F5 Confirms Nation-State Breach, Source Code and Vulnerability Data Stolen
F5 has confirmed it was the victim of a state-sponsored cyberattack that allowed hackers to access its internal…
Hack Read
Microsoft Patch Tuesday Oct 2025 Fixs 175 Vulnerabilities including 3 Zero-Days
October's Microsoft Patch Tuesday fixes 170+ flaws, including 3 actively exploited zero-days and critical WSUS RCE (CVSS 9.8). Immediate patching is mandatory. Final free updates for Windows 10.
BreachLock Named Representative Provider for Penetration Testing as a Service (PTaaS) in New Gartner® Report
New York, United States, 15th October 2025, CyberNewsWire
Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches
An Elasticsearch leak exposed 6 billion records from global data breaches and scraping sources, including banking and personal details tied to multiple regions.
MCPTotal Launches to Power Secure Enterprise MCP Workflows
New York, USA, New York, 15th October 2025, CyberNewsWire
Fake Google Job Offer Email Scam Targets Workspace and Microsoft 365 Users
Cybersecurity firm Sublime Security details a new credential phishing scam impersonating Google Careers to steal login details from Google Workspace and Microsoft 365 users.
Microsoft Limits IE Mode in Edge After Chakra Zero-Day Activity Detected
Microsoft restricted access to Edge's IE Mode in August 2025 after hackers used a Chakra zero-day flaw to bypass security and take over user devices. Check out the new steps for enabling IE Mode.
Criminal IP to Showcase ASM and CTI Innovations at GovWare 2025 in Singapore
Torrance, United States, 14th October 2025, CyberNewsWire
Sweet Security Named Cloud Security Leader and CADR Leader in Latio Cloud Security Report
Tel Aviv, Israel, 14th October 2025, CyberNewsWire
From Prompts to Protocols: How Agentic Systems, MCP, Vibe Coding, and Schema-Aware Tools Are Rewiring Software Engineering
Modern software engineering faces growing complexity across codebases, environments, and workflows. Traditional tools, although effective, rely heavily on…
Police Bust GXC Team, One of the Most Active Cybercrime Networks
Spanish Guardia Civil and Group-IB arrest 'GoogleXcoder,' the 25-year-old Brazilian mastermind of the GXC Team, for selling AI-powered phishing kits and malware used to steal millions from banks across the US, UK, Spain, and Brazil.
How Top SOCs Stay Up-to-Date on Current Threat Landscape
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.
Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns
Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America.
Gcore Mitigates Record-Breaking 6 Tbps DDoS Attack
Luxembourg, Luxembourg, 14th October 2025, CyberNewsWire
ShinyHunters Leak Data from Qantas, Vietnam Airlines and Other Major Firms
ShinyHunters and its affiliate hackers have leaked data from 6 firms, including Qantas and Vietnam Airlines, after claiming to breach 39 companies via a Salesforce vulnerability.
OpenAI’s Guardrails Can Be Bypassed by Simple Prompt Injection Attack
Just weeks after its release, OpenAI’s Guardrails system was quickly bypassed by researchers. Read how simple prompt injection attacks fooled the system’s AI judges and exposed an ongoing security concern for OpenAI.
Invoicely Database Leak Exposes 180,000 Sensitive Records
Cybersecurity researcher Jeremiah Fowler discovered nearly 180,000 files, including PII and banking details, left exposed on an unprotected database linked to the Invoicely platform. Read about the identity theft and financial fraud risks for over 250,000 businesses worldwide.
Auth Bypass Flaw in Service Finder WordPress Plugin Under Active Exploit
An Authentication Bypass (CVE-2025-5947) in Service Finder Bookings plugin allows any unauthenticated attacker to log in as an administrator. Over 13,800 exploit attempts detected. Update to v6.1 immediately.
Stealit Malware Using Node.js to Hide in Fake Game and VPN Installers
Fortinet warns of Stealit, a MaaS infostealer, now targeting Windows systems and evading detection by using Node.js’s SEA feature while hiding in fake game and VPN installers.
Nanoprecise partners with AccuKnox to strengthen its Zero Trust Cloud Security and Compliance Posture
Menlo Park, USA, 10th October 2025, CyberNewsWire
