IT Security News Daily Summary 2025-10-24

136 posts were published in the last hour

• 21:34 : Top 10 Best Digital Forensics And Incident Response (DFIR) Firms in 2025
• 21:34 : Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287
• 21:4 : AI for the Financial Sector: How Strategy Consulting Helps You Navigate Risk
• 20:5 : Look At This Photograph – Passively Downloading Malware Payloads Via Image Caching
• 20:4 : Jingle Thief Attackers Exploiting Festive Season with Weaponized Gift Card Attacks
• 20:4 : Middle East Cyber Resilience 2030: Unified Defense in a $26B Market
• 19:34 : Top 10 Best Cyber Threat Intelligence Companies in 2025
• 19:34 : U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog
• 19:34 : Sneaky Mermaid attack in Microsoft 365 Copilot steals data
• 19:6 : New Python RAT Mimic as Legitimate Minecraft App Steals Sensitive Data from Users Computer
• 19:6 : Warlock Ransomware Actors Exploiting Sharepoint ToolShell Zero-Day Vulnerability in New Attack Wave
• 19:6 : Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
• 19:6 : Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
• 19:5 : IT Security News Hourly Summary 2025-10-24 21h : 1 posts
• 18:34 : Sotheby’s Investigates Cyberattack That Exposed Employee Financial Information
• 18:4 : CISA Adds Two Known Exploited Vulnerabilities to Catalog
• 17:34 : Everest Ransomware Claims AT&T Careers Breach with 576K Records
• 17:34 : Top 10 Best Security Operations Center (SOC) as a Service Providers in 2025
• 17:34 : SideWinder Hacking Group Uses ClickOnce-Based Infection Chain to Deploy StealerBot Malware
• 17:34 : NDSS 2025 – Symposium on Usable Security and Privacy (USEC) 2025 Afternoon, Paper Session 2
• 17:34 : Randall Munroe’s XKCD ‘’Ping”
• 17:6 : Why Threat Actors Succeed
• 17:6 : Microsoft Issues Emergency Patch for Actively Exploited Critical WSUS Vulnerability
• 16:34 : Cybersecurity awareness news brief: What works, what doesn’t
• 16:5 : Cybersecurity Awareness Month: The endpoint security issue
• 16:5 : Asahi Group Confirms Ransomware Attack Disrupting Operations and Leaking Data
• 16:5 : Fake Breach Alerts Target LastPass and Bitwarden Users to Hijack PCs
• 16:5 : The Silent Guardians Powering the Frontlines of Cybersecurity
• 16:5 : Researchers warn of critical flaws in TP-Link routers
• 16:5 : IT Security News Hourly Summary 2025-10-24 18h : 5 posts
• 15:35 : New Red Teaming Tool RedTiger Attacking Gamers and Discord Accounts in the Wild
• 15:35 : MuddyWater Using New Malware Toolkit to Deliver Phoenix Backdoor Malware to International Organizations
• 15:35 : New LockBit Ransomware Victims Identified by Security Researchers
• 15:5 : Hexnode CEO Says Passwords Alone Won’t Fix Your Layer 8 Issues
• 15:5 : Critical Windows Server WSUS Vulnerability Exploited in the Wild
• 15:5 : APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
• 14:5 : Is AI moving faster than its safety net?
• 14:5 : Hackers Target Perplexity Comet Browser Users
• 13:34 : Telegram Messenger Abused by Android Malware to Seize Full Device Control
• 13:34 : From Failure to 100: How Akas Earned His OSCP+
• 13:34 : North Korean Hackers Aim at European Drone Companies
• 13:34 : North Korea led the world in nation-state hacking in Q2 and Q3
• 13:5 : Arsen Launches Smishing Simulation to Help Companies Defend Against Mobile Phishing Threats
• 13:5 : Vault Viper Exploits Online Gambling Websites Using Custom Browser to Install Malicious Program
• 13:5 : Are Free Book Websites Safe? Cybersecurity Risks in Online Reading
• 13:5 : Cybersecurity at a Crossroads: Why AI-Driven Innovation Demands Organizational Accountability
• 13:5 : In Other News: iOS 26 Deletes Spyware Evidence, Shadow Escape Attack, Cyber Exec Sold Secrets to Russia
• 13:5 : Hackers Breach Verstappen Data
• 13:5 : IT Security News Hourly Summary 2025-10-24 15h : 12 posts
• 13:5 : Toys R Us Canada Data Breach Alert
• 13:5 : YouTube Videos Used As Malware Traps
• 13:5 : Lazarus Hits European Defense Firms
• 13:4 : China Hackers Breach Telecom Firm
• 12:34 : Google Warns of Cybercriminals Using Fake Job Postings to Spread Malware and Steal Credentials
• 12:34 : AI 2030: The Coming Era of Autonomous Cyber Crime
• 12:34 : Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750
• 12:34 : Microsoft drops surprise Windows Server patch before weekend downtime
• 12:34 : The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently
• 12:34 : Blitz Spear Phishing Campaign Targets NGOs Supporting Ukraine
• 12:5 : New RedTiger Tool Targets Gamers and Discord Accounts in the Wild
• 12:5 : New PDF Tool Detects Malicious Files Using PDF Object Hashing
• 12:5 : The Enterprise Edge is Under Siege
• 12:5 : Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
• 11:34 : IIS Servers Hijacked via Exposed ASP.NET Machine Keys — Malicious Modules Injected in the Wild
• 11:34 : Amazon Uncovers Root Cause of Major AWS Outage That Brokes The Internet
• 11:34 : New PhantomCaptcha RAT Weaponized PDFs to Deliver Malware Using ‘ClickFix’-Style Cloudflare Captcha Pages
• 11:34 : Hackers Exploited 73 0-Day Vulnerabilities and Earned $1,024,750
• 11:34 : Digital ID is now less about illegal working, more about rummaging through drawers
• 11:34 : Toys ‘R’ Us Canada Customer Information Leaked Online
• 11:34 : Threat Actors Ramp Up Public App Exploits as ToolShell Gains Traction
• 11:4 : Baohuo Android Malware Hijacks Telegram Accounts via Fake Telegram X
• 11:4 : 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation
• 10:34 : Microsoft blocks risky file previews in Windows File Explorer
• 10:5 : IT Security News Hourly Summary 2025-10-24 12h : 15 posts
• 10:4 : Think passwordless is too complicated? Let’s clear that up
• 10:4 : North Korean Hackers Target UAV Industry to Steal Confidential Data
• 10:4 : Microsoft Disables Downloaded File Previews to Block NTLM Hash Leaks
• 9:34 : Tesla Recalls 63,619 Cybertrucks To Fix Headlights
• 9:34 : Phishing Campaign Uses Unique UUIDs to Evade Secure Email Gateways
• 9:34 : China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom
• 9:5 : Amazon Shows Prototype Smart Glasses For Delivery Drivers
• 9:5 : Huawei HarmonyOS 6 Adds AirDrop-Like Transfers To iPhones
• 9:5 : Apple’s Giant Foldable iPad Faces Tech Delays
• 9:5 : Apple Loses UK Class-Action Lawsuit Over App Store Fees
• 9:5 : Ransomware Actors Targeting Global Public Sectors and Critical Infrastructure
• 9:5 : HP OneAgent Update Brokes Trust And Disconnect Devices From Entra ID
• 9:5 : New Fileless Remcos Attacks Bypassing EDRs Malicious Code into RMClient
• 9:5 : Toys “R” Us Canada Confirms Data Breach – Customers Personal Data Stolen
• 9:5 : Microsoft Releases Emergency Patch For Windows Server Update Service RCE Vulnerability
• 9:4 : Shield AI shows off not-at-all-terrifying autonomous VTOL combat drone
• 8:34 : Microsoft Releases Urgent Fix for Windows Server Update Services RCE FLaw
• 8:34 : Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta
• 8:5 : Malicious NuGet Packages Pose as Nethereum, Steal Crypto Wallet Keys
• 8:5 : Toys “R” Us Canada Data Breach Exposes Customer Personal Information
• 8:5 : SharkStealer Using EtherHiding Pattern to Resolves Communications With C2 Channels
• 8:5 : New PDF Tool to Detect Malicious PDF Using PDF Object Hashing Technique
• 8:5 : Threat Actors Attacking Azure Blob Storage to Compromise Organizational Repositories
• 8:4 : Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
• 7:34 : Microsoft Boosts Windows Security by Disabling File Previews for Downloads
• 7:34 : Jingle Thief exploit, Lazarus targets jobseekers, the 72 hour workweek
• 7:6 : Smart Glasses: Cool Tech or a Privacy Threat?
• 7:5 : Amazon Apologises Over Day-Long Cloud Outage
• 7:5 : YouTube Ghost Malware Campaign: Over 3,000 Infected Videos Target Users
• 7:5 : IT Security News Hourly Summary 2025-10-24 09h : 4 posts
• 6:38 : Hackers Exploit Galaxy S25 0-Day to Turn On Camera and Track Users
• 6:37 : Hackers Abuse Microsoft 365 Exchange Direct Send to Bypass Content Filters and Harvest Sensitive Data
• 6:37 : What Microsoft’s 2025 report reveals about the new rules of engagement in cyberdefense
• 6:37 : The OpenSSL Corporation and the OpenSSL Foundation Celebrate the Success of the Inaugural OpenSSL Conference in Prague
• 6:4 : Iran’s MuddyWater wades into 100+ government networks in latest spying spree
• 5:34 : Linux RATs on Windows: Ransomware Actors Target VMware Deployments
• 5:34 : New Phishing Wave Uses OAuth Prompts to Take Over Microsoft Accounts
• 5:34 : Hackers Steal Microsoft Teams Chats & Emails by Grabbing Access Tokens
• 5:34 : Bitter APT Hackers Exploit WinRAR Zero-Day Via Weaponized Word Documents to Steal Sensitive Data
• 5:34 : Building trust in AI: How to keep humans in control of cybersecurity
• 5:34 : Smart helmet tech points to the future of fighting audio deepfakes
• 5:34 : Cybersecurity Today: New Threats from AI and Code Extensions
• 5:4 : When AI writes code, humans clean up the mess
• 4:34 : The Role of Cybersecurity in Protecting Digital Reading Platforms
• 4:34 : New infosec products of the week: October 24, 2025
• 4:5 : Key Considerations for Implementing Single Sign-On Solutions
• 2:4 : ISC Stormcast For Friday, October 24th, 2025 https://isc.sans.edu/podcastdetail/9670, (Fri, Oct 24th)
• 2:4 : Blog: From Review to Rollout: Effective Strategies for Updating Policies and Procedures
• 2:4 : Prosper Marketplace Data Breach Expands: 17.6 Million Users Impacted in Database Intrusion
• 1:5 : IT Security News Hourly Summary 2025-10-24 03h : 4 posts
• 1:4 : Phishing Cloud Account for Information, (Thu, Oct 23rd)
• 1:4 : Cyber exec with lavish lifestyle charged with selling secrets to Russia
• 0:34 : Pwn2Own Day 2: Organizers paid $792K for 56 0-days
• 0:34 : News Alert: SquareX reveals new browser threat — AI sidebars cloned to exploit user trust
• 0:4 : How Hacked Card Shufflers Allegedly Enabled a Mob-Fueled Poker Scam That Rocked the NBA
• 0:4 : SIEM Solutions
• 23:4 : Vidar Stealer Bypassing Browser Security Via Direct Memory Injection to Steal Login Credentials
• 23:4 : 6 Takeaways from “The Rise of AI Fraud” Webinar: How AI Agents Are Rewriting Fraud Defense in 2025
• 22:5 : Threat Actors With Stealer Malwares Processing Millions of Credentials a Day
• 22:5 : Playtime’s over: Crooks swipe Toys R Us Canada customer data and dump it online
• 22:5 : IT Security News Hourly Summary 2025-10-24 00h : 4 posts
• 21:55 : IT Security News Daily Summary 2025-10-23