The Akira ransomware group claims to have stolen 23GB of data from Apache OpenOffice, including employee and financial records, though the breach remains unverified. This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and…
IT Security News Daily Summary 2025-10-30
155 posts were published in the last hour 21:34 : Hidden npm Malware Exposes New Supply Chain Weakness 21:4 : Gartner Recognizes Flowable in 2025 Magic Quadrant for Business Orchestration and Automation Technologies 20:35 : OpenAI’s Aardvark is an AI…
Hidden npm Malware Exposes New Supply Chain Weakness
Hidden npm malware steals developer credentials, exposing major software supply chain risks in the open-source ecosystem. The post Hidden npm Malware Exposes New Supply Chain Weakness appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Gartner Recognizes Flowable in 2025 Magic Quadrant for Business Orchestration and Automation Technologies
ZÜRICH, Switzerland – Flowable, a global provider of enterprise automation and orchestration software, has been recognized in the… This article has been indexed from Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More Read the original article: Gartner…
OpenAI’s Aardvark is an AI Security Agent Combating Code Vulnerabilities
OpenAI on Thursday launched Aardvark, an artificial intelligence (AI) agent designed to autonomously detect and help fix security vulnerabilities in software code, offering defenders a potentially valuable tool against malicious hackers. The GPT-5-powered tool, currently in private beta, represents what…
IT Security News Hourly Summary 2025-10-30 21h : 4 posts
4 posts were published in the last hour 20:4 : How Android provides the most effective protection to keep you safe from mobile scams 19:34 : Public Exploit Code Released for Critical BIND 9 DNS Vulnerability 19:34 : Canada Warns…
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek, Manager, Android Messaging & Chrome Extensions Security As Cybersecurity Awareness Month wraps up, we’re focusing on…
Public Exploit Code Released for Critical BIND 9 DNS Vulnerability
A public exploit for a critical BIND 9 flaw renews DNS cache-poisoning risk, enabling forged records and traffic redirection. The post Public Exploit Code Released for Critical BIND 9 DNS Vulnerability appeared first on eSecurity Planet. This article has been…
Canada Warns of Cyberattacks Targeting Industrial Control Systems
Hackers breached Canadian water, energy, and farm systems, prompting national warnings to secure industrial control networks. The post Canada Warns of Cyberattacks Targeting Industrial Control Systems appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read…
Suspected Chinese snoops weaponize unpatched Windows flaw to spy on European diplomats
Expired security cert, real Brussels agenda, plus PlugX malware finish the job Cyber spies linked to the Chinese government exploited a Windows shortcut vulnerability disclosed in March – but that Microsoft hasn’t fixed yet – to target European diplomats in…
New Windows-Based Airstalk Malware Employs Multi-Threaded C2 Communication to Steal Logins
A newly discovered Windows malware family named Airstalk has emerged as a sophisticated threat capable of exfiltrating sensitive browser credentials through an innovative covert command-and-control channel. Available in PowerShell and .NET variants, this malware demonstrates advanced capabilities including multi-threaded communications,…
New Agent-Aware Cloaking Leverages OpenAI ChatGPT Atlas Browser to Deliver Fake Content
A new agent-aware cloaking technique uses AI browsers like OpenAI’s ChatGPT Atlas to deliver misleading content. This method allows malicious actors to poison the information AI systems ingest, potentially manipulating decisions in hiring, commerce, and reputation management. By detecting AI…
New Lampion Stealer Uses ClickFix Attack to Silently Steal Login Credentials
Researchers have uncovered a sophisticated campaign leveraging the Lampion banking trojan, a malware strain that has operated since 2019 with a renewed focus on Portuguese financial institutions. The threat actor group behind these operations has refined its tactics significantly, introducing…
Proton trains new service to expose corporate infosec cover-ups
Service will tell on compromised organizations, even if they didn’t plan on doing so themselves Some orgs would rather you not know when they’ve suffered a cyberattack, but a new platform from privacy-focused tech firm Proton will shine a light…
The 5 generative AI security threats you need to know about detailed in new e-book
In this blog post, we’ll highlight the key themes covered in the e-book, including the challenges organizations face, the top generative AI threats to organizations, and how companies can enhance their security posture to meet the dangers of today’s unpredictable…
Spyware-Plugged ChatGPT, DALL·E and WhatsApp Apps Target US Users
Are you using a fake version of a popular app? Appknox warns US users about malicious brand clones hiding on third-party app stores. Protect yourself from hidden spyware and ‘commercial parasites.’ This article has been indexed from Hackread – Cybersecurity…
Latest Windows 11 Update Hit by Task Manager Bug – It Won’t Close!
A strange but concerning bug has surfaced following a recent optional update for Windows 11, potentially slowing down… The post Latest Windows 11 Update Hit by Task Manager Bug – It Won’t Close! appeared first on Hackers Online Club. This…
Brush exploit can cause any Chromium browser to collapse in 15-60 seconds
“Brash” flaw in Chromium’s Blink engine lets attackers crash browsers instantly via a single malicious URL, researcher Jose Pino revealed. Security researcher Jose Pino found a severe vulnerability, named Brash, in Chromium’s Blink rendering engine that can be exploited to crash many…
US Defense Contractor Boss Sold Zero Days to Russia — Cops a Plea
So long and thanks for all the fish: Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker. The post US Defense Contractor Boss Sold Zero Days to Russia — Cops a Plea appeared first on Security…
Trick, treat, repeat
Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities. This article has been indexed from Cisco Talos Blog Read the…
WhatsApp adds passkey protection to end-to-end encrypted backups
This means if you lose your device, you can use methods like fingerprint, face, or the screen lock code of your previous device to access WhatsApp’s backup. This article has been indexed from Security News | TechCrunch Read the original…
RediShell RCE Vulnerability Exposes 8,500+ Redis Instances to Code Execution Attacks
The cybersecurity landscape faced a critical threat in early October 2025 with the public disclosure of RediShell, a severe use-after-free vulnerability in Redis’s Lua scripting engine. Identified as CVE-2025-49844 and dubbed “RediShell” by Wiz researchers, this flaw enables attackers to…
700+ Malicious Android Apps Abusing NFC Relay to Exfiltrate Banking Login Credentials
A sophisticated malware campaign exploiting Near Field Communication technology on Android devices has expanded dramatically since its emergence in April 2024. What began as isolated incidents has escalated into a widespread threat, with over 760 malicious applications now circulating in…
Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs. AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration…