ICYMI: 2025-10-30
Latest Headlines
Google’s Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month
Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
New “Brash” Exploit Crashes Chromium Browsers Instantly with a Single Malicious URL
The Death of the Security Checkbox: BAS Is the Power Behind Real Defense
ThreatsDay Bulletin: DNS Poisoning Flaw, Supply-Chain Heist, Rust Malware Trick and New RATs Rising
PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs
Spektrum Labs Emerges From Stealth to Help Companies Prove Resilience
Major US Telecom Backbone Firm Hacked by Nation-State Actors
Canada Says Hackers Tampered With ICS at Water Facility, Oil and Gas Firm
136 NPM Packages Delivering Infostealers Downloaded 100,000 Times
Former US Defense Contractor Executive Admits to Selling Exploits to Russia
New Lampion Stealer Uses ClickFix Attack to Silently Steal Login Credentials
New Agent-Aware Cloaking Leverages OpenAI ChatGPT Atlas Browser to Deliver Fake Content
New Windows-Based Airstalk Malware Employs Multi-Threaded C2 Communication to Steal Logins
700+ Malicious Android Apps Abusing NFC Relay to Exfiltrate Banking Login Credentials
RediShell RCE Vulnerability Exposes 8,500+ Redis Instances to Code Execution Attacks
CISA Releases Best Security Practices Guide for Hardening Microsoft Exchange Server
New Malware Targeting WooCommerce Sites with Malicious Plugins Steals Credit Card Data
12 Malicious Extension in VSCode Marketplace Steal Source Code and Exfiltrate Login Credentials
Multiple Jenkins Vulnerability SAML Authentication Bypass And MCP Server Plugin Permissions
OpenAI confirms GPT-5 is now better at handling mental and emotional distress
Massive surge of NFC relay malware steals Europeans’ credit cards
CISA orders feds to patch VMware Tools flaw exploited by Chinese hackers
Major telecom services provider Ribbon breached by state hackers
BPO giant Conduent confirms data breach impacts 10.5 million people
Ex-L3Harris exec guilty of selling cyber exploits to Russian broker
CISA and NSA share tips on securing Microsoft Exchange servers
Rethinking identity security in the age of autonomous AI agents
LinkedIn phishing targets finance execs with fake board invites
Microsoft promises more Copilot features in Microsoft 365 companion apps
– MTZ