IT Security News Daily Summary 2025-10-14

172 posts were published in the last hour

• 21:32 : The LLM Dependency Trap
• 21:2 : Microsoft Patch Tuesday for October 2025 — Snort rules and prominent vulnerabilities
• 20:32 : PolarEdge With Custom TLS Server Uses Custom Binary Protocol for C2 Communication
• 20:5 : IT Security News Hourly Summary 2025-10-14 21h : 2 posts
• 20:2 : 178K Invoicely Records Exposed in Cloud Data Leak
• 19:33 : Microsoft Patch Tuesday October 2025 – 172 Vulnerabilities Fixed Along with 4 Zero-days
• 19:32 : Researchers warn of widespread RDP attacks by 100K-node botnet
• 19:32 : Microsoft October 2025 Patch Tuesday – 4 Zero-days and 172 Vulnerabilities Patched
• 19:32 : FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands
• 19:32 : FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process
• 19:32 : Hackers Leverage Judicial Notifications to Deploy Info-Stealer Malware
• 19:32 : New Cyberattack Leverages NPM Ecosystem to Infect Developers While Installing Packages
• 19:32 : Securing AI agents with Amazon Bedrock AgentCore Identity
• 18:32 : Preparing for the Next Wave of AI-Driven Threats
• 18:32 : Beyond Alerts: Building Smarter, Context-Aware Threat Detection
• 18:3 : Microsoft Patch Tuesday October 2025, (Tue, Oct 14th)
• 18:3 : Feds Seize Record-Breaking $15 Billion in Bitcoin From Alleged Scam Empire
• 18:3 : Support for Windows 10 Ends Today Leaving Users Vulnerable to Cyberattacks
• 18:2 : Microsoft October 2025 Patch Tuesday – 4 Zero-days and 173 Vulnerabilities Patched
• 18:2 : Beyond Passwords and API Keys: Building Identity Infrastructure for the Autonomous Enterprise
• 18:2 : The Endpoint Has Moved to the Browser — Your Security Tools Haven’t
• 18:2 : The Defensive Gap: Why Modern SOCs Are Losing Ground and How to Close It
• 18:2 : China’s Flax Typhoon Exploits ArcGIS App for Year-Long Persistence
• 17:32 : Fortinet Strengthens Global Collaboration through the World Economic Forum’s Cybercrime Atlas
• 17:32 : ICE Uses Fake Tower Cells to Spy on Users
• 17:32 : Microsoft raises the bar: A smarter way to measure AI for cybersecurity
• 17:5 : IT Security News Hourly Summary 2025-10-14 18h : 9 posts
• 17:3 : How to use Gophish to fortify security awareness training
• 17:3 : CISA Releases One Industrial Control Systems Advisory
• 17:2 : Rockwell Automation 1715 EtherNet/IP Comms Module
• 17:2 : Danish Developer’s Website Sparks EU Debate on Online Privacy and Child Protection
• 17:2 : Chinese Hackers Exploit ArcGIS Server as Backdoor for Over a Year
• 16:32 : RondoDox: From Pwn2Own Vulnerabilities to Global Exploitation
• 16:32 : Upcoming Speaking Engagements
• 16:2 : 4,000,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Slider Revolution WordPress Plugin
• 16:2 : HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device
• 16:2 : Legacy Windows Protocols Still Expose Networks to Credential Theft
• 16:2 : SonicWall SSLVPN devices compromised using valid credentials
• 16:2 : Layoffs, reassignments further deplete CISA
• 15:32 : Our Path to Better Certificate Management With Vault and FreeIPA
• 15:32 : Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group
• 15:32 : #Pixnapping: Android Timing Attack Sends Google Back to the Drawing Board
• 15:32 : Indian Tax Department Fixes Major Security Flaw That Exposed Sensitive Taxpayer Data
• 15:2 : Sweatpants & Cyberthreats: Managing Remote Employee Risk
• 15:2 : 338 Malicious npm Packages Linked to North Korean Hackers
• 15:2 : Cybereason Acquired by MSSP Giant LevelBlue
• 15:2 : LevelBlue acquires Cybereason to expand global MDR, XDR, and threat response leadership
• 15:2 : Hacker Group TA585 Emerges With Advanced Attack Infrastructure
• 14:32 : Microsoft Limits IE Mode in Edge After Chakra Zero-Day Activity Detected
• 14:32 : Legacy IE Mode in Edge Opens Door to Hackers
• 14:32 : Harvard hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group
• 14:32 : New IAmAntimalware Tool Injects Malicious Code Into Processes Of Popular Antiviruses
• 14:32 : 178,000+ Invoices With Customers Personal Records Exposes from Invoice Platform Invoicely
• 14:32 : TA585 Hackers Uses Unique Web Injection Technique to Deliver MonsterV2 Malware Targeting Windows Systems
• 14:32 : Kaspersky Details Windows 11 Forensic Artifacts and Changes With Windows 10 for Investigators
• 14:32 : Thousands of North Korean IT Workers Using VPNs and ‘Laptop Farms’ to Bypass Origin Verification
• 14:32 : Asahi breach leaves bitter taste as brewer fears personal data slurped
• 14:32 : Senior Execs Falling Short on Cyber-Attack Preparedness, NCSC Warns
• 14:5 : IT Security News Hourly Summary 2025-10-14 15h : 18 posts
• 14:3 : Criminal IP to Showcase ASM and CTI Innovations at GovWare 2025 in Singapore
• 14:3 : Satellites found exposing unencrypted data, including phone calls and some military comms
• 14:3 : Mozilla is recruiting beta testers for a free, baked-in Firefox VPN
• 14:3 : SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM
• 14:3 : Sweet Security Named Cloud Security Leader and CADR Leader in Latio Cloud Security Report
• 14:3 : Picus Security uses AI to turn threat intelligence into attack simulations
• 14:3 : Regula simplifies identity verification with its new all-in-one IDV Platform
• 13:32 : PolarEdge C2 Communication via Custom Binary Protocol with Custom TLS Server
• 13:32 : AI-driven scams are preying on Gen Z’s digital lives​
• 13:32 : NetApp strengthens its enterprise data platform with new AI-focused innovations
• 13:32 : Unity SpeedTree Site Data Breach
• 13:32 : SimonMed Imaging Reports Data Breach
• 13:32 : Oracle Issues Urgent E Business Suite Fix
• 13:32 : Unverified COTS Hardware Risks Satellites
• 13:32 : Google And Mandiant Uncover Oracle Hack
• 13:3 : Keeping Up with Compliance: Navigating a Patchwork of Global Regulations in 2025
• 13:3 : From Prompts to Protocols: How Agentic Systems, MCP, Vibe Coding, and Schema-Aware Tools Are Rewiring Software Engineering
• 13:2 : Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware
• 13:2 : Fortinet Strengthens Global Collaboration Through the World Economic Forum’s Cybercrime Atlas
• 13:2 : Pixel-stealing “Pixnapping” attack targets Android devices
• 13:2 : Oracle rushes out another emergency E-Business Suite patch as Clop fallout widens
• 13:2 : Harvard Is First Confirmed Victim of Oracle EBS Zero-Day Hack
• 13:2 : Fraud Prevention Firm Resistant AI Raises $25 Million
• 12:32 : Police Bust GXC Team, One of the Most Active Cybercrime Networks
• 12:32 : Discord Weaponized as C2 Server Across Popular Open-Source Package Repositories
• 12:32 : UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling
• 12:32 : Discord Third-Party Breach Exposes User Data and Government IDs
• 12:32 : AI Startup by Dhravya Shah Gains $3 Million Investment and O-1 Visa Recognition
• 12:32 : Bitcoin Developer Warns NSA May Be Pushing “Quantum-Only” Cryptography Backdoor
• 12:32 : What AI Reveals About Web Applications— and Why It Matters
• 12:32 : New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
• 12:32 : RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing
• 12:32 : Moving Beyond Awareness: How Threat Hunting Builds Readiness
• 12:3 : 3 Best VPN for iPhone (2025), Tested and Reviewed
• 12:3 : ScreenConnect Abused by Threat Actors to Gain Unauthorized Remote Access to Your Computer
• 12:3 : SimonMed Data Breach Exposes 1.2 Million Patients Sensitive Information
• 12:2 : Pixnapping Attack Steals Data From Google, Samsung Android Phones
• 12:2 : Beyond the Black Box: Building Trust and Governance in the Age of AI
• 12:2 : Visa’s Trusted Agent Protocol sets new standard for secure agentic transactions
• 12:2 : Chinese Hackers Use Trusted ArcGIS App For Year-Long Persistence
• 11:32 : The Trump Administration’s Increased Use of Social Media Surveillance
• 11:5 : IT Security News Hourly Summary 2025-10-14 12h : 9 posts
• 11:3 : How Top SOCs Stay Up-to-Date on Current Threat Landscape
• 11:3 : Malicious NPM Packages Used in Sophisticated Developer Cyberattack
• 11:3 : SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets
• 11:3 : British govt agents demand action after UK mega-cyberattacks surge 50%
• 11:3 : RMPocalypse: New Attack Breaks AMD Confidential Computing
• 11:3 : CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future?
• 10:32 : Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials
• 10:2 : Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns
• 10:2 : Signal in the noise: what hashtags reveal about hacktivism in 2025
• 10:2 : Windows 10 Still on Over 40% of Devices as It Reaches End of Support
• 10:2 : No Good Deed Goes Unpunished: Why Voluntary Disclosure of Cybersecurity Violations Doesn’t Mean You Won’t Be Punished for Bad Security
• 10:2 : UK Firms Lose Average of £2.9m to AI Risk
• 9:32 : Wayve Discusses $2bn Funding Round With SoftBank, Microsoft
• 9:32 : SimonMed Data Breach Exposes Sensitive Information of 1.2 Million Patients
• 9:32 : Unverified COTS hardware enables persistent attacks in small satellites via SpyChain
• 9:32 : Rethinking Microsoft Security: Why Identity is Your First Line of Defense
• 9:2 : Trade Fracas Fuels Biggest-Ever Crypto Crash
• 9:2 : North Korean IT Workers Use VPNs and Laptop Farms to Evade Identity Verification
• 9:2 : UK: NCSC Reports 130% Spike in “Nationally Significant” Cyber Incidents
• 8:32 : Grindr Owners Launch Talks To Take Company Private
• 8:32 : Silicon UK In Focus Podcast: Speed to Customer
• 8:32 : PoC Released for Sudo chroot Flaw Allowing Local Privilege Escalation
• 8:32 : Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884
• 8:32 : Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands
• 8:32 : New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability
• 8:5 : IT Security News Hourly Summary 2025-10-14 09h : 9 posts
• 8:3 : OpenAI, Broadcom To Build AI Data Centres With Custom Chips
• 8:2 : Threat Actors Exploit ScreenConnect to Gain Unauthorized Remote Access
• 8:2 : The king is dead, long live the king! Windows 10 EOL and Windows 11 forensic artifacts
• 8:2 : npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
• 7:32 : Defrosting PolarEdge’s Backdoor
• 7:32 : Apple Brings iPhone Air To China
• 7:32 : Beyond VDI: Security Patterns for BYOD and Contractors in 2025
• 7:32 : Gcore Mitigates Record-Breaking 6 Tbps DDoS Attack
• 7:32 : Salesforce data leak, SimonMed breach, Chipmaker vs. Dutch government
• 7:2 : Netherlands Takes Control Of China-Owned Nexperia
• 7:2 : Ivanti Patches 13 Endpoint Manager Flaws Allowing Remote Code Execution
• 7:2 : EU biometric border system launches, suffers teeting problems
• 7:2 : Researchers Expose TA585’s MonsterV2 Malware Capabilities and Attack Chain
• 6:32 : TA585 Deploys Novel Web-Injection to Deliver MonsterV2 Malware on Windows
• 6:32 : Pro-Russian Hacktivist Attacking OT/ICS Devices to Steal Login Credentials
• 6:32 : Hackers Attacking macOS Users With Spoofed Homebrew Websites to Inject Malicious Payloads
• 6:32 : Russian Cybercrime Market Hub Transferring from RDP Access to Malware Stealer Logs to Access
• 6:32 : What if your privacy tools could learn as they go?
• 6:2 : 178,000+ Invoices Expose Customer Data from Invoicely Platform
• 6:2 : Elastic Cloud Enterprise Flaw Lets Attackers Run Malicious Commands
• 5:32 : Simple Prompt Injection Lets Hackers Bypass OpenAI Guardrails Framework
• 5:32 : The solar power boom opened a backdoor for cybercriminals
• 5:32 : FBI Shuts Down Breach Forums and New Cyber Threats Unveiled
• 5:5 : IT Security News Hourly Summary 2025-10-14 06h : 1 posts
• 5:2 : Clevo UEFI Leak Allows Signing of Malicious Firmware with BootGuard Keys
• 4:32 : Apple Bug Bounty Program Now Offers Up to $5 Million
• 4:32 : Fighting the Cyber Forever War: Born Defense Blends Investment Strategy With Just War Principles
• 4:32 : JPMorgan to Invest Up to $10 Billion in US Companies With Crucial Ties to National Security
• 4:32 : Cybersecurity jobs available right now: October 14, 2025
• 4:32 : What Chat Control means for your privacy
• 4:32 : Security validation: The key to maximizing ROI from security investments
• 3:32 : Hackers Can Bypass OpenAI Guardrails Using a Simple Prompt Injection Technique
• 2:32 : 6 Under-the-Radar Vendors That Supercharge Breach and Attack Simulation
• 1:32 : Satellites Are Leaking the World’s Secrets: Calls, Texts, Military and Corporate Data
• 0:2 : Axis Communications Vulnerability Exposes Azure Storage Account Credentials
• 23:32 : Phishing scams exploit New York’s inflation refund program
• 23:32 : Researchers break OpenAI guardrails
• 23:32 : NDSS 2025 – IMPACT 2025, Opening Remarks and Keynote 1
• 23:32 : Randall Munroe’s XKCD ‘’Fantastic Four”
• 23:32 : NDSS 2025 – IMPACT 2025, Session 1 and Session 2
• 23:32 : Diffie Hellmann’s Key Exchangevia
• 23:5 : IT Security News Hourly Summary 2025-10-14 00h : 1 posts
• 23:2 : ISC Stormcast For Tuesday, October 14th, 2025 https://isc.sans.edu/podcastdetail/9654, (Mon, Oct 13th)
• 23:2 : Phishing Scams Exploit New York’s Inflation Refund Program
• 22:55 : IT Security News Daily Summary 2025-10-13