🚨 North Korea–linked BlueNoroff is running two active campaigns — GhostCall & GhostHire — into 2025.

GhostCall fakes Zoom/Teams meetings to drop malware via bogus SDK “updates.”

GhostHire targets Web3 devs on Telegram with booby-trapped GitHub tests.

Full report ↓ https://thehackernews.com/2025/10/researchers-expose-ghostcall-and.html

🚨 New Android Trojan ‘Herodotus’ is on the move.

It’s hitting phones in 🇮🇹 Italy & 🇧🇷 Brazil — stealing 2FA codes, logins, even lock PINs — and typing like a human to slip past fraud detection.

🔗 Read full report → https://thehackernews.com/2025/10/new-android-trojan-herodotus-outsmarts.html

🔥 Researchers just broke Intel & AMD’s newest “secure” enclaves — again.

A sub-$1K hardware rig can steal attestation keys from fully patched systems running SGX, TDX, and SEV-SNP with Ciphertext Hiding.

Even constant-time crypto and DDR5 encryption couldn’t stop it.

Learn how TEE-Fail cracks open AI and confidential VMs ↓ https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html

🚨 CISA confirmed ACTIVE exploitation of new flaws in Dassault Systèmes’ DELMIA Apriso and XWiki.

One lets any guest run code.
Another gives full admin access.
Hackers are already dropping crypto miners.

Agencies have until Nov 18 to patch ↓ https://thehackernews.com/2025/10/active-exploits-hit-dassault-and-xwiki.html

🚨 10 fake npm packages (~9.9K installs) hid a cross-platform info stealer.

It spawns a fake terminal, pulls a 24 MB payload from 195.133.79[.]43, and drains keyrings — not just browser creds.

Instant access to email, cloud, VPNs, and prod DBs.

Read details ↓ https://thehackernews.com/2025/10/10-npm-packages-caught-stealing.html

🚨 Russian hackers breached Ukrainian networks — no malware needed.

They hijacked Windows tools (PowerShell, RDPClip, OpenSSH) to steal data and stay hidden for months.

Real fileless persistence — living in memory, invisible to AV.

Learn how they did it & how to detect it ↓ https://thehackernews.com/2025/10/russian-hackers-target-ukrainian.html

🔴 The next big breach won’t start with a stolen password.

It’ll come from your own AI.

Agentic AIs are the new “confused deputies” — doing what attackers tell them, with the access you gave them.

The scariest part? You trained the threat ↓ https://thehackernews.com/2025/10/preparing-for-digital-battlefield-of.html

⚡ Your AI-driven compliance might already be non-compliant.

Regulators aren’t ready — but you can be.

Join the live session Nov 3 to uncover hidden risks and real fixes.

Register free → https://thehackernews.com/2025/10/discover-practical-ai-tactics-for-grc.html

⚠️ AI browsers like ChatGPT Atlas and Perplexity Comet can be tricked into using fake data.

A new exploit — “AI-targeted cloaking” — lets attackers show one version of a page to humans and another to AI crawlers.

Same old SEO trick.
New weapon: misinformation at scale.

Read how it works ↓ https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html

🚨 PHP servers are under attack.

Mirai, Mozi, and Gafgyt botnets are exploiting old CVEs to hijack WordPress and Craft CMS sites.

Some break-ins start from leftover PhpStorm debug sessions still running in production.

Check if yours is exposed ↓ https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html

🚨 PhantomRaven hit the npm registry — 126 malicious packages, 86K+ installs, stealing npm tokens, GitHub creds, and CI/CD secrets.

They hide malware in remote dynamic dependencies that show 0 deps, so scanners miss them.

Details → https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html

⚡ Cybercrime just got quieter, cheaper, and a lot more precise.

💥 DNS flaws exploited
💥 Rust binaries hiding payloads
💥 Supply-chain heists rising
💥 New RATs everywhere

Your weekly ThreatsDay recap has it all → https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html

🚨 A single line of JavaScript can crash any Chromium browser.

Researcher Jose Pino calls it Brash — it abuses how document.title handles rapid updates.

24 million title changes per second = instant crash.

Still unpatched. Details ↓ https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html

⚠️ “Patch everything” is dead.

At the BAS Summit, CISOs said it straight — not every vuln matters, only the exploitable ones do.

Breach simulation shows where you bleed, not where scanners scream.

Proof beats panic. Read how BAS powers real defense → https://thehackernews.com/2025/10/the-death-of-security-checkbox-bas-is.html

🔥 A tool built for defenders is now arming attackers.

AdaptixC2 — an open-source C2 in Golang — was made for red teams.

Now, Russian ransomware gangs use it in fake Microsoft Teams help-desk scams.

Details ↓ https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html

💀 Google says it blocks over 10 billion scam calls and messages every month.

But scammers have adapted — they’ve gone social.

Now they send fake job offers in group chats, even adding fake “friends” to make it look real.

The new scam tactic most experts overlooked ↓ https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html

CISA added a new VMware zero-day to its KEV list.

CVE-2025-41244 (CVSS 7.8) lets local users on VMs with VMware Tools + Aria Operations gain root access.

Exploited since Oct 2024 by China-linked UNC5174.

Patch released last month ↓ https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html

Developers accidentally leaked VS Code tokens — letting attackers publish fake extensions.

Eclipse has revoked the tokens and added new safeguards after a campaign dubbed “GlassWorm.”

Read → https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html

A Mac app just bypassed macOS permission checks — silently turning on the mic and camera.

ThreatLocker’s new Device Access Control (DAC) for macOS, now in Beta, flags hidden risks like unencrypted drives, SMBv1, and weak sharing settings — before attackers can exploit them.

Learn more ↓ https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html

CISA and NSA just issued a warning:

Exchange servers are still getting hacked. Now a new WSUS flaw (CVE-2025-59287) lets attackers run code remotely.

Even patched systems aren’t fully safe.

If you manage Exchange or WSUS, read this ↓ https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html