⚡ The threat landscape never slows down — but awareness keeps you ahead.

This week’s highlights focus on patching smarter, spotting early risks, and staying ready for what’s next.

🛡️ Stay sharp. Patch fast. Defend better.

🔗 Read the full recap: https://thehackernews.com/2025/10/weekly-recap-oracle-0-day-bitlocker.html

🚨 Chrome prefs can be poisoned.

Attackers can force malicious extensions active by default—bypassing policies.

The secret? A flaw in Chrome’s super_mac.

Learn how it works → https://thehackernews.com/2025/10/threatsday-bulletin-carplay-exploit.html#prefs-can-be-poisoned-extensions-forced-active

🚨 A Chinese research lab — BIETA — linked to Beijing’s spy agency has been developing covert communication and malware tools for years, according to a new report.

They’ve been selling them under the guise of “forensics” and “network testing” products.

Full story ↓ https://thehackernews.com/2025/10/new-report-links-research-firms-bieta.html

🚨 Attackers now exploit new vulnerabilities within hours—but most orgs still patch once a month.

The result? $5M average breach cost and rising.

The old patch cycle isn’t slow—it’s negligent.

The future is continuous, real-time remediation ↓ https://thehackernews.com/expert-insights/2025/10/continuous-patch-management-why-future.html

🚨 Microsoft just confirmed a critical GoAnywhere flaw (CVE-2025-10035) — already exploited to deploy Medusa ransomware.

Attackers had a month-long head start — silently breaching orgs while vendors stayed quiet.

It’s not just RCE — it’s persistence, lateral movement, and Cloudflare-tunneled C2.

Details ↓ https://thehackernews.com/2025/10/microsoft-links-storm-1175-to.html

🚨 Oracle EBS just joined CISA’s Known Exploited list.

Cl0p (aka Graceful Spider) is using CVE-2025-61882 — a 9.8 RCE — to hit unpatched systems right now.

Attackers are chaining five bugs to hijack servers pre-auth.

Patch immediately. Read how the attack works ↓ https://thehackernews.com/2025/10/oracle-ebs-under-fire-as-cl0p-exploits.html

🚨WARNING: CVE-2025-49844 (RediShell): Redis flaw rated 10.0 CVSS

A 13-year-old bug lets attackers escape Lua sandbox and run code on the host.

Even worse — 60,000 Redis servers online have no auth.

Patch now or risk full system takeover: https://thehackernews.com/2025/10/13-year-redis-flaw-exposed-cvss-100.html

⚡ALERT: XWorm 6.0 is back — and it’s evolved.

Now packing 35+ plug-ins for everything from webcam spying to ransomware ops.

Over 18,000 devices compromised — and even threat actors got hit.

Learn more ↓ https://thehackernews.com/2025/10/xworm-60-returns-with-35-plugins-and.html

Fragmented IAM is slowing teams down.

Learn why IAM silos happen and strategies to bridge the gaps in this Tines webinar.

Register now: https://thn.news/identity-sync

⚠️ AI just overtook shadow IT.

New data shows generative AI is now the #1 vector for corporate data loss — bigger than unmanaged SaaS or file sharing.

And the main culprit isn’t uploads. It’s copy/paste → https://thehackernews.com/2025/10/new-research-ai-is-already-1-data.html

🔥 Google just gave AI the power to patch your code — automatically.

DeepMind’s new AI agent, CodeMender, has already rewritten 4.5+ million lines of code across open-source projects & shipped 72 security fixes.

The next bug bounty? Might go to a bot ↓ https://thehackernews.com/2025/10/googles-new-ai-doesnt-just-find.html

A fake job offer is stealing Facebook business accounts.

Hackers posing as recruiters are sending “Marriott job descriptions” that secretly install Vampire Bot — a Go-based malware that screenshots your system.

It’s still active. ↓ https://thehackernews.com/2025/10/batshadow-group-uses-new-go-based.html

🚨 OpenAI just disrupted 3 clusters abusing ChatGPT for malware—Russia, North Korea, China. Scammers even stripped em-dashes to dodge “AI-written” tells.

RAT/C2 snippets, Telegram exfil, macOS Finder ext.

The iteration pattern that fingerprints them ↓ https://thehackernews.com/2025/10/openai-disrupts-russian-north-korean.html

🚨 A single design flaw in Figma’s MCP server just opened a path to remote code execution.

Developers using AI-powered tools like Cursor were exposed for months.

The fix is out — details here ↓ https://thehackernews.com/2025/10/severe-figma-mcp-vulnerability-lets.html

💼 The board doesn’t speak ‘cyber.’

And that’s why even the smartest CISOs lose funding.

A new course is teaching security leaders how to turn threat data into boardroom decisions — before compliance fines or missed budgets hit.

⚡ Learn more → https://thehackernews.com/expert-insights/2025/10/cracking-boardroom-code-helping-cisos.html

💣 Three of the world’s most dangerous ransomware gangs just joined forces.

LockBit, DragonForce, and Qilin are pooling tools, infrastructure, and targets — a move that could supercharge attacks on critical sectors.

Full story → https://thehackernews.com/2025/10/lockbit-qilin-and-dragonforce-join.html

🎃 This Halloween, face your password nightmares.

Think your passwords are safe? Most IT teams did—until the breach.

Join “Tales from the Password Graveyard” — real stories, real lessons, and how to stop the next one.

Live webinar — don’t miss it → https://thehackernews.com/2025/10/step-into-password-graveyard-if-you.html

AI is now writing the next wave of cyberattacks.

The irony? Most defenders still can’t use it effectively.
The attackers are faster—and smarter.

Here’s how to fight back ↓ https://thehackernews.com/2025/09/automation-is-redefining-pentest.html

China-linked hackers just turned a trusted open-source tool into a weapon.

They used log poisoning to slip a web shell onto servers — and dropped Gh0st RAT without custom malware.

100+ servers hit, Gh0st RAT deployed, and the control panel? Written in Russian.

Find details here → https://thehackernews.com/2025/10/chinese-hackers-weaponize-open-source.html

🚨 New Threat ALERT! Hackers are exploiting WordPress themes with fake Cloudflare checks, redirecting users to malware via porsasystem[.]com.

Meanwhile, new ClickFix phishing kits use cache smuggling to deliver “invisible” payloads—no downloads needed.

How to spot & kill it ↓ https://thehackernews.com/2025/10/hackers-exploit-wordpress-themes-to.html

🚨 Hackers are hijacking WordPress sites right now.

A critical flaw (CVE-2025-5947) in the Service Finder theme lets anyone log in as an admin — no password needed.

13,800+ exploit attempts. Still rising.
Most sites haven’t patched.

Details here → https://thehackernews.com/2025/10/critical-exploit-lets-hackers-bypass.html