Another wild week in cybersecurity! From nation-state actors breaching major tech companies to botnets going global, hackers weren’t taking any days off.

We’ve got everything from AI guardrails getting schooled by basic prompt injection to a vulnerability so severe Microsoft had to break out their highest-ever severity score. Oh, and YouTube decided to take a little nap this week too.

Cybersecurity stories covering everything from malware hiding in GitHub images to North Korean job scams that would make your HR department cry. Check out the full roundup to see what kept security teams caffeinated this week.

Stay paranoid, friends. 🔐

Major Cyberattacks & Incidents

This week saw significant breaches affecting major organizations and massive data exposures.

• 🚨 Extortion group leaked millions of records from Salesforce hacks affecting Albertsons, Engie Resources, Fujifilm, GAP, Qantas, and Vietnam Airlines. (Published on 13-Oct-2025, SecurityWeek). Read More

• 🔓 F5 disclosed a breach by nation-state actors who stole BIG-IP source code and information about undisclosed vulnerabilities, maintaining long-term persistent network access. (Published on 15-Oct-2025, The Hacker News). Read More

• 🎓 Harvard University was breached in Oracle zero-day attack, with Clop ransomware group claiming responsibility as part of broader campaign against Oracle customers. (Published on 15-Oct-2025, Dark Reading). Read More

• 📊 Elasticsearch leak exposed 6 billion records from global data breaches and scraping sources, including banking and personal details from multiple regions. (Published on 15-Oct-2025, Hackread). Read More

Malware & Vulnerabilities

Sophisticated malware campaigns and new attack techniques dominated security headlines.

• 🦀 New Rust-based malware ChaosBot uses Discord channels to control victims’ PCs, exploiting compromised Cisco VPN credentials and over-privileged Active Directory accounts. (Published on 12-Oct-2025, The Hacker News). Read More

• 💾 Astaroth banking trojan evolved to use GitHub and steganography for resilient C2, hiding commands in images to steal banking and crypto credentials across Latin America. (Published on 14-Oct-2025, Hackread). Read More

• 📱 Pixnapping attack allows attackers to steal 2FA on Android, with proof-of-concept targeting Gmail, Google Accounts, Google Authenticator, Google Maps, Signal, and Venmo. (Published on 14-Oct-2025, Dark Reading). Read More

• 🇰🇵 North Korea’s Famous Chollima merged BeaverTail and OtterCookie malware in job scam campaigns, using keylogging, screen recording, and cryptocurrency wallet theft tactics. (Published on 16-Oct-2025, Hackread). Read More

• 🎭 Tech support scam uses Microsoft logo to fake browser locks and steal data through payment lures and urgent security alerts to trick victims. (Published on 16-Oct-2025, Hackread). Read More

• 🌐 Malicious Perplexity Comet Browser download ads pushed malware via Google, with fake Comet Browser links spreading malware disguised as official installer with DarkGate ties. (Published on 17-Oct-2025, Hackread). Read More

Critical Vulnerabilities & Patches

Organizations rushed to patch severe security flaws across major platforms and systems.

• 🔧 Fortra belatedly admitted GoAnywhere file-transfer service max-severity vulnerability was actively exploited weeks after researchers and officials confirmed it independently. (Published on 13-Oct-2025, CyberScoop). Read More

• 📞 Hackers targeted ICTBroadcast servers via cookie exploit to gain remote shell access, exploiting CVE-2025-2611 vulnerability in autodialer software allowing unauthenticated remote code execution. (Published on 15-Oct-2025, The Hacker News). Read More

• 💥 RMPocalypse attack exploits single 8-byte write to shatter AMD’s SEV-SNP confidential computing, exploiting incomplete protections allowing single memory manipulation to undermine security guarantees. (Published on 14-Oct-2025, The Hacker News). Read More

• 📦 SAP patched critical vulnerabilities in NetWeaver, Print Service, and SRM, rolling out additional protections for insecure deserialization bugs resolved in NetWeaver AS Java. (Published on 14-Oct-2025, SecurityWeek). Read More

• ⚠️ Microsoft assigned highest-ever severity score to ASP.NET Core vulnerability CVE-2025-55315, an HTTP request smuggling bug leading to information leaks, file tampering, and server crashes. (Published on 17-Oct-2025, SecurityWeek). Read More

• 🔐 WatchGuard VPN bug CVE-2025-9242 could let attackers take over devices, an out-of-bounds write vulnerability affecting Fireware OS versions allowing unauthenticated remote code execution. (Published on 17-Oct-2025, The Hacker News). Read More

• 🌍 Over 266,000 F5 BIG-IP instances exposed to remote attacks online following F5’s disclosure of security breach, creating widespread vulnerability across enterprise infrastructure. (Published on 17-Oct-2025, BleepingComputer). Read More

Infrastructure Attacks & Network Threats

Large-scale infrastructure attacks and network exploitation campaigns emerged this week.

• 🌐 Massive multi-country botnet is targeting Remote Desktop Protocol services in United States from more than 100,000 IP addresses in large-scale coordinated attack campaign. (Published on 13-Oct-2025, BleepingComputer). Read More

• 🔧 Hackers deployed Linux rootkits via Cisco SNMP flaw in “Zero Disco” attacks, weaponizing CVE-2025-20352 stack overflow vulnerability in Simple Network Management Protocol on older unprotected systems. (Published on 16-Oct-2025, The Hacker News). Read More

• 📺 YouTube experienced global outage with playback errors affecting both website and mobile apps worldwide, disrupting millions of users’ access to the video platform. (Published on 15-Oct-2025, BleepingComputer). Read More

AI & Emerging Threats

Artificial intelligence security and innovative defense tactics made headlines.

• 🤖 OpenAI’s Guardrails can be bypassed by simple prompt injection attacks, with researchers quickly defeating system’s AI judges weeks after release, exposing ongoing OpenAI security concerns. (Published on 13-Oct-2025, Hackread). Read More

Defensive Actions & Industry Events

Organizations took proactive steps to combat threats while the security community planned future competitions.

• 🛡️ Microsoft revoked over 200 certificates to disrupt ransomware campaign, attributing attacks to Vanilla Tempest, also known as Vice Spider and Vice Society threat actors. (Published on 16-Oct-2025, SecurityWeek). Read More

• 🏆 Over 3 million dollars in prizes offered at Pwn2Own Automotive 2026, set for January in Tokyo with six categories including Tesla, infotainment systems, and EV chargers. (Published on 17-Oct-2025, SecurityWeek). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!