Information security

Information security

In July, Microsoft fixed a flaw in its file sharing service SharePoint that was already being exploited by attackers. Later that month, Microsoft warned that hackers were making use of the zero-day to distribute ransomware, adding even more risk to the serious vulnerability. The SharePoint flaw is just one example of attackers becoming faster at exploiting vulnerabilities before they can be properly addressed by vendors and patched by organizations.

An October 2025 Microsoft Windows security update is wreaking havoc on enterprises, impacting multiple systems with bugs ranging from annoying to showstopper. The update in KB5066835 was intended to strengthen Windows cryptography, by moving from the older Cryptographic Services Provider (CSP) to the more secure Key Storage Provider (KSP), but users may now be experiencing issues with authentication, websites, updates, and even use of mice and keyboards.

Typically, when ransomware gets into a Windows machine, it first scans the cached memory, registry keys, file paths, and running processes to see whether the system is already infected, running on a malware analyst's computer, or trying to run in the sandboxed environment of a virtualized machine. If it sees any of these signs, it gives up, but if not, the ransomware sends a message back to the cybercriminals' servers

The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following the publication of its LOSTKEYS malware around the same time. While it's currently not known for how long the new malware families have been under development, the tech giant's threat intelligence team said it has not observed a single instance of LOSTKEYS since disclosure.

"I started to create videos about cryptocurrency and launch my own exchange on cryptocurrency," the Durham, North Carolina, resident said.

These threats out-pace traditional Indicators of Compromise (IoCs) that were once a core tenant of information sharing strategy. With the CISA 2015 temporarily lapsing, this moment spotlights the ways in which the U.S. must rethink its cyber intelligence strategy - moving from reactive, infrastructure-based signals to proactive, behavior-driven insights that enable organizations to anticipate and disrupt attacks before they materialize.

The campaign spreads the Odyssey Stealer and AMOS (Atomic macOS Stealer) malware families. Both families focus on stealing system information, browser data, and crypto wallet login details. The attacks are carefully designed to exploit developers' trust. The fake Homebrew and TradingView sites display seemingly legitimate download portals with buttons such as Copy command. When a user clicks the button, a hidden, base64-encoded Terminal command is copied to the clipboard.

The quantum theory of management includes an analogy for the physical law of the observer effect, where observing a system changes its state. When you make a metric a target, it is not useful as a metric. Instead of reflecting whatever underlying behavior it was intended to measure, the metric becomes a measure of how well the benchmark is being gamed.

On October 16 and 17, the ScatteredLAPSUS$Hunters Telegram channel repeatedly violated Telegram's TOS by leaking personal information on people - and in this case, information on employees of the Department of Justice (DOJ/FBI), U.S. Attorneys Office (DOJ/USAO), the Department of Homeland Security (DHS), and the Federal Aviation Authority (FAA). DataBreaches did not report on it at the time precisely because the files were still exposed. Instead, DataBreaches contacted Telegram to inquire why the channel hadn't been banned again for leaking sensitive information about government employees.

Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud. The coordinated law enforcement effort, dubbed Operation SIMCARTEL, saw 26 searches carried out, resulting in the arrest of seven suspects and the seizure of 1,200 SIM box devices, which contained 40,000 active SIM cards. Five of those detained are Latvian nationals.

The threat actors behind a malware family known as Winos 4.0 (aka ValleyRAT) have expanded their targeting footprint from China and Taiwan to target Japan and Malaysia with another remote access trojan (RAT) tracked as HoldingHands RAT (aka Gh0stBins). "The campaign relied on phishing emails with PDFs that contained embedded malicious links," Pei Han Liao, researcher with Fortinet's FortiGuard Labs, said in a report shared with The Hacker News.

In August, the New York State Department of Financial Services reached agreement with Healthplex, Inc., a licensed insurance agent and independent adjuster, to pay a $2 million civil penalty after a hacker executed a phishing attack on an employee's email and gained access to the private health data and sensitive nonpublic information of tens of thousands of Healthplex consumers. Eight years in the making, the final phase of New York's groundbreaking Cybersecurity Regulation Part 500 takes effect Nov. 1.

"Every day, organizations face a spectrum of insider risk, from accidental missteps to deliberate sabotage," states Dr. Margaret Cunningham, Vice President of Security & AI Strategy at Darktrace. "The high-profile cases we see in headlines - sabotage, bribery, espionage - are real and damaging, but they're relatively rare. The daily reality is far more mundane: employees forwarding files to personal accounts, bypassing controls to meet deadlines, or uploading sensitive data into unsanctioned AI tools. These 'tiny crimes' are normalized behaviors that, at scale, create significant organizational risk."

Travelers and fraudsters both use AI agents now, creating a challenge for fraud detection teams: How do they tell the difference between a real customer booking their own travel, an automated agent acting on behalf of a user, and an automated malicious agent that is engaging in legitimate user workflows? The problem becomes more complex as fraudsters have already tested these tactics during summer travel and are ready to exploit the busiest travel season of the year: the holidays.

The North Korean threat actor linked to the Contagious Interview campaign has been observed merging some of the functionality of two of its malware programs, indicating that the hacking group is actively refining its toolset. That's according to new findings from Cisco Talos, which said recent campaigns undertaken by the hacking group have seen the functions of BeaverTail and OtterCookie coming closer to each other more than ever, even as the latter has been fitted with a new module for keylogging and taking screenshots.

EXPERT OPINION - In order for the U.S. to successfully compete for global influence against its adversaries and to avoid a kinetic fight, we must excel at cognitive warfare; that is military activities designed to affect attitudes and behaviors. This type of warfare is a subset of irregular warfare (IW) and combines sensitive activities to include information operations, cyber, and psychological operations to meet a goal. To develop these kinds of operations, the U.S. needs intelligence professionals who are creative and experts in their field.

Members of Gen Z are often referred to as "digital natives." They were born and raised in the internet era and have been engaging with computers, tablets, smartphones, and other connected devices from an early age. In many ways, this gives Gen Z an advantage in today's increasingly digital working environments-but that isn't always the case. In fact, research has consistently shown that each generation has its own unique blind spots when it comes to safely navigating the digital realm.

Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money - while producing inferior results. The benefits of pen testing are clear. By empowering "white hat" hackers to attempt to breach your system using similar tools and techniques to an adversary, pen testing can provide reassurance that your IT set-up is secure. Perhaps more importantly, it can also flag areas for improvement.

The activity, codenamed Operation Zero Disco by Trend Micro, involves the weaponization of CVE-2025-20352 (CVSS score: 7.7), a stack overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow an authenticated, remote attacker to execute arbitrary code by sending crafted SNMP packets to a susceptible device. The intrusions have not been attributed to any known threat actor or group.

His analysis cites academic research published in August as part of the USENIX Security Symposium. The paper, "Confusing Value with Enumeration: Studying the Use of CVEs in Academia," (Moritz Schloegel et al.), reports that 34 percent of 1,803 CVEs cited in research papers over the past five years either have not been publicly confirmed or have been disputed by maintainers of the supposedly vulnerable software projects. The authors argue that CVEs should not be taken as a proxy for the real-world impact of claimed vulnerabilities.

The following Resecurity report will explore the Qilin ransomware-as-a-service (RaaS) operation's reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin is one of the most prolific and formidable threat groups extorting organizations today. Most notably, they recently claimed responsibility for the September ransomware attack that crippled operations and manufacturing functions at Japanese brewing conglomerate, Asahi Group Holdings, for nearly two weeks.

You probably know by now that 10-year-old Windows 10 is no longer supported. Microsoft won't provide bug fixes, security patches, or other important updates to defend these PCs against new vulnerabilities. However, if you're still running Windows 10, the good news is Microsoft Defender will still protect your computer against viruses and other threats. Protected by Defender In a Tuesday blog post spotted by the folks at Neowin, Microsoft explained how Defender in its different incarnations will continue to work as expected in Windows 10.