Cybersecurity News from Across the Internet
Met Police arrested two teenagers over the Kido nursery ransomware attack, which exposed data for 8,000 children. Full details on the hack and police investigation. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
The Scattered LAPSUS$ Hunters hacking group claims to have accessed data from around 40 customers of Salesforce, the cloud-based customer relationship management service, stealing almost one billion records. Read more in my article on the Fortra blog. – Read More – Graham Cluley
Threat actors with suspected ties to China have turned a legitimate open-source monitoring tool called Nezha into an attack weapon, using it to deliver a known malware called Gh0st RAT to targets. The activity, observed by cybersecurity company Huntress in August 2025, is characterized by the use of an unusual technique called log poisoning (aka … Read More “Chinese Hackers Weaponize Open-Source Nezha Tool in New Attack Wave – The Hacker News” »
Encryption lives on in Europe. For now. The German government has said it will oppose a piece of European Union legislation later this month that would subject phones and other devices to mass scanning — prior to encryption — by the government for evidence of child sexual abuse material. Federal Minister of Justice Stefanie Hubig … Read More “German government says it will oppose EU mass-scanning proposal – CyberScoop” »
In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. While fuzzing RFA files, he found the following crash (CVE-2025-5037 / ZDI-CAN-26922, addressed by Autodesk in July 2025): Is this an exploitable crash? From the debugger output crash point as seen above, unclear whether anything is controllable. At around … Read More “Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing – Zero Day Initiative – Blog” »
Three prominent ransomware groups DragonForce, LockBit, and Qilin have announced a new strategic ransomware alliance, once underscoring continued shifts in the cyber threat landscape. The coalition is seen as an attempt on the part of the financially motivated threat actors to conduct more effective ransomware attacks, ReliaQuest said in a report shared with The Hacker … Read More “LockBit, Qilin, and DragonForce Join Forces to Dominate the Ransomware Ecosystem – The Hacker News” »
A cyber campaign using Nezha has been identified, targeting vulnerable web apps with PHP web shells and Ghost RAT – Read More –
OpenAI’s new report warns hackers are combining multiple AI tools for cyberattacks, scams, and influence ops linked to China, Russia, and North Korea. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Tel Aviv, Israel, 8th October 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
According to TransUnion, digital fraud has cost companies $534bn in losses globally with US business hit hardest – Read More –
Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protocol (MCP) server that could allow attackers to achieve code execution. The vulnerability, tracked as CVE-2025-53967 (CVSS score: 7.5), is a command injection bug stemming from the unsanitized use of user input, opening the door to a scenario where an … Read More “Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now – The Hacker News” »
Every year, weak passwords lead to millions in losses — and many of those breaches could have been stopped. Attackers don’t need advanced tools; they just need one careless login. For IT teams, that means endless resets, compliance struggles, and sleepless nights worrying about the next credential leak. This Halloween, The Hacker News and Specops … Read More “Step Into the Password Graveyard… If You Dare (and Join the Live Session) – The Hacker News” »
Researchers warn of Shuyal Stealer, malware that gathers browser logins, system details, and Discord tokens, then erases evidence via Telegram. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Jaguar Land Rover has reported a 25% drop in volume sales in the three months up to September 30, largely due to the impact of the ongoing cyber incident – Read More –
North Korean hackers have stolen over $2bn in cryptocurrency already this year, says Elliptic – Read More –
Two 17-year-olds have been arrested following a cyber-attack on the Kido nursery group – Read More –
How organisations can improve their ability to both detect and discover cyber threats. – Read More – NCSC Feed
OpenAI on Tuesday said it disrupted three activity clusters for misusing its ChatGPT artificial intelligence (AI) tool to facilitate malware development. This includes a Russian‑language threat actor, who is said to have used the chatbot to help develop and refine a remote access trojan (RAT), a credential stealer with an aim to evade detection. The … Read More “OpenAI Disrupts Russian, North Korean, and Chinese Hackers Misusing ChatGPT for Cyberattacks – The Hacker News” »
Data is now being used as a strategic asset and a major vulnerability as global businesses become increasingly digital… The post The Road Ahead: India’s Data Protection in 2026 appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord … Read More “ShinyHunters Wage Broad Corporate Extortion Spree – Krebs on Security” »
Microsoft Threat Intelligence said a cybercriminal group it tracks as Storm-1175 has exploited a maximum-severity vulnerability in GoAnywhere MFT to initiate multi-stage attacks including ransomware. Researchers observed the malicious activity Sept. 11, Microsoft said in a blog post Monday. Microsoft’s research adds another substantive chunk of evidence to a growing collection of intelligence confirming the … Read More “Microsoft pins GoAnywhere zero-day attacks to ransomware affiliate Storm-1175 – CyberScoop” »
A long-running theme in the use of adversarial AI since the advent of large language models has been the automation and enhancement of well-established hacking methods, rather than the creation of new ones. That remains the case for much of OpenAI’s October threat report, which highlights how government agencies and the cybercriminal underground are opting … Read More “OpenAI: Threat actors use us to be efficient, not make new tools – CyberScoop” »
Posted by Stefan Kanthak via Fulldisclosure on Oct 07 On a fresh installation of the just released Windows 11 25H2 the former file %SystemRoot%System32SecurityHealth10.0.27840.1000-0SecurityHealthHost.exe is %SystemRoot%System32SecurityHealthHost.exe now, but the BUG persists: | svchost.exe (PID = 9876) identified \?C:WindowsSystem32SecurityHealthHost.exe | as Disallowed using default rule, Guid = 11015445-d282-4f86-96a2-9e485f593302 stay tuned, and far away from bug-riddled … Read More “Re: Defense in depth — the Microsoft way (part 93): SRP/SAFER whitelisting goes black on Windows 11 – Full Disclosure” »
Posted by full on Oct 07 Substack is down. If there is a replacement, it is appreciated. -x9p – Read More – Full Disclosure
Posted by josephgoyd via Fulldisclosure on Oct 07 The GitHub link has a write up on the attack-chain. Along with the CNVD certs that were issued for validation. https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201 – Read More – Full Disclosure
Critical Redis flaw RediShell (CVE-2025-49844) exposes 60,000 servers to remote code execution. Patch immediately to prevent full system compromise. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A Vietnamese threat actor named BatShadow has been attributed to a new campaign that leverages social engineering tactics to deceive job seekers and digital marketing professionals to deliver a previously undocumented malware called Vampire Bot. “The attackers pose as recruiters, distributing malicious files disguised as job descriptions and corporate documents,” Aryaka Threat Research Labs – … Read More “BatShadow Group Uses New Go-Based ‘Vampire Bot’ Malware to Hunt Job Seekers – The Hacker News” »
The Qilin group claims to have stolen sensitive personal and proprietary data from the Brewer – Read More –
Latest reports suggest the critical GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Google’s DeepMind division on Monday announced an artificial intelligence (AI)-powered agent called CodeMender that automatically detects, patches, and rewrites vulnerable code to prevent future exploits. The efforts add to the company’s ongoing efforts to improve AI-powered vulnerability discovery, such as Big Sleep and OSS-Fuzz. DeepMind said the AI agent is designed to be both reactive … Read More “Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them – The Hacker News” »
The Qilin ransomware gang has claimed attacks at Mecklenburg County Public Schools, stealing financial records and childrens’ medical files – Read More –
Raleigh, United States, 7th October 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A critical Redis flaw, dubbed “RediShell,” has exposed 60,000 unprotected servers to exploitation – Read More –
In episode 71 of The AI Fix, a giant robot spider goes backpacking for a year before starting its job in lunar construction, DoorDash builds a delivery Minion, and a TikToker punishes an AI by making it talk to condiments. GPT-5 crushes the humans at the ICPC World Finals, Claude Sonnet 4.5 codes for 30 … Read More “The AI Fix #71: Hacked robots and power-hungry AI – Graham Cluley” »
Discord said a third-party customer services provider was compromised to access user data, with the attackers aiming to extort a financial ransom – Read More –
Cybersecurity researchers have charted the evolution of XWorm malware, turning it into a versatile tool for supporting a wide range of malicious actions on compromised hosts. “XWorm’s modular design is built around a core client and an array of specialized components known as plugins,” Trellix researchers Niranjan Hegde and Sijo Jacob said in an analysis … Read More “XWorm 6.0 Returns with 35+ Plugins and Enhanced Data Theft Capabilities – The Hacker News” »
For years, security leaders have treated artificial intelligence as an “emerging” technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the … Read More “New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise – The Hacker News” »
Security researchers at UC Irvine reveal the ‘Mic-E-Mouse’ attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
A critical Oracle E-Business Suite vulnerability is being actively exploited by the Clop ransomware group – Read More –
Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, … Read More “Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware – The Hacker News” »
Redis has disclosed details of a maximum-severity security flaw in its in-memory database software that could result in remote code execution under certain circumstances. The vulnerability, tracked as CVE-2025-49844 (aka RediShell), has been assigned a CVSS score of 10.0. “An authenticated user may use a specially crafted Lua script to manipulate the garbage collector, trigger … Read More “13-Year Redis Flaw Exposed: CVSS 10.0 Vulnerability Lets Attackers Run Code Remotely – The Hacker News” »
A critical GoAnywhere vulnerability is being exploited by the Medusa ransomware group, says Microsoft – Read More –
The Digital Personal Data Protection (DPDP) Act 2023 has reshaped the approach that enterprises take towards data protection. Compliance… The post Smart Compliance: DPDP Act Meets AI and Blockchain appeared first on JISA Softech Pvt Ltd. – Read More – JISA Softech Pvt Ltd
CrowdStrike on Monday said it’s attributing the exploitation of a recently disclosed security flaw in Oracle E-Business Suite with moderate confidence to a threat actor it tracks as Graceful Spider (aka Cl0p), and that the first known exploitation occurred on August 9, 2025. The exploitation involves the exploitation of CVE-2025-61882 (CVSS score: 9.8), a critical … Read More “Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks – The Hacker News” »
Federal cyber authorities and threat hunters are on edge following Oracle’s Saturday disclosure of an actively exploited zero-day vulnerability the Clop ransomware group used to initiate a widespread data theft and extortion campaign researchers initially warned about last week. Oracle addressed the critical vulnerability — CVE-2025-61882 affecting Oracle E-Business Suite — in a security advisory … Read More “Oracle zero-day defect amplifies panic over Clop’s data theft attack spree – CyberScoop” »
ESET warns of fake Signal and ToTok apps spreading Android spyware in the UAE, stealing contacts, messages, and chat backups from users. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Tech experts and companies offering encrypted messaging services are warning that pending European regulation, which would grant governments broad authority to scan messages and content on personal devices for criminal activity, could spell “the end” of privacy in Europe. The European Union will vote Oct. 14 on a legislative proposal from the Danish Presidency known … Read More “Potential EU law sparks global concerns over end-to-end encryption for messaging apps – CyberScoop” »
Three House Democrats questioned the Department of Homeland Security on Monday over a reported Immigration and Customs Enforcement contract with a spyware provider that they warn potentially “threatens Americans’ freedom of movement and freedom of speech.” Their letter follows publication of a notice that ICE had lifted a stop-work order on a $2 million deal … Read More “House Dems seek info about ICE spyware contract, wary of potential abuses – CyberScoop” »
A misconfigured database belonging to a pet insurance company, “Rainwalk Pet Insurance,” exposed sensitive PII and veterinary claim data. The data exposure reveals new fraud tactics, including microchip and reimbursement scams. – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Paris, France, 6th October 2025, CyberNewsWire – Read More – Hackread – Latest Cybersecurity, Hacking News, Tech, AI & Crypto
![Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft – Full Disclosure](https://attackfeed.com/wp-content/uploads/2025/10/fulldisclosure-img-5d5PUX.webp "Re: [FD] Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft")
