Boot Bypass Risk Threatens Nearly 200,000 Linux Framework LaptopsLegacy Windows Protocols Still Expose Networks to Credential TheftMicrosoft October 2025 Patch Tuesday Fixes 6 Zero-Days, 172 FlawsOracles Silently Fixes Zero-Day Exploit Leaked by ShinyHunters
10/13/2025 October 13, 2025October 13, 2025 ~ The Cyber Beat ~ Leave a comment Ukraine Takes Steps to Launch Dedicated Cyber Force for Offensive StrikesChina Probes Qualcomm’s Autotalks Deal Amid Rising U.S. Trade TensionsDutch Government Puts Nexperia on a Short Leash Over Chip Security FearsUK Ofcom Fines 4chan £20K and Counting for Pretending UK’s Online Safety Act Doesn’t ExistAstaroth Banking Trojan Abuses GitHub to Remain Operational After TakedownsMicrosoft Locks Down IE Mode After Hackers Turned Legacy Feature Into BackdoorApple Bug Bounty Payouts Can Now Top $5mFired California Cybersecurity Chief Speaks Out on Sudden Termination, Security ConcernsScattered Lapsus$ Hunters Rage-Quit the Internet (Again), Promise to Return Next YearHarvard Investigating Breach Linked to Oracle Zero-Day ExploitSimonMed Says 1.2 Million Patients Impacted in January Data BreachGoosehead Insurance Confirms Data Breach Exposes SSNs Following Ransomware AttackWellborn & Company Data Breach Affecting Clients’ Personal InformationHackers Target ScreenConnect Features For Network IntrusionsMassive Multi-Country Botnet Targets RDP Services in the U.S.New Rust-Based Malware “ChaosBot” Uses Discord Channels to Control Victims’ PCsSonicWall VPN Accounts Breached Using Stolen Creds in Widespread Attacks
10/10-12/2025 October 12, 2025October 12, 2025 ~ The Cyber Beat ~ Leave a comment What Are the Latest Sticking Points in U.S.-China Tensions?White House Lays off Thousands of U.S. Government Workers, Blaming Shutdown…Federal Cyber Cuts Raise National Security AlarmsActing U.S. Cyber Command, NSA Chief Won’t Be Nominated for the Job, Sources SayNorth Korean Scammers Are Doing Architectural Design NowKrebs: DDoS Botnet Aisuru Blankets U.S. ISPs in Record DDoSSpyware Maker NSO Group Confirms Acquisition by U.S. Investors…Led by Hollywood ProducerCops Nuke BreachForums (Again) Amid Cybercrime Supergroup Extortion BlitzSpain Dismantles “GXC Team” Cybercrime Syndicate, Arrests LeaderProsecutors Seek 7-Year Prison Term for ‘Sophisticated’ PowerSchool HackerFinland’s Trial of Men Charged Over Baltic Sea Cable Damage Hits Choppy WatersMicrosoft Violated EU Law in Handling of Kids’ Data, Austrian Privacy Regulator FindsUK Techies’ Union Prospect Warns Members After Breach Exposes Sensitive Personal DetailsAustralian Airline Qantas Airways Says Hackers Leaked Data on Its CustomersPrivate Data Exposed in Georgia Department of Human Services Email BreachKearney Public Schools (NE) Hit by a Cybersecurity AttackHouston Suburb Sugar Land (TX) Says Some Online Services Taken Down by CyberattackFake ‘Inflation Refund’ Texts Target New Yorkers in New Scam175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing CampaignStealit Malware Abuses Node.js Single Executable Feature via Game and VPN InstallersFrom Detection to Patch: Fortra Reveals Full Timeline of CVE-2025-10035 ExploitationHackers Exploiting Zero-Day in Gladinet File Sharing SoftwareNew Oracle E-Business Suite Bug Could Let Hackers Access Data Without LoginApple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
10/9/2025 October 9, 2025October 9, 2025 ~ The Cyber Beat ~ Leave a comment China Honing Abilities for a Possible Future Attack, Taiwan Defence Report WarnsFrom HealthKick to GOVERSHELL: The Evolution of UTA0388’s Espionage MalwarePro-Russian Hacktivist Group ‘Twonet’ Target Critical Infrastructure, Hit Decoy PlantClaude’s New AI File-Creation Feature Ships With Security Risks Built InResearchers Warn of Security Gaps in AI BrowsersIt’s Trivially Easy to Poison LLMs Into Spitting Out Gibberish, Says AnthropicGitHub Copilot ‘CamoLeak’ AI Attack Exfiltrates DataTake Note: Cyber-Risks With AI NotetakersHigh Number of Windows 10 Users Remain as End-of-Life LoomsRenewal of Cyber Information-Sharing Law Must Mind the Gap, Senator SaysGoogle Says ‘Likely Over 100’ Affected by Oracle-Linked Hacking CampaignAll SonicWall Cloud Backup Users Have Firewall Configuration Files StolenHackers Claim Discord Breach Exposed Data of 5.5 Million UsersRhode Island Lottery Tech Supplier Brightstar Lottery Group Breach Impacted ThousandsQilin Ransomware Gang Claims San Francisco’s Cal Club, Exposing Members of Exclusive Golf ClubClayRat Spyware Campaign Targets Android Users in RussiaMicrosoft: Storm-2657 Hackers Target Universities in “Payroll Pirate” AttacksHackers Now Use Velociraptor DFIR Tool in Ransomware AttacksChaos Ransomware Upgrades With Aggressive New C++ VariantRondoDox Botnet Targets 56 N-Day Flaws in Worldwide Attacks
10/8/2025 October 8, 2025October 8, 2025 ~ The Cyber Beat ~ Leave a comment OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for CyberattacksRussian Hackers Turn to AI as Old Tactics Fail, Ukrainian CERT SaysRussia Is at ‘Hybrid War’ With Europe, Warns EU Chief, Calling for Members ‘To Take It Very Seriously’Nezha Tool Used by Chinese Hackers in New Cyber Campaign Targeting Web ApplicationsBybit Theft Drives Record-Breaking $2bn Haul for North KoreaU.S. Government Shutdown: Who Is Still Working and Who Has Been Furloughed?Digital Fraud Costs Companies Worldwide 7.7% of Annual RevenueSalesforce Says It Won’t Pay Extortion Demand in 1 Billion Records BreachKrebs: ShinyHunters Wage Broad Corporate Extortion SpreeCybersecurity Gets C-Suite Attention as Companies Dive Into AI1Password Says It Can Fix Login Security for AI Browser AgentsGermany Slams Brakes on EU’s Chat Control Device-Scanning SnoopfestDiscord Says 70,000 Users May Have Had Their Government IDs Leaked in BreachMajor U.S. Law Firm Williams & Connolly Says Hackers Broke Into Attorneys’ Emails AccountsLockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware EcosystemCrimson Collective Hackers Target AWS Cloud Instances for Data TheftNew FileFix Attack Uses Cache Smuggling to Evade Security SoftwareHackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing AttacksHackers Exploit Auth Bypass in Service Finder WordPress ThemeSevere Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch NowDocker Makes Hardened Images Catalog Affordable for Small BusinessesCalifornia Enacts Law Giving Consumers Ability to Universally Opt Out of Data SharingTime’s Running Out to Claim Your Part of the $177 Million AT&T Data Breach Settlement
10/7/2025 October 7, 2025October 7, 2025 ~ The Cyber Beat ~ Leave a comment Russia Blocks Mobile Internet for Foreign SIM Cards, Citing Drone ThreatsOpenAI Bans Suspected Chinese Accounts Using ChatGPT to Plan SurveillanceEmployees Regularly Paste Company Secrets into ChatGPTDespite AI-Related Job Loss Fears, Tech Hiring Holds Steady – And Here Are the Most In-Demand SkillsGoogle Won’t Fix New ASCII Smuggling Attack in GeminiGoogle’s New AI Bug Bounty Program Pays up to $30,000 for FlawsMan and Teenage Boy Arrested Over Cyber-Attack on London NurseriesCyberattacks Upset British Life, Disrupting Car Factories and Grocery Stores‘Qilin’ Cybercrime Gang Claims Hack on Japan’s Asahi GroupQilin Claims Ransomware Attack on Mecklenburg Schools (VA)Electronics Giant Avnet Confirms Breach, Says Stolen Data UnreadableDraftKings Warns of Account Breaches in Credential Stuffing AttacksBatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job SeekersCalifornia Sets 30 Day Deadline for Data Breach Notifications
10/6/2025 October 7, 2025October 7, 2025 ~ The Cyber Beat ~ Leave a comment Suspected Chinese Cyber Spies Targeted Serbian Aviation AgencyNew Report Links Research Firms BIETA and CIII to China’s MSS Cyber OperationsOne iPhone Led Police to Gang Suspected of Sending up to 40,000 Stolen UK Phones to ChinaVibe Coding Is the New Open Source—In the Worst Way PossibleGoogle Confirms Android Dev Verification Will Have Free and Paid Tiers, No Public List of DevsOpenAI, AMD Announce Massive Computing Deal, Marking New Phase of AI BoomA Biological 0-Day? Threat-Screening Tools May Miss AI-Designed Proteins.The True Cost of Cyber Attacks – And the Business Weak Spots That Allow Them to HappenSAIC to Acquire Silveredge Government Solutions for $205 MillionEuropol Calls for Stronger Data Laws to Combat CybercrimeSignal Calls on Germany to Vote Against ‘Chat Control,’ Saying It Would Leave EU MarketScattered Lapsus$ Hunters Offering $10 in Bitcoin to ‘Endlessly Harass’ ExecsRed Hat Data Breach Escalates as ShinyHunters Joins ExtortionRansomware Group “Trinity of Chaos” Launches Data Leak SiteDoctors Imaging Group (FL) Suffers Data Breach – 171,800+ Users Data ExposedXWorm Malware Resurfaces With Ransomware Module, Over 35 PluginsNew Malware Sorvepotel Leverages WhatsApp to Target Brazilian Government and BusinessesRedis Warns of Critical Flaw Impacting Thousands of InstancesMicrosoft: Critical GoAnywhere Bug Exploited by Storm-1175 in Medusa Ransomware AttacksSteam and Microsoft Warn of Unity Flaw Exposing Gamers to AttacksOracle Rushes Patch for CVE-2025-61882 After Cl0p Exploited It in Data Theft AttacksZeroday Cloud Hacking Contest Offers $4.5 Million in BountiesPhishing Is Moving From Email to Mobile. Is Your Security?
10/3-5/2025 October 5, 2025October 5, 2025 ~ The Cyber Beat ~ Leave a comment ShinyHunters Launches Salesforce Data Leak Site to Extort 39 Victims…Salesforce Providing Support to Customers Listed on Scattered Spider Extortion SiteApple Drops ICE-Tracking Apps From App Store…Google Too…ICE Wants to Build Out a 24/7 Social Media Surveillance TeamCongress Let Cyber-Intel Sharing Act Lapse. Does it Matter?National Security, Legal Readiness, and U.S. Engagement for International Dual-Use Technology CompaniesUK Government Says Digital ID Won’t Be Compulsory – HonestConsumers More Likely to Pay for ‘Responsible’ AI Tools, Deloitte Survey SaysChatGPT Social Could Be a Thing, as Leak Shows Direct Messages SupportOpenAI Wants ChatGPT to be Your Emotional SupportSignal Adds New Cryptographic Defense Against Quantum AttacksMunich Airport Chaos After Drone Sightings Spook Air Traffic ControlParkMobile Pays… $1 Each for 2021 Data Breach That Hit 22 MillionLinkedIn Sues Software Company Allegedly Scraping Data From Millions of ProfilesCalifornia AG Sues City for Allowing Out-Of-State Searches of License Plate Reader DatabaseOracle Links Clop Extortion Attacks to July 2025 VulnerabilitiesDiscord Customer Service Data Breach Leaks User Info and Scanned Photo IDsRenault and Dacia UK Warn of Data Breach Impacting CustomersSix Out of 10 UK Secondary Schools Hit by Cyber-Attack or Breach in Past YearJapan Faces Asahi Beer Shortage After Cyber-AttackNew “Cavalry Werewolf” Attack Hits Russian Agencies with FoalShell and StallionRATMassive Surge in Scans Targeting Palo Alto Networks Login PortalsChinese-Speaking Cybercrime Group Hijacks IIS Servers for SEO FraudDetour Dog Caught Running DNS-Powered Malware Factory for Strela StealerRhadamanthys Stealer Evolves: Adds Device Fingerprinting, PNG Steganography PayloadsResearchers Warn of Self-Spreading WhatsApp Malware Named SORVEPOTELCometJacking: One Click Can Turn Perplexity’s Comet AI Browser Into a Data ThiefHackers Exploited Zimbra Flaw as Zero-Day Using iCalendar FilesCISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the WildLicense Plate Reader Company Flock Launches New Product That Detects Human Voices
10/2/2025 October 2, 2025October 2, 2025 ~ The Cyber Beat ~ Leave a comment U.S. to Provide Ukraine With Intelligence for Missile Strikes Deep Inside Russia…Trump’s Drone Deal With Ukraine to Give U.S. Access to Battlefield TechU.S. Government Shutdown to Slash Federal Cybersecurity Staff…Shutdown Guts U.S. Cybersecurity Agency at Perilous Time…U.S. Stocks Rally on Shutdown’s Second DayGoogle Says Self-Reported Cl0p Hackers Are Sending Extortion Emails to Corporate ExecutivesGmail’s End-To-End Encryption for Organizations Now Works Across Email ProvidersEU Funds Are Flowing Into Spyware Companies, and Politicians Are Demanding AnswersHackerOne Paid $81 Million in Bug Bounties Over the Past YearCybercrims Claim Raid on 28,000 Red Hat Repos, Say They Have Sensitive Customer FilesSubpoena Tracking Platform Blames Outage on AWS Social Engineering AttackConcerns for Patient Data After Suspected Cyberattack on Shamir Medical CenterConfucius Shifts from Document Stealers to Python BackdoorsWarning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok ProAlert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before TakedownDrayTek Warns of Remote Code Execution Bug in Vigor RoutersMicrosoft Outlook Stops Displaying Inline SVG Images Used in AttacksMicrosoft Defender Bug Triggers Erroneous BIOS Update Alerts
10/1/2025 October 1, 2025October 1, 2025 ~ The Cyber Beat ~ Leave a comment Ukraine Warns of CABINETRAT Backdoor + XLL Add-ins Spread via Signal ZIPsGeopolitics Drives More CyberattacksChina Imposes One-Hour Reporting Rule for Major Cyber IncidentsExpiration of Cyber Information-Sharing Act Leaves U.S. Very VulnerableF-Droid Project Threatened by Google’s New Dev Registration RulesSchools and Colleges Are Swotting up on Security Yet Still Flunk Recovery When Cyberattacks Inevitably StrikeSeniors Targeted in Global Facebook Scam Spreading New Android MalwareAI Data Analytics Startup Dataiku Picked Multiple Banks for U.S. IPO, Sources SayAllianz Life Says July Data Breach Impacts 1.5 Million PeopleData Breach at Dealership Software Provider Motility Software Solutions Impacts 766K ClientsAdobe Analytics Bug Leaked Customer Tracking Data to Other TenantsHackers Exploit Milesight Routers to Send Phishing SMS to European UsersShortcut-based Credential Lures Deliver DLL ImplantsNew WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer‘Delightful’ Root-Access Bug in Red Hat OpenShift AI Allows Full Cluster TakeoverOneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
9/30/2025 September 30, 2025September 30, 2025 ~ The Cyber Beat ~ Leave a comment Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth MalwareNorth Korea IT Worker Scheme Expanding to More Industries, Countries Outside of U.S. Tech SectorTile’s Lack of Encryption Could Make Tracker Owners Vulnerable to StalkingMicrosoft’s New Security Store Is Like an App Store for CybersecurityGoogle Releases AI-Powered Ransomware Detection Features for Cloud Files…Google’s Latest AI Ransomware Defense Only Goes So Far‘Trifecta’ of Google Gemini Flaws Turn AI Into Attack VehicleWhy Burnout Is a Growing Problem in CybersecurityIsraeli High-Tech Funding and M&A Gain in 2025 Despite Ongoing Gaza WarTrump Visa Curbs Push U.S. Firms to Consider Shifting More Work to IndiaSendit Sued by the FTC for Illegal Collection of Children DataCPPA Fines Tractor Supply Company $1.4 Million for Privacy ViolationsUK Police Just Seized £5.5 Billion in Bitcoin — The World’s Largest Crypto Bust of ‘Bitcoin Queen’Afghanistan Plunged Into Nationwide Internet Blackout, Disrupting Air Travel, Medical CareHarbor Mental Health Services Organization (OH) Investigating Data BreachSmishing Campaigns Exploit Cellular Routers to Target BelgiumNew MatrixPDF Toolkit Turns PDFs into Phishing and Malware LuresNew Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel EventsNew Android RAT Klopatra Targets Financial DataCritical WD My Cloud Bug Allows Remote Command Injection$50 Battering RAM Attack Breaks Intel and AMD Cloud Security ProtectionsNearly 50,000 Cisco Firewalls Vulnerable to Actively Exploited FlawsCISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix SystemsCISA Orders Federal Gov to Patch Critical Fortra File Transfer BugBroadcom Fixes High-Severity VMware NSX Bugs Reported by NSA…Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024Tech Companies Should Be Shielded From Spyware Lawsuits, Report SaysCyber Information-Sharing Law and State Grants Set to Go Dark as Congress Stalls Over Funding
9/29/2025 September 29, 2025November 16, 2025 ~ The Cyber Beat ~ Leave a comment Ukrainian Cops Spoofed in Fileless Phishing Attacks on KyivTile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers SayHow to Use a Password Manager to Share Your Logins After You DieUK Gov’t Backs Jaguar Land Rover (JLR) With £1.5 Billion Loan Guarantee After CyberattackChinese Scammer Pleads Guilty After UK Seizes Nearly $7 Billion in BitcoinUkraine’s Digital Chief Pushes for AI-First State Amid War and Cyber ThreatsEuropean AI Company’s ‘Reputation Reports’ Are Inaccurate and Illegal, Watchdog ClaimsLaw Enforcement Is Using AI to Synthesize Evidence. Is the Justice System Ready for It?‘You’ll Never Need to Work Again’: Criminals Offer Reporter Money to Hack BBCCanada’s WestJet Says Some Passenger Data Exposed in Cybersecurity BreachAsahi Runs Dry as Online Attackers Take Down Japanese BrewerEvilAI Malware Masquerades as AI Tools to Infiltrate Global OrganizationsMicrosoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email SecurityNational Cyber Authorities Launch OT Security GuidanceDHS, CISA Kick Off Cybersecurity Awareness MonthCISA to Furlough 65% of Staff if Government Shuts Down This Week
9/26-28/2025 September 28, 2025September 28, 2025 ~ The Cyber Beat ~ Leave a comment New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused CyberattacksDutch Teens Arrested for Trying to Spy on Europol for RussiaChina-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN NetworksNetanyahu Broadcasts United Nations Message Into Gaza Accusing World Leaders of Appeasing ‘Evil’Trump Signs ‘Saving TikTok’ Order to Start Resolving Its Big Ban ProblemSingapore Threatens Meta With Fines Over Facebook Impersonation ScamsKrebs: Feds Tie ‘Scattered Spider’ Duo to $115M in RansomsInterpol Cracks Down on Large-Scale African Scamming Networks‘No Harm, No Foul:’ Courts Take Tougher Line on Data-Breach SuitsSalesforce Facing Multiple Lawsuits After Salesloft BreachAs Fraud Surges, UK Prepares to Replace Its Massively Broken Reporting ServicesDatacenter Fire Takes 647 South Korean Government Services OfflineA New Front Opens Between Zuckerberg and Musk Over RobotsHarrods Says Customers’ Data Stolen in It BreachVolvo North America Confirms Staff Data Stolen Following Ransomware Attack on It SupplierUnion County (OH) Suffers Ransomware Attack Impacting 45,000 PeopleFake Microsoft Teams Installers Push Oyster Malware via MalvertisingNew macOS XCSSET Variant Targets Firefox with Clipper and Persistence ModuleNew LockBit Ransomware Variant Emerges as Most Dangerous YetAkira Ransomware Breaching MFA-Protected SonicWall VPN AccountsArcaneDoor Threat Actor Resurfaces in Continued Attacks Against Cisco FirewallsCisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER MalwareFortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public DisclosureMicrosoft Edge to Block Malicious Sideloaded ExtensionsMicrosoft’s New AI Feature Will Organize Your Photos AutomaticallyEU Probes SAP Over Anti-Competitive ERP Support Practice
9/25/2025 September 25, 2025September 29, 2025 ~ The Cyber Beat ~ Leave a comment Microsoft Disables Some Cloud Services Used by Israel’s Defense MinistryDOGE Might Be Storing Every American’s SSN on an Insecure Cloud ServerPhishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat ActorsVane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud NetworkTech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report FindsTeen Suspected of Vegas Casino Cyberattacks Released to ParentsEmpty Shelves, Empty Coffers: Co-Op Pegs Cyber Hit at £80MGoogle, Period-Tracking App to Pay Combined $56 Million to Settle Privacy ClaimsCallous Crims Break Into Preschool Network, Publish Toddlers’ DataJaguar Land Rover Restarts Some IT Systems as Suppliers Call for Urgent SupportMalicious Postmark MCP Server AI Agent Server Reportedly Steals EmailsExperts Warn of Global Breach Risk from Indian Third Party SuppliersMalicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads ConfirmedForcedLeak: Critical Vulnerability in Salesforce AI-Powered AgentForce ExposedUrgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation DirectiveAmazon Pays $2.5 Billion to Settle Prime Memberships Lawsuit from FTC
9/24/2025 September 25, 2025September 25, 2025 ~ The Cyber Beat ~ Leave a comment Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt StrikeUNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology SectorsCollins Aerospace Working on Restoring Software for Airlines Hit by CyberattackUK Arrests Man in Airport Ransomware Attack That Caused Delays Across EuropeKrebs: Feds Tie ‘Scattered Spider’ Duo to $115M in RansomsPolice Seizes $439 Million Stolen by Cybercrime Rings WorldwidePhone Spyware Scandal in Greece Moves to Court as Critics Claim Cover-upOpenAI is Testing a New GPT-5-Based AI agent “GPT-Alpha”Kali Linux 2025.3 Released With 10 New Tools, WiFi EnhancementsSenators Introduce Bill Directing FTC to Establish Standards for Protecting Consumers’ Neural DataVegas Gambling Giant Boyd Gaming Corporation Hit by Cyber Incident, Employee Data ExposedRhysida Ransomware Gang Known for Government Attacks Claims Maryland Transit IncidentCISA Urges Orgs to Review Software After ‘Shai-Hulud’ Supply Chain CompromiseNew YiBackdoor Malware Shares Major Code Overlaps with IcedID and LatrodectusGitHub Notifications Abused to Impersonate Y Combinator for Crypto TheftNew String of Phishing Attacks Targets Python DevelopersHackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM CredentialsUnpatched Flaw in OnePlus Phones Lets Rogue Apps Text MessagesTwo Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI ModelsCisco Warns of iOS Zero-Day Vulnerability Exploited in Attacks
9/23/2025 September 23, 2025September 23, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Secret Service Agents Dismantle Network That Could Shut Down New York Cellphone System…Found Near UN General Assembly…300 SIM Servers, 100K Cards…‘SIM Farms’ Are a Spam PlagueCISA Says Hackers Breached Federal Agency Using Geoserver ExploitEuropean Airports Still Dealing With Disruptions Days After Ransomware AttackDrones and Cyber Outages Exposing Aviation Weak Spots Since 2017Critical Security Flaws Grow With AI Use, New Report ShowsAttacker Breakout Time Falls to 18 MinutesDeepfake Attacks Hit Two-Thirds of BusinessesDHS Has Been Collecting U.S. Citizens’ DNA for YearsWhatsApp Adds Message Translation to iPhone and Android AppsGitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security15 Years of Zero Trust: Why It Matters More Than EverCloudflare Mitigates New Record-Breaking 22.2 Tbps DDoS AttackJaguar Land Rover Extends Production Pause AgainSuspected Cyberattack Disrupts Circle K Chain’s Operations in Hong KongSouth Korea Probes Credit Card Company Lotte Card Data Breach Affecting 3 Million CustomersIranian Hacking Group Nimbus Manticore Expands European TargetingComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian CyberattacksBadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web ShellsShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire ServiceNPM Package ‘fezbox’ Caught Using QR Code to Fetch Cookie-Stealing MalwareTwo New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust SecurityLibraesva ESG Issues Emergency Fix for Bug Exploited by State HackersSolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution FlawSonicWall Releases SMA100 Firmware Update to Wipe Rootkit Malware
9/22/2025 September 22, 2025September 22, 2025 ~ The Cyber Beat ~ Leave a comment EU Agency Confirms Ransomware Attack Behind Airport Disruptions…Airport Chaos Highlights Rise in High-Profile Ransomware Attacks, Cyber Experts SayNew Plan Would Give Congress Another 18 Months to Revisit Section 702 Surveillance PowersDeal to Keep TikTok in U.S. Is Near. These Are the Details.Russia Steps up Disinformation Efforts to Sway Moldova’s Parliamentary Vote$100M Cyberattack on Vegas Strip Involved Teen Hacker, Police Say…Organizations Must Update Defenses to Scattered Spider Tactics, Experts UrgeMajor Cyber Threat Detection Vendors Pull Out of MITRE Evaluations TestCar Giant Stellantis Says Customer Data Nicked After Partner Vendor PwnedAmerican Archive of Public Broadcasting Fixes Bug Exposing Restricted MediaVerified Steam Game Steals Streamer’s Cancer Treatment DonationsLorain County (OH) Data Breach May Have Exposed Employee and Vendor Social Security, Bank InformationComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian CyberattacksNew EDR-Freeze Tool Uses Windows WER to Suspend Security SoftwareAs Scientists Show They Can Read Inner Speech, Brain Implant ‘Pioneers’ Fight for Neural Data Privacy, Access Rights
9/19-21/2025 September 21, 2025September 21, 2025 ~ The Cyber Beat ~ Leave a comment Russian State Hackers Gamaredon and Turla Collaborate in Attacks Against UkraineDPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job ScamsUNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE MalwareWhite House Outlines TikTok Deal That Would Give U.S. Control of Algorithm…China’s ByteDance Will Get 1 of 7 Board Seats for TikTok’s U.S. Operations, Official Says…Lachlan Murdoch, Michael Dell, Ellison Involved in TikTok Deal, Trump SaysFailed Stopgap Funding Bill Puts Key Federal Cybersecurity Legislation in JeopardyDOJ: Scattered Spider Took $115 Million in Ransoms, Breached a U.S. Court SystemCanada Dismantles TradeOgre Exchange, Seizes $40 Million in CryptoMI6 Launches Darkweb Portal to Recruit Foreign SpiesWatchdog Finds MrBeast Improperly Collected Children’s DataAirport Cyberattack Disrupts More and More Flights Across Europe…What We Know About the Cyberattack That Hit Major European AirportsRussia’s Main Airport in St. Petersburg Says Its Website Was HackedAttackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks17,500 Lighthouse and Lucid Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS SurgeLastPass Warns of Fake Repositories Infecting macOS with Atomic InfostealerIvanti EPMM Holes Let Miscreants Plant Shady Listeners, CISA SaysFortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT VulnerabilityTransforming Cyber Frameworks to Take Control of Cyber-RiskFBI Warns of Cybercriminals Using Fake FBI Online Crime Reporting PortalsChatGPT Search is Now Smarter as OpenAI Takes on Google Search
9/18/2025 September 18, 2025September 18, 2025 ~ The Cyber Beat ~ Leave a comment Senate Confirms Sutton as Pentagon Cyber Policy ChiefThis Microsoft Entra ID Vulnerability Could Have Been CatastrophicCybercriminals Have a Weird New Way to Target You With Scam TextsNCA Singles Out “The Com” as it Chairs Five Eyes Group‘Scattered Spider’ Teens Charged Over London Transportation HackCybersecurity Firm Netskope Notches $8.8 Billion Valuation as Shares Jump in Nasdaq DebutCrowdStrike Pops Nearly 13% on Upbeat Long-Term Guidance at Investor DayBrazil Enacts Sweeping Bill Requiring Online Age Verification, Safeguards for Children’s DataTaliban Bans Fiber-Optic Internet in Several Afghan Provinces to Curb ‘Immorality’Russian Regional Airline KrasAvia Disrupted by Suspected CyberattackCloudflare DDoSed Itself with React useEffect Hook BlunderCountLoader Broadens Russian Ransomware Operations With Multi-Version Malware LoaderSilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python DevelopersSystemBC Malware Turns Infected VPS Systems Into Proxy HighwayPyPi Invalidates Tokens Stolen in Ghostaction Supply Chain AttackWatchGuard Warns of Critical Vulnerability in Firebox FirewallsGoogle Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens MillionsOpenAI Fixes Zero-Click Shadowleak Vulnerability Affecting ChatGPT Deep Research Agent
9/17/2025 September 17, 2025September 17, 2025 ~ The Cyber Beat ~ Leave a comment House Lawmakers Move to Extend Two Key Cyber Programs, for NowItaly Enacts AI Law Covering Privacy, Oversight and Child AccessIsrael’s Glilot Capital Raises $500 Million for New AI and Cybersecurity InvestmentsFive Point-Backed WaterBridge Raises $634 Million in U.S. IPOAxiom Space Aims for Orbit With Its Orbital Data Center NodeTaskUs Employees Behind Coinbase Breach, U.S. Court Filing AllegesJudge Rejects Meta Attempt to Overturn Flo Privacy VerdictLabour Politician Charged Over ‘Honey Trap’ WhatsApp Messages Sent to MPsChinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy ExpertsScattered Spider Resurfaces With Financial Sector Attacks Despite Retirement ClaimsShinyHunters Claims 1.5 Billion Salesforce Records Stolen in Drift HacksVC Firm Insight Partners Says Thousands of Staff and Limited Partners Had Personal Data Stolen in a Ransomware AttackTA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel AttacksShai-Hulud Worm Prowls npm to Steal Hundreds of SecretsSonicWall Warns Customers to Reset Credentials After Breach
9/16/2025 September 16, 2025September 16, 2025 ~ The Cyber Beat ~ Leave a comment A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized UsersKrebs: Self-Replicating Worm Hits 180+ Software PackagesMicrosoft Seizes 340 Websites Linked to Growing Phishing Subscription ServiceWe Set Out to Craft the Perfect Phishing Scam. Major AI Chatbots Were Happy to Help.OpenAI to Predict Ages in Bid to Stop ChatGPT From Discussing Self Harm With KidsWant to Foil an AI Deepfake? Tell It to Draw a Smiley FaceHow to Set Up and Use a Burner PhoneCrowdStrike to Buy AI Security Company PangeaIsraeli Cybersecurity Startup Vega Raises $65 Million, Valued at $400 MillionCybersecurity Provider Netskope Boosts IPO Range as It Tests Tech Hot StreakJaguar Land Rover (JLR) Stuck in Neutral as Losses Skyrocket Amid Cyberattack CleanupFifteen Ransomware Gangs, including Scattered Spider, ShinyHunters and Lapsus$, “Retire,” Future UnclearNew FileFix Variant Delivers StealC Malware Through Multilingual Phishing SiteUK: Tax Refund-Themed Phishing Slows in 2025SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad BidsChaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster TakeoverApple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware AttackBreachForums Hacking Forum Admin Resentenced to Three Years in PrisonTikTok’s Journey From Global Sensation to Trump Target
9/15/2025 September 15, 2025September 15, 2025 ~ The Cyber Beat ~ Leave a comment Ukraine Claims Cyberattacks on Russian Election Systems; Moscow Confirms DisruptionsNew Zealand Sanctions Russian Military Hackers Over Cyberattacks on UkraineRussia Tests Hypersonic Missile at NATO’s Doorstep—And Shares the VideoMustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPsAI-Forged Military IDs Used in North Korean Phishing AttackGoogle Confirms Hackers Gained Access to Law Enforcement PortalFrance Threatens to Block Crypto Licence ‘Passporting’ in EU Regulatory FightU.S. National Charged in Finnish Psychotherapy Center ExtortionEuropol Adds Spanish Academic Suspected of Aiding Pro-Russian Hackers to Most Wanted ListGucci, Balenciaga and Alexander McQueen Private Data Ransomed by HackersUnion County (NC) Town Government Hacked in Recent Cyber AttackFinWise Insider Breach Impacts 689K American First Finance CustomersSEO Poisoning Targets Chinese Users with Fake Software SitesPhishing Campaigns Drop RMM Tools for Remote AccessNew Phoenix Attack Bypasses Rowhammer Defenses in DDR5 MemoryAI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse ConcernsMicrosoft: Exchange 2016 and 2019 Reach End of Support in 30 DaysBuilding Highly Resilient IT Infrastructure Throughout the Enterprise From the Start
9/12-14/2025 September 14, 2025September 14, 2025 ~ The Cyber Beat ~ Leave a comment France Warns Apple Users of New Spyware CampaignPhilippine Military Company Spied Upon With New China-Linked MalwareCharlie Kirk Shooting Suspect Tyler Robinson Had ‘Leftist Ideology’ but Motive Unclear, Utah Gov. Says…‘Not Co-Operating’…Alleged Transgender Partner Is Cooperating and Not Believed to be InvolvedInside Our Investigation of Jeffrey Epstein’s Personal Yahoo AccountData Destruction Done Wrong Could Cost Your Company MillionsCompanies Are Competing for Employees With AI Skills. So Are Hackers.Man Gets Over 4 Years in Prison for Selling Unreleased MoviesHacker Convicted of Extorting 20,000 Psychotherapy Victims Walks Free During AppealDHS IG: CISA Mismanaged Multimillion-Dollar Employee Incentives ProgramVietnam Investigates Cyberattack on Creditors DataRansomware Attack Cancels School for Several Days at Uvalde Consolidated Independent School District (TX)Attackers Adopting Novel LOTL Techniques to Evade DetectionNew VoidProxy Phishing Service Targets Microsoft 365, Google Accounts‘WhiteCobra’ Floods VSCode Market with Crypto-Stealing ExtensionsFBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft AttacksCritical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues WarningNew HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 ExploitSamsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android AttacksCISA Official Calls on Lawmakers to Immediately Extend Cyber Info-Sharing Law
9/11/2025 September 12, 2025September 12, 2025 ~ The Cyber Beat ~ Leave a comment Chinese APT Actor Compromises Military Firm with Novel Fileless Malware ToolsetHow China’s Propaganda and Surveillance Systems Really OperateDidi Global’s $740 Million IPO Settlement Likely Ready Next Month, Plaintiffs’ Lawyer SaysKrebs: Bulletproof Host Stark Industries Evades EU SanctionsFour Years After Kaseya’s Nightmare Hack, a Cyber Turnaround Is UnderwaySwiss Government Looks to Undercut Privacy Tech, Stoking Fears of Mass SurveillanceFTC Opens Inquiry Into How AI Chatbots Impact Child Safety, PrivacyCyberattacks Against Schools Driven by a Rise in Student Hackers, ICO WarnsCalifornia Legislature Passes Bill Forcing Web Browsers to Let Consumers Automatically Opt Out of Data SharingFrance: Three Regional Healthcare Agencies Targeted by Cyber-AttacksPanama Ministry of Economy Discloses Breach Claimed by INC RansomwareDDoS Defender Targeted in 1.5 Bpps Denial-of-Service AttackFileless Malware Deploys Advanced RAT AsyncRAT via Legitimate ToolsFake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business AccountsNew VMScape Attack Breaks Guest-Host Isolation on AMD, Intel CPUsSonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware HackersCISA Launches Roadmap for the CVE ProgramApple Warns Customers Targeted in Recent Spyware AttacksMicrosoft Adds Malicious Link Warnings to Teams Private Chats
9/10/2025 September 10, 2025September 10, 2025 ~ The Cyber Beat ~ Leave a comment China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 NegotiationsPoland Downs Drones in Its Airspace, Becoming First NATO Member to Fire During War in UkraineU.S. Warns Hidden Radios May Be Embedded in Solar-Powered Highway InfrastructureU.S. Investment in Spyware Is SkyrocketingApple Says the iPhone 17 Comes With a Massive Security UpgradeU.S. Senator Wyden Pushes FTC to Investigate Microsoft for ‘Gross Cybersecurity Negligence’Ransomware Payments Plummet in Education Amid Enhanced ResiliencyChinese Companies and Bosses to Face Major Fines Over Cybersecurity IncidentsNepal Lifts Social Media Ban After Deadly Youth ProtestsUkraine’s Ousted Cyber Chief Posts Bail in Corruption CaseOracle, OpenAI Sign Massive $300 Billion Cloud Computing DealKillSec Ransomware Hits Brazilian Healthcare IT VendorJaguar Land Rover Admits Hackers May Have Taken DataFlu Jab Email Mishap Exposes Hundreds of Students’ Personal DataResearchers Find Spyware on Phones Belonging to Kenyan FilmmakersEuropean Crypto Platform Swissborg to Reimburse Users After $41 Million TheftHackers Left Empty-Handed After Massive NPM Supply-Chain AttackCHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux SystemsCursor Autorun Flaw Lets Repositories Execute Code Without ConsentKrebs: Microsoft Patch Tuesday, September 2025 Edition…EoP Flaws Again Lead Microsoft Patch TuesdayMicrosoft Waives Fees for Windows Devs Publishing to Microsoft StorePixel 10 Fights AI Fakes With New Android Photo Verification Tech
9/9/2025 September 9, 2025September 9, 2025 ~ The Cyber Beat ~ Leave a comment House Lawmakers to Make Official Visit to China for the First Time Since 2019Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the WorldNew Cybersecurity Rules Land for Defense Department ContractorsDefense Dept Didn’t Protect Social Media Accounts, Left Stream Keys Out in PublicCyber Command, NSA to Remain Under Single Leader as Officials Shelve Plan to End ‘Dual Hat’New Cyber Director Cairncross Calls on Industry to Help Put ‘America First’ in CyberspaceKrebs: 18 Popular Code Packages Hacked, Rigged to Steal CryptoClaude’s New AI File Creation Feature Ships With Deep Security Risks Built InA New Platform Offers Privacy Tools to Millions of Public ServantsFormer WhatsApp Security Boss in Lawsuit Likens Meta’s Culture to a “Cult”Mitsubishi Electric to Buy Nozomi Networks in $1 Billion DealU.S. Charges Admin of LockerGoga, MegaCortex, Nefilim RansomwareKosovo Hacker Pleads Guilty to Running BlackDB Cybercrime MarketplacePlex Tells Users to Reset Passwords After New Data BreachNew York Blood Center Says Thousands Had Data Leaked in January Ransomware AttackNo Gains, Just Pains as 1.6m HelloGym Fitness Phone Call Recordings Exposed OnlineBrazil Lesbian Dating App Sapphos Shuts Down After Security Flaw Exposes Sensitive User DataSalty2FA Phishing Kit Unveils New Level of SophisticationThreat Actor Accidentally Exposes AI-Powered OperationsTOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIsRatOn Android Malware Detected With NFC Relay and ATS Banking Fraud CapabilitiesAdobe Patches Critical SessionReaper Flaw in Magento eCommerce PlatformSAP Fixes Maximum Severity NetWeaver Command Execution FlawMicrosoft September 2025 Patch Tuesday Fixes 81 Flaws, Two Zero-DaysWindows 10 KB5065429 Update Includes 14 Changes and FixesMicrosoft: Anti-Spam Bug Blocks Links in Exchange Online, Teams
9/8/2025 September 8, 2025September 8, 2025 ~ The Cyber Beat ~ Leave a comment Salt Typhoon Used Dozens of Domains, Going Back Five Years. Did You Visit One?Update: Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing TestRemote Access Abuse Biggest Pre-Ransomware IndicatorSilicon Valley’s Graying Workforce: Gen Z Staff Cut in Half at Tech Companies as the Average Age Goes up by 5 YearsSoFi Launches New AI-Themed ETF as Skepticism GrowsCyberattack on Jaguar Land Rover Threatens to Hit British Economic GrowthThe U.S. Government Has No Idea How Many Cybersecurity Pros It EmploysSports Streaming Piracy Service With 123M Yearly Visits Shut DownU.S. Sanctions Companies Behind Cyber Scam Centers in Cambodia, MyanmarNepal Social Media Ban Sparks Protests, Dozens InjuredQualys, Tenable Latest Victims of Salesloft Drift Hack…GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 CompaniesGhostAction Supply Chain Attack Compromises 3000+ SecretsWealthsimple Confirms Data Breach After Supply Chain AttackLovesac Confirms Data Breach After Ransomware Attack ClaimsVC Giant Insight Partners Notifies Staff and Limited Partners After Data BreachMostereRAT Targets Windows Users With Stealth TacticsHackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain AttackSurge in Networks Scans Targeting Cisco ASA Devices Raise ConcernsThe Critical Failure in Vulnerability ManagementSignal Adds Secure Cloud Backups to Save and Restore Chats
9/5-7/2025 September 7, 2025September 7, 2025 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Pretended to Be a Top U.S. Lawmaker During Trade TalksU.S. Says It Is Restricting Visas of Some Central American Nationals Over China TiesU.S. Is Increasingly Exposed to Chinese Election Threats, Lawmakers SayNoisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing CampaignUkraine’s Cyber Chief on Russian Hackers’ Shifting Tactics, U.S. Cyber AidKrebs: GOP Cries Censorship Over Spam Filters That WorkQantas Penalizes Executives for July CyberattackRoblox to Verify Ages of All Gamers Who Use Chat and Text FeaturesEmbracing the Next Generation of Cybersecurity TalentWhy Threat Hunting Should Be Part of Every Security ProgramCISA Orders Federal Agencies to Patch Sitecore Zero-Day Following Hacking ReportsSchool District Five of Lexington & Richland Counties (SC) Data Breach Affects 31,000 PeopleNavy Federal Credit Union Data Breach Exposes Backup Files on Credit Union Serving Military MembersData Breach at American Credit Union Exposes Financial Data‘SEO Fraud-As-A-Service’ Scheme Hijacks Windows Servers to Promote Gambling WebsitesTAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware OperationsVirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing PagesiCloud Calendar Abused to Send Phishing Emails from Apple’s ServersmacOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple SecurityMalicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet KeysSAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
9/4/2025 September 5, 2025September 5, 2025 ~ The Cyber Beat ~ Leave a comment How North Korean Hackers Are Using Fake Job Offers to Steal Cryptocurrency‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every AmericanCzech Cyber Agency Warns Against Using Services and Products That Send Data to ChinaGhostRedirector Emerges as New China-Aligned Threat ActorU.S. Says It Is Restricting Visas of Some Central American Nationals Over China TiesU.S. and 14 Allies Release Joint Guidance on Software Bill of MaterialsBritain Rules Out Backing for Global Defence BankGoogle Fined $379 Million by French Regulator for Cookie Consent ViolationsTexas Sues PowerSchool Over Breach Exposing 62M Students, 880K TexansUkraine’s Cyber Chief on Russian Hackers’ Shifting Tactics, U.S. Cyber AidBlast Radius of Salesloft Drift Attacks Remains UncertainChess.com Discloses Recent Data Breach via File Transfer AppTire Giant Bridgestone Confirms Cyberattack Impacts ManufacturingDelivery Giant OnTrac Data Breach Exposes 40,000 Personal RecordsAttackers Snooping Around Sitecore, Dropping Malware via Public Sample KeysCMS Provider Sitecore Patches Exploited Critical Zero DayCISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively ExploitedMicrosoft Says Recent Windows Updates Cause App Install IssuesEuropean Court Rejects Challenge to EU-U.S. Data Transfer Agreement
9/3/2025 September 3, 2025September 3, 2025 ~ The Cyber Beat ~ Leave a comment Russian APT28 Expands Arsenal with ‘NotDoor’ Outlook BackdoorU.S. Offers $10 Million Bounty for Info on Russian FSB HackersVenezuela’s President Thinks American Spies Can’t Hack Huawei PhonesIranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting DiplomatsAutomated Sextortion Spyware Takes Webcam Pics of Victims Watching PornIt Looks Like You’re Ransoming Data. Would You Like Some Help?How Passkeys Work—And How to Use ThemFinland’s IQM Quantum Computers Raises $320 Million in New Funding RoundIsrael’s Cato Networks Buys Aim Security, Raises Another $50 MillionMore Personal Injury Lawyers Are Chasing Data-Breach SettlementsPolice Disrupts Streameast, Largest Pirated Sports Streaming NetworkU.S. Sues Robot Toy Maker Apitor Technology for Exposing Children’s Data to Chinese DevsSalesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of OrganizationsSaaS Giant Workiva Discloses Data Breach After Salesforce AttackM&S Hackers ‘Scattered Lapsus$ Hunters’ Claim to Be Behind Jaguar Land Rover Cyber AttackMatrix.org Homeserver Grinds to a Halt After Raid MeltdownHackers Breach Fintech Firm Sinqia S.A. in Attempted $130M Bank HeistThreat Actors Abuse X’s Grok AI to Spread Malicious LinksMalicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto DevelopersMajor IPTV Piracy Network Uncovered Spanning 1100 DomainsThreat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of DisclosureAndroid Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under AttackWith Less Than a Month to Go, House Panel Votes to Extend Popular Cyber ProgramsCorruption Case Against Ousted Cyber Chief Is ‘Revenge,’ Ukraine’s Security Service Says
9/2/2025 September 2, 2025September 2, 2025 ~ The Cyber Beat ~ Leave a comment Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePEMoscow Reportedly Hires Hackers Who Breached City’s School SystemUkrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP DevicesICE Reinstates Contract with Spyware Vendor ParagonWho Watches the Watchmen? Surveillanceware Firms Make Bank, Avoid OversightDisney Agrees to $10 Million Settlement for Collecting Data From ChildrenThat Supposed ‘Gmail Hack’: Google Says It’s False, but Watch Out for Phishing AnywayFBI, Cybersecurity Experts Warn of 3-Phase Scam That Is Draining Bank AccountsAI Chatbot Users Beware – Hackers Are Now Hiding Malware in the Images Served up by LLMsKrebs: The Ongoing Fallout from a Breach at AI Chatbot Maker SalesloftStolen OAuth Tokens Expose Palo Alto Customer DataCloudflare Hit by Data Breach in Salesloft Drift Supply Chain AttackCloudflare Blocks Largest Recorded DDoS Attack Peaking at 11.5 TbpsBritain’s Jaguar Land Rover Hit by Cyber Incident That Disrupts Production, SalesPennsylvania AG Says Recovery Continues After Office Refused to Pay Ransomware GangAzure AD Credentials Exposed in Public App Settings FileMalicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus WalletsResearchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy ControlHackers Are Sophisticated & Impatient — That Can Be Good
9/1/2025 September 1, 2025September 2, 2025 ~ The Cyber Beat ~ Leave a comment Silver Fox APT Exploits Signed Drivers to Deploy ValleyRAT BackdoorChina Is About to Show Off Its New High-Tech Weapons to the WorldNorth Korea’s Kim Inspects New Missile Production Line, KCNA SaysGoogle: Gmail’s Protections Are Strong and Effective, and Claims of a Major Gmail Security Warning Are FalseSpanish Government Cancels €10M Contract Using Huawei EquipmentLegalPwn: Tricking LLMs by Burying Badness in Lawyerly Fine PrintZscaler Data Breach Exposes Customer Info After Salesloft Drift CompromiseRansomware Attack on Pennsylvania’s AG Office Disrupts Court CasesAndroid Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking TrojansHigh-Risk SQLi Flaw Exposes WordPress Memberships Plugin UsersDDoS Is the Neglected Cybercrime That’s Getting Bigger. Let’s Kill It OffProof-of-Concept in 15 Minutes? AI Turbocharges Exploitation
8/29-31/2025 August 31, 2025August 31, 2025 ~ The Cyber Beat ~ Leave a comment Abandoned Sogou Zhuyin Update Server Hijacked, Weaponized in Taiwan Espionage CampaignNorth Korean APT37 Hackers Weaponize Seoul Intelligence Files to Target South KoreansAmazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code AuthenticationState-Sponsored Hackers Behind Majority of Vulnerability ExploitsAkira, Cl0p Top List of 5 Most Active Ransomware-as-a-Service GroupsRansomware Gang Takedowns Causing Explosion of New, Smaller GroupsSSA Whistleblower’s Resignation Email Mysteriously Disappeared From InboxesA Troubled Man, His Chatbot and a Murder-Suicide in Old GreenwichOpenAI is Testing “Thinking Effort” for ChatGPTThere’s Something Bizarre About When GPT-5 Writes in a Literary StyleScammer Steals $1.5 Million From Baltimore by Spoofing City VendorTamperedChef Malware Disguised as Fake PDF Editors Steals Credentials and CookiesBrokewell Android Malware Delivered Through Fake TradingView AdsAttackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 TunnelingNpm Package Hijacked to Steal Data and Crypto via AI-Powered MalwareFreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now AvailableWhatsApp Patches Zero-Click Exploit Targeting iOS and macOS DevicesResearcher Who Found McDonald’s Free-Food Hack Turns Her Attention to Chinese Restaurant RobotsMicrosoft to Enforce MFA for Azure Resource Management in OctoberNoem Fires Two Dozen FEMA Employees Over Alleged Cybersecurity Gaps
8/28/2025 August 29, 2025August 29, 2025 ~ The Cyber Beat ~ Leave a comment Netherlands Confirms China’s Salt Typhoon Targeted Small Dutch TelcosSalt Typhoon Exploits Cisco, Ivanti, Palo Alto Flaws to Breach 600 Organizations WorldwideFBI Cyber Cop: Salt Typhoon Pwned ‘Nearly Every American’Germany Charges Man Over Cyberattack on Rosneft SubsidiaryLawmakers Press UnitedHealth on Hack Loan RepaymentsPolice Seize VerifTools Fake ID Marketplace Servers, DomainsCrypto Companies Freeze $47m in Romance Baiting FundsKrebs: Affiliates Flock to ‘Soulless’ Scam Gambling MachineMalware Devs Abuse Anthropic’s Claude AI to Build RansomwareSentinelOne Raises Annual Revenue Forecast on Strong Cybersecurity DemandTransUnion Suffers Data Breach Impacting Over 4.4 Million PeopleMATLAB Dev Says Ransomware Gang Stole Data of 10,000 PeopleCyber-Attack on UK Contractor Affects IslandersCISA Steps in to Help Nevada State Government Recover From CyberattackGoogle Warns Salesloft Breach Impacted Some Workspace AccountsFake IT Support Attacks Hit Microsoft TeamsMicrosoft Warns of Ransomware Gang Shifting to Steal Cloud Data, Lock Companies Out of SystemsMalicious Nx Packages in ‘s1ngularity’ Attack Leaked 2,349 GitHub, Cloud, and AI CredentialsMalicious VS Code Extensions Exploit Name Reuse LoopholePasswordstate Dev Urges Users to Patch Auth Bypass Vulnerability