Happy Halloween! 🎃

This week’s cyber threats are scarier than any haunted house. We’ve got banking trojans that disguise themselves as humans, nation-state ghosts haunting European diplomats, and AI tools conjuring up security nightmares that would make Frankenstein nervous.

Ransomware ghouls are back with new tricks, supply chain vampires are draining developer credentials, and Microsoft’s DNS went dark like a haunted mansion.

Whether you’re more afraid of deepfakes, zero-days, or your cloud services vanishing into thin air, this week’s wrap-up has something to give every security professional the chills.

Don’t let these threats sneak up on you—click through for the full horror show. 👻🔒💀

Malware & Vulnerabilities

This week revealed a disturbing range of new threats, from sophisticated banking trojans to supply chain attacks targeting developers.

• 🎣 Phishers are exploiting LastPass’s digital will feature, sending fake death notices to trick users into surrendering their master passwords. (Published on 27-Oct-2025, Malwarebytes). Read More

• 🐉 Qilin ransomware claimed over 40 victims monthly in 2025, now deploying Linux payloads with BYOVD exploits in hybrid attacks targeting multiple platforms simultaneously. (Published on 27-Oct-2025, The Hacker News). Read More

• 📱 HyperRat Android malware is being sold as a ready-made spy tool, offering attackers remote control, data theft capabilities, and mass phishing features. (Published on 27-Oct-2025, Hackread). Read More

• 🤖 Herodotus Android banking trojan mimics human behavior to bypass biometric detection systems, successfully conducting device takeover attacks in Italy and Brazil. (Published on 28-Oct-2025, The Hacker News). Read More

• 🧠 OpenAI’s Atlas browser vulnerability allows attackers to inject malicious instructions into ChatGPT memory via CSRF attacks, potentially executing remote code across devices. (Published on 28-Oct-2025, CSO Online). Read More

• 📦 Ten malicious npm packages were discovered stealing developer credentials on Windows, macOS, and Linux using four layers of obfuscation and fake CAPTCHA displays. (Published on 29-Oct-2025, The Hacker News). Read More

• 🔧 CISA ordered federal agencies to patch a VMware Tools vulnerability that Chinese hackers have been actively exploiting since October 2024. (Published on 30-Oct-2025, BleepingComputer). Read More

• 🤖 Attackers are hiding malware in Windows’ native AI stack data files, which security programs typically trust, creating stealthier living-off-the-land attacks. (Published on 30-Oct-2025, Dark Reading). Read More

• 🇦🇺 Australia warns of ongoing BadCandy webshell infections targeting unpatched Cisco IOS XE devices across the country. (Published on 31-Oct-2025, BleepingComputer). Read More

Major Cyberattacks & Incidents

From government data leaks to international cybercrime operations, this week highlighted the global scale of cyber threats.

• 🏛️ House Democrats’ unsecured resume database DomeWatch exposed 7,000 records containing PII and top secret clearance status, raising identity theft concerns. (Published on 27-Oct-2025, Hackread). Read More

• 🌏 Myanmar scam center raided by army sent stragglers fleeing into Thailand as explosions destroyed buildings, ending a major cybercrime operation. (Published on 28-Oct-2025, SecurityWeek). Read More

• 👦 US teen indicted for involvement in extremist “764” network, facing charges of child exploitation, animal cruelty, and cyberstalking. (Published on 28-Oct-2025, Hackread). Read More

• 🏥 Conduent data breach impacted millions, with hackers stealing names, addresses, birth dates, Social Security numbers, and health insurance information. (Published on 30-Oct-2025, SecurityWeek). Read More

• ⚖️ Ukrainian Conti ransomware suspect extradited from Ireland to the U.S. to face charges over global cyberattacks and $150M in ransom payments. (Published on 31-Oct-2025, Hackread). Read More

Espionage & Data Extraction

Nation-state actors continued their sophisticated campaigns, targeting critical infrastructure and diplomatic communications.

• 🎯 F5 confirmed limited impact from a nation-state cyberattack that allowed persistent access, resulting in theft of BIG-IP source code and customer configuration data. (Published on 29-Oct-2025, Malware Analysis). Read More

• 🕵️ China-linked hackers are exploiting a Windows zero-day to spy on European diplomats in Hungary, Belgium, and other European nations. (Published on 31-Oct-2025, BleepingComputer). Read More

DDoS, Outages & Infrastructure

Microsoft faced a significant disruption that affected global operations and highlighted cloud service vulnerabilities.

• ☁️ Microsoft suffered a DNS outage affecting Azure and Microsoft 365 services worldwide, preventing customers from accessing networks and critical cloud services. (Published on 29-Oct-2025, BleepingComputer). Read More

Cybersecurity Tools & Techniques

New tools emerged this week, both offensive and defensive, shaping the evolving security landscape.

• 🛠️ Russian ransomware gangs are weaponizing the open-source AdaptixC2 framework, an extensible post-exploitation and adversarial emulation tool designed for penetration testing. (Published on 30-Oct-2025, The Hacker News). Read More

• 🦡 OpenAI released “Aardvark,” a beta security model designed to automatically scan, analyze, and patch vulnerabilities in private and open-source code bases. (Published on 30-Oct-2025, CyberScoop). Read More

AI & Policy

As AI tools proliferate, security and policy concerns continue to mount around their implementation and misuse.

• 🎭 OpenAI’s Sora is exposing critical flaws in deepfake detection systems, showing how broken current verification methods have become. (Published on 27-Oct-2025, The Verge). Read More

• 💻 AI-generated code is creating expanded technical and security debt as development teams lack processes to prevent vulnerability replication and code bloat. (Published on 29-Oct-2025, Dark Reading). Read More

Vulnerability Research & Industry Analysis

Government agencies issued critical guidance to help organizations secure their infrastructure against emerging threats.

• 🔐 CISA and NSA, with Australian and Canadian partners, released urgent guidance to harden on-premise Microsoft Exchange Server and WSUS instances against exploitation. (Published on 31-Oct-2025, The Hacker News). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!