Ticker feed

Microsoft just released its biggest Patch Tuesday update ever, fixing a staggering 175 security vulnerabilities in October. This breaks all previous records and pushes 2025's total past 1,021 CVEs—already exceeding all of 2024 with two months remaining.

Two zero-day flaws are being actively exploited by attackers. CVE-2025-59230 affects Windows Remote Access Connection Manager, letting hackers escalate privileges to admin level. CVE-2025-24990 targets a Windows Agere modem driver, which Microsoft is completely removing from Windows.

The update also marks Windows 10's end of life. Organizations still using the OS—which holds 41% of the desktop market—must switch to Extended Security Updates to keep receiving patches.

Source: Dark Reading

Cyber-attacks against the UK jumped 50% in the past year, with security services now handling a nationally significant attack every other day, according to the National Cyber Security Centre. The agency dealt with 429 cyber incidents through September, with 18 classified as "highly significant" - including attacks on Marks & Spencer and Co-op Group.

China, Russia, Iran and North Korea pose the main state-level threats, while ransomware criminals drive much of the increase. GCHQ director Anne Keast-Butler warned businesses: "Don't be an easy target." Government ministers are urging all organizations to make cyber-resilience a board-level priority and prepare contingency plans for complete IT system failures.

Source: The Guardian

Federal authorities seized 127,271 Bitcoin worth $15 billion from Chen Zhi, alleged leader of a massive cybercrime network operating from Cambodia. The 38-year-old UK-Cambodian national built the Prince Group empire since 2015, running scam compounds across 30+ countries that relied on human trafficking and forced labor.

Chen faces up to 40 years in prison but remains at large. His network scammed over 250 people in New York alone out of millions. The U.S. and UK imposed coordinated sanctions on 146 people and organizations linked to Prince Group, while severing Cambodia's Huione Group from the U.S. financial system for laundering $4 billion in illicit proceeds.

Source: CyberScoop

Cybercriminals are targeting macOS users through fake Homebrew package manager websites that look identical to the real thing. The attackers created convincing replicas of brew.sh using domains like homebrewfaq.org and homebrewclubs.org.

When users visit these spoofed sites to install Homebrew, hidden JavaScript code manipulates their clipboard without permission. Instead of copying just the legitimate installation command, the fake "Copy" button secretly adds malicious code that downloads additional payloads from attacker-controlled servers.

The scam is particularly clever because it runs malicious commands in the background while the real Homebrew installation proceeds normally, making detection difficult. This represents a new twist on supply chain attacks by targeting the installation process rather than compromising official repositories.

Source: Cybersecurity News

Hackers calling themselves Scattered Lapsus$ Hunters have leaked personal details of over 5 million Qantas customers on the dark web after the airline refused to pay ransom demands. The stolen data includes names, email addresses, frequent flyer numbers, and in some cases home addresses, phone numbers, and even meal preferences.

The hackers gained access by calling Qantas call centers in June, pretending to be IT support staff and tricking employees into giving them access to customer service systems. Federal politicians were among those whose home addresses were exposed.

While no credit card details or passwords were stolen, authorities warn of increased scam attempts. Customers should hang up on unexpected calls claiming to be from Qantas and verify contact through official channels ending in qantas.com or qantas.com.au.

Source: The Guardian

Cybercriminals are using a clever new approach called "Beamglea" to phish credentials from industrial and electronics companies. Instead of injecting malicious code into NPM packages, they're abusing the legitimate unpkg.com CDN service to host phishing pages.

The attackers created 175 fake packages with names like "redirect-[random6chars]" that redirect victims to credential-stealing sites. They've targeted over 135 organizations including ArcelorMittal, D-Link, and ThyssenKrupp Nucera, generating 630+ HTML files disguised as purchase orders and technical documents.

Using automated Python tools, hackers customize attacks for each victim, pre-filling email addresses to make phishing pages appear legitimate. The campaign has accumulated 26,000 downloads, though many come from security researchers analyzing the threat.

Source: Security Week

AT&T is settling two massive data breaches for $177 million after hackers exposed personal information of over 170 million customers. The first breach in 2019 leaked Social Security numbers, birth dates, and names of 73 million people, while a 2024 hack accessed phone records of 109 million customers through AT&T's cloud provider Snowflake.

Customers affected by the 2019 breach can claim up to $5,000 with documented losses, or receive tiered payments based on whether their SSN was compromised. Those hit by the 2024 breach can get up to $2,500 with proof of losses, or share the remaining settlement funds equally.

The deadline to file claims is November 18, 2025. Customers affected by both breaches can file separate claims for each incident.

Source: CNET

Security researchers at InfoGuard Labs discovered serious vulnerabilities in Microsoft Defender for Endpoint that allow attackers to bypass authentication and manipulate security responses. The flaws let hackers intercept commands between Defender agents and Microsoft's cloud services using easily obtainable machine and tenant IDs from the Windows registry.

Attackers can spoof isolation commands, making infected devices appear secured in Microsoft's portal while remaining compromised. They can also upload malicious files to investigation packages, potentially tricking security analysts into executing malware during incident reviews.

Reported to Microsoft in July 2025, the company classified these as low-severity issues with no confirmed fixes as of October 2025, despite researchers arguing they pose significant post-breach risks.

Source: Cybersecurity News

Hackers have released personal data from 5 million Qantas customers on the dark web after the airline refused to pay ransom demands. The cybercriminal group Scattered Lapsus$ Hunters leaked email addresses, phone numbers, birth dates, and frequent flyer numbers stolen from a Salesforce database in June.

The breach affects 44 companies globally, including Gap, Toyota, Disney, McDonald's, and Adidas, with up to 1 billion customer records compromised. While no credit card or passport details were included in the Qantas leak, experts warn criminals could use the information for identity theft and personalized phishing scams.

Qantas has established a 24/7 support line for affected customers and implemented additional security measures since the attack.

Source: The Guardian

Chinese threat group Storm-2603 has weaponized Velociraptor, a legitimate digital forensics tool, to launch stealthy ransomware attacks. Cisco Talos researchers discovered the group using this open-source incident response tool to deploy multiple ransomware variants—Warlock, LockBit, and Babuk—on VMware ESXi servers in August.

The hackers exploited an outdated version of Velociraptor with a privilege escalation vulnerability, allowing them to maintain persistent access while avoiding detection. This marks a concerning shift where cybercriminals repurpose security tools designed to protect organizations.

Sophos researchers first documented similar attacks in August, noting threat actors used Velociraptor to establish command-and-control communications. Security teams should audit their Velociraptor installations and monitor for unauthorized binaries to prevent this tool from being turned against them.

Source: Dark Reading