IT Security News Daily Summary 2025-10-22

145 posts were published in the last hour

• 21:34 : NDSS 2025 – Symposium On Usable Security And Privacy (USEC) 2025, Paper Session 1
• 21:34 : Smart Tactics for Effective Secrets Rotation
• 21:34 : Choosing the Right Secrets Scanning Tools
• 21:34 : Satisfy Compliance with Improved IAM Policies
• 21:34 : Optimizing Secrets Sprawl Management
• 21:4 : No, ICE (Probably) Didn’t Buy Guided Missile Warheads
• 20:34 : PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025
• 20:4 : How to choose the right AWS service for managing secrets and configurations
• 19:7 : The Rise of Collaborative Tactics Among China-aligned Cyber Espionage Campaigns
• 19:6 : Bitter APT Exploiting Old WinRAR Vulnerability in New Backdoor Attacks
• 19:6 : Critical Vulnerability in MCP Server Platform Exposes 3,000+ Servers and Thousands of API Keys
• 19:5 : IT Security News Hourly Summary 2025-10-22 21h : 4 posts
• 18:34 : Navigating the Next Chapter in Corporate Renewable Energy
• 18:34 : TP-Link urges immediate updates for Omada Gateways after critical flaws discovery
• 18:34 : Russia’s Coldriver Ramps Up Malware Development After LostKeys Exposure
• 18:5 : CISA Adds One Known Exploited Vulnerability to Catalog
• 18:5 : Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files
• 18:4 : Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
• 17:34 : Canada Fines Cybercrime Friendly Cryptomus $176M
• 17:34 : New PassiveNeuron Attacking Servers of High-Profile Organizations to Implant Malware
• 17:34 : SOCs Have a Quishing Problem: Here’s How to Solve It
• 17:34 : Critical Argument Injection Vulnerability in Popular AI Agents Let Attackers Execute Remote Code
• 17:5 : ChatGPT Atlas: The First Step Toward AI Operating Systems
• 17:5 : The Long Tail of the AWS Outage
• 17:5 : OSCP vs. OSWE: Which Certification Fits Your Career Goals?
• 17:5 : Amazon resolves major AWS outage that disrupted apps, websites, and banks globally
• 17:4 : The Rise of AI Agents and the Growing Need for Stronger Authorization Controls
• 16:34 : China Memory Maker CXMT Prepares Massive IPO
• 16:34 : From Platform Cowboys to Governance Marshals: Taming the AI Wild West
• 16:34 : Over 100 Chrome extensions break WhatsApp’s anti-spam rules
• 16:34 : The CISO imperative: Building resilience in an era of accelerated cyberthreats
• 16:5 : IT Security News Hourly Summary 2025-10-22 18h : 10 posts
• 16:5 : Rival Hackers Dox Alleged Operators of Lumma Stealer
• 16:4 : Lumma Infostealer Malware Attacks Users to Steal Browser Cookies, Cryptocurrency Wallets and VPN/RDP Accounts
• 16:4 : New Tykit Phishing Kit Mimics Microsoft 365 Login Pages to Steal Corporate Account Credentials
• 16:4 : Survey: Cybersecurity Teams Struggling to Keep Pace in the Age of AI
• 16:4 : MuddyWater Uses Compromised Mailboxes in Global Phishing Campaign
• 16:4 : PhantomCaptcha Campaign Targets Ukraine Relief Organizations
• 15:34 : Dataminr to Acquire Cybersecurity Firm ThreatConnect in $290M Deal
• 15:34 : Sam Altman’s eye-scanning orb promises to prove humanity in the age of AI bots
• 15:34 : This free IGA tool boosts your identity security
• 15:34 : How to detect disposable email domains without relying on 3rd party APIs and lists
• 15:4 : When Addressing Cyber Attacks in Healthcare, Prevention is Better Than Treatment
• 15:4 : TARmageddon Flaw in Popular Rust Library Leads to RCE
• 15:4 : AI security flaws afflict half of organizations
• 15:4 : CISA’s international, industry and academic partnerships slashed
• 14:34 : webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant?, (Wed, Oct 22nd)
• 14:34 : TARmageddon flaw in Async-Tar Rust library allows to smuggle extra archives when the library is processing nested TAR files
• 14:34 : Attackers target retailers’ gift card systems using cloud-only techniques
• 14:5 : Threat Actors Advancing Email Phishing Attacks to Bypass Security Filters
• 14:5 : Critical Vulnerability In Oracle E-Business Suite’s Marketing Product Allows Full Access To Attackers
• 14:5 : Chinese Hackers Using ToolShell Vulnerability To Compromise Networks Of Government Agencies
• 14:5 : Decoding Microsoft 365 Audit Log Events Using Bitfield Mapping Technique – Investigation Report
• 14:5 : Multiple Gitlab Security Vulnerabilities Let Attackers Trigger DoS Condition
• 14:5 : Critical Vulnerabilities Patched in TP-Link’s Omada Gateways
• 14:5 : Nation-State Hackers Breach F5 Networks, Exposing Thousands of Government and Corporate Systems to Imminent Threat
• 14:5 : Geospatial Tool Turned Into Stealthy Backdoor by Flax Typhoon
• 13:35 : SocGholish Malware Using Compromised Sites to Deliver Ransomware
• 13:34 : Fileless Remcos Attacks: Injecting Malicious Code into RMClient to Evade EDR
• 13:34 : Forking confusing: Vulnerable Rust crate exposes uv Python packager
• 13:34 : From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting
• 13:34 : Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July Patch
• 13:5 : Threat Actors Exploiting Azure Blob Storage to Breach Organizational Repositories
• 13:5 : The Rise of AI-Powered Threats and Other Mobile Risks Highlight Why It’s Time to Rethink Your Security Architecture
• 13:5 : What is data masking?
• 13:5 : Take It from a Former Pen Tester: Zero-Days Aren’t the Problem. One-Days Are.
• 13:5 : Keycard Emerges From Stealth Mode With $38 Million in Funding
• 13:5 : Ivanti enhances its solutions portfolio to drive secure, scalable, and streamlined IT operations
• 13:5 : Romanian Prisoner Hacks Prison IT
• 13:5 : Union Cyberattack Raises Concerns
• 13:5 : Copilot Flaw Exposes Sensitive Data
• 13:5 : Google Finds New Russian Malware
• 13:5 : PolarEdge Expands Router Botnet
• 13:5 : IT Security News Hourly Summary 2025-10-22 15h : 7 posts
• 12:34 : SharkStealer Adopts EtherHiding Technique for C2 Communication Evasion
• 12:34 : Azure Apps Vulnerability Lets Hackers Create Malicious Apps Mimicking Microsoft Teams
• 12:34 : Russian APT Switches to New Backdoor After Malware Exposed by Researchers
• 12:34 : Retail Cyberattacks Reveal Hidden Weaknesses In Supply Chain Security
• 12:34 : Rubrik Agent Cloud speeds enterprise AI with built-in security and guardrails
• 12:34 : Attackers turn trusted OAuth apps into cloud backdoors
• 12:34 : Bridging the Remediation Gap: Introducing Pentera Resolve
• 12:4 : Hackers Exploit Microsoft 365 Direct Send to Evade Filters and Steal Data
• 12:4 : What Makes a Great Field CXO: Lessons from the Front Lines
• 12:4 : Phishing Scams Weaponize Common Apps to Fool Users
• 12:4 : JLR Hack UK’s Costliest Ever, Hitting Economy with £1.9bn Loss
• 11:34 : Hackers Use ASP.NET Machine Keys to Break Into IIS, Push Malicious Extensions
• 11:34 : Failures in Face Recognition
• 11:34 : Fencing and Pet Company Jewett-Cameron Hit by Ransomware
• 11:5 : Jaguar Land Rover cyber-meltdown tipped to cost the UK almost £2B
• 11:5 : How Proxies Help Combat Data Scraping and Fraud
• 11:4 : China’s DNA Data Bank Initiative Sparks Debate on Privacy and Surveillance
• 11:4 : Axoflow Security Data Layer unifies data pipeline, storage, and analytics for security team
• 11:4 : Why You Should Swap Passwords for Passphrases
• 10:34 : Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign
• 10:34 : Bitter APT Exploits WinRAR Zero-Day Through Malicious Word Files to Steal Sensitive Data
• 10:34 : New GlassWorm Using Invisible Code Hits Attacking VS Code Extensions on OpenVSX Marketplace
• 10:34 : Threat Actors Allegedly Selling Monolock Ransomware on Dark Web Forums
• 10:34 : Oracle Releases October 2025 Patches
• 10:34 : You’ve Lost Access to Your Online Account! What Happens Now?
• 10:34 : Elastic introduces Agent Builder to simplify AI agent development
• 10:5 : IT Security News Hourly Summary 2025-10-22 12h : 3 posts
• 10:4 : PhantomCaptcha | Multi-Stage WebSocket RAT Targets Ukraine in Single-Day Spearphishing Operation
• 10:4 : Deep analysis of the flaw in BetterBank reward logic
• 9:34 : Researchers Identify PassiveNeuron APT Using Neursite and NeuralExecutor Malware
• 9:4 : From Firewalls to Zero Trust: 10 Best Practices for Next-Gen Business Data Security
• 8:34 : Netherlands Warns Voters Against Using AI
• 8:34 : TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
• 8:34 : Scattered Lapsus$ Hunters Signal Shift in Tactics
• 8:5 : OpenAI Debuts AI-Enabled Browser, ChatGPT Atlas
• 8:5 : Vidar Stealer Exploits: Direct Memory Attacks Used to Capture Browser Credentials
• 8:4 : Hackers Earn Over $520,000 on First Day of Pwn2Own Ireland 2025
• 8:4 : Keycard emerges from stealth with identity and access solution for AI agents
• 7:34 : Netherlands’ Axelera Expands AI Chip Range With ‘Europa’
• 7:34 : Are We Failing to Secure Files? Attackers Aren’t Failing to Check
• 7:34 : UK data regulator defends decision not to investigate MoD Afghan data breach
• 7:34 : Russian hackers replace malware with new tools, Windows updates cause login issues, campaign targets high-profile servers
• 7:5 : Google Partners with StopNCII to Block Revenge Porn
• 7:5 : Netherlands, China In Talks Over Nexperia’s Future
• 7:5 : Millions of Credentials Stolen Each Day by Stealer Malware
• 7:5 : How to Detect and Mitigate Hit and Run DDoS Attacks
• 7:5 : Life, death, and online identity: What happens to your online accounts after death?
• 7:5 : IT Security News Hourly Summary 2025-10-22 09h : 3 posts
• 6:34 : New Rust Malware “ChaosBot” Hides Command-and-Control Inside Discord
• 6:34 : Russia-linked COLDRIVER speeds up malware evolution after LOSTKEYS exposure
• 6:34 : Threat Actors Compromise Xubuntu Website To Deliver Malicious Windows Executable
• 6:4 : New Salt Typhoon Attacks Leverage Zero-Days and DLL Sideloading
• 6:4 : OpenFGA: The open-source engine redefining access control
• 5:34 : For blind people, staying safe online means working around the tools designed to help
• 5:34 : TP-Link Patches Four Omada Gateway Flaws, Two Allow Remote Code Execution
• 5:4 : Hackers Exploit OAuth Apps to Keep Cloud Access Even After Password Resets
• 5:4 : STOP! Elders Cyber Scams Are Costing Billions—Here’s How to Fight Back
• 5:4 : 3 DevOps security pitfalls and how to stay ahead of them
• 5:4 : Ransomware Dominates Cyber Attacks & AI Tools for Cybersecurity | Tech News Update
• 4:34 : Companies want the benefits of AI without the cyber blowback
• 4:5 : IT Security News Hourly Summary 2025-10-22 06h : 1 posts
• 3:34 : All You Need to Know About Palm Vein Unlocking Technology
• 3:5 : Chrome V8 JavaScript Engine Vulnerability Let Attackers Execute Remote Code
• 2:4 : ISC Stormcast For Wednesday, October 22nd, 2025 https://isc.sans.edu/podcastdetail/9666, (Wed, Oct 22nd)
• 1:34 : MITRE ATT&CK is Deprecating a Tactic: 3 Takeaways from the “Defense Evasion” Break-up
• 1:5 : IT Security News Hourly Summary 2025-10-22 03h : 1 posts
• 1:4 : How Adaptable is Your Secrets Security Strategy?
• 22:5 : Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
• 22:5 : Stopping Coordinated Attacks from Mumbai | Application Detection & Response | Contrast Security
• 22:5 : IT Security News Hourly Summary 2025-10-22 00h : 5 posts
• 21:55 : IT Security News Daily Summary 2025-10-21