TECHZONE™

Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June. The development comes as the ransomware-as-a-service (RaaS) operation has emerged as one of the most active ransomware groups, accounting for

ChatGPT Atlas Browser Can Be Tricked by Fake URLs into Executing Hidden Commands https://thehackernews.com/2025/10/chatgpt-atlas-browser-can-be-tricked-by.html The newly released OpenAI Atlas web browser has been found to be susceptible to a prompt injection attack where its omnibox can be jailbroken by disguising a malicious prompt as a seemingly harmless URL to visit. "The omnibox (combined address/search bar) interprets input either as a URL to navigate to, or as a natural-language command to the agent," NeuralTrust said in a report published Friday

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42. "Although these domains are registered through a Hong Kong-based registrar and use Chinese nameservers, the attack infrastructure is

Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability https://thehackernews.com/2025/10/microsoft-issues-emergency-patch-for.html Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT. The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. It also builds upon a prior

The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently https://thehackernews.com/2025/10/the-cybersecurity-perception-gap-why.html Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even realize it. This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences what organizations prioritize, where they

3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation https://thehackernews.com/2025/10/3000-youtube-videos-exposed-as-malware.html A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads. Active since 2021, the network has published more than 3,000 malicious videos to date, with the volume of such videos tripling since the start of the

Self-Spreading 'GlassWorm' Infects VS Code Extensions in Widespread Supply Chain Attack https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html Cybersecurity researchers have discovered a self-propagating worm that spreads via Visual Studio Code (VS Code) extensions on the Open VSX Registry and the Microsoft Extension Marketplace, underscoring how developers have become a prime target for attacks. The sophisticated threat, codenamed GlassWorm by Koi Security, is the second such supply chain attack to hit the DevOps space within a span

North Korean Hackers Lure Defense Engineers With Fake Jobs to Steal Drone Secrets https://thehackernews.com/2025/10/north-korean-hackers-lure-defense.html Threat actors with ties to North Korea have been attributed to a new wave of attacks targeting European companies active in the defense industry as part of a long-running campaign known as Operation Dream Job. "Some of these [companies' are heavily involved in the unmanned aerial vehicle (UAV) sector, suggesting that the operation may be linked to North Korea's current efforts to scale up its

Secure AI at Scale and Speed — Learn the Framework in this Free Webinar https://thehackernews.com/2025/10/secure-ai-at-scale-and-speed-learn.html AI is everywhere—and your company wants in. Faster products, smarter systems, fewer bottlenecks. But if you're in security, that excitement often comes with a sinking feeling. Because while everyone else is racing ahead, you're left trying to manage a growing web of AI agents you didn’t create, can’t fully see, and weren’t designed to control. Join our upcoming webinar and learn how to make AI

ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html Criminals don’t need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you’re already a target. This week’s ThreatsDay highlights show exactly how those weak points are being exploited — from overlooked

Why Organizations Are Abandoning Static Secrets for Managed Identities https://thehackernews.com/2025/10/why-organizations-are-abandoning-static.html As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability, it creates what security

“Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards https://thehackernews.com/2025/10/jingle-thief-hackers-exploit-cloud.html Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. "Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards," Palo Alto Networks Unit 42 researchers

Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw that could be

Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms https://thehackernews.com/2025/10/critical-lanscope-endpoint-manager-bug.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities (KEV) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client

Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign https://thehackernews.com/2025/10/iran-linked-muddywater-targets-100.html The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities. The end goal of the campaign is to infiltrate high-value targets and facilitate intelligence gathering

Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files https://thehackernews.com/2025/10/ukraine-aid-groups-targeted-through.html Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine's war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2). The activity, which took place on October 8, 2025, targeted individual members of the International Red Cross, Norwegian Refugee

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch https://thehackernews.com/2025/10/chinese-threat-actors-exploit-toolshell.html Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025. Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., as well as likely a state technology

Bridging the Remediation Gap: Introducing Pentera Resolve https://thehackernews.com/2025/10/bridging-remediation-gap-introducing.html From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels, metadata, and context. What’s missing is a system of action. How do you transition from the

Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys https://thehackernews.com/2025/10/fake-nethereum-nuget-package-used.html Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum, a popular Ethereum .NET integration platform, to steal victims' cryptocurrency wallet keys. The package, Netherеum.All, has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and