🚨 New Adobe Commerce flaw (CVE-2025-54236, CVSS 9.1) under active attack.

Over 250 exploit attempts in 24 hours—mostly on unpatched Magento sites.

PoC is public. Patch now.

Details → https://thehackernews.com/2025/10/over-250-magento-stores-hit-overnight.html

🎁 Hackers found a new jackpot — cloud gift cards.

A group called Jingle Thief broke into retail cloud systems and quietly issued fake gift cards for months, hiding inside Microsoft 365 accounts.

Full story ↓ https://thehackernews.com/2025/10/jingle-thief-hackers-exploit-cloud.html

In this 20-minute session, learn how to harden your images, secure dependencies, and lock down your CI/CD pipeline against real-world supply chain attacks.

📅 Tuesday, Oct 28 | 8 AM PST | 11 AM EST

🎥 Register Now ↓ https://thn.news/secure-stack-webinar

🚨 Static secrets are fading fast.

Teams using managed identities cut 95% of credential hassle—yet hidden API keys still lurk in legacy systems.

The fix? Run NHI discovery to find every key, then migrate 70–80% to managed identities.

Your roadmap ↓ https://thehackernews.com/2025/10/why-organizations-are-abandoning-static.html

From crypto fines to malware & data leaks — the week’s biggest cyber hits:

🇨🇦 Cryptomus fined $176M
🛰️ Starlink scam crackdown
🤖 AI vuln in Oat++ MCP
📧 Tykit phishing campaign

.... 15+ more important news stories.

Read the latest #ThreatsDay Bulletin 👇 https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html

📢 WEBINAR ALERT!

You can’t secure what you can’t see. AI agents are spreading fast — unseen, unmanaged & risky.

Join this free #cybersecurity session to learn how leading security teams are regaining control & speed.

🗓️ 27 Oct, 2025

🔗 Watch This ↓ https://thehackernews.com/2025/10/secure-ai-at-scale-and-speed-learn.html

North Korean hackers are posing as recruiters—again.

This time, they’re stealing drone tech from Europe’s defense firms.

The trap? A fake job PDF hiding a remote access tool.

It’s been active—undetected—since March.

Read → https://thehackernews.com/2025/10/north-korean-hackers-lure-defense.html

🚨 GlassWorm hits VS Code extensions — 14 infected builds, ~35K installs since Oct 17 2025.

It steals dev creds, drains crypto wallets, turns machines into bots — and auto-updates itself.

Read ↓ https://thehackernews.com/2025/10/self-spreading-glassworm-infects-vs.html

🚨 Hackers turned YouTube into a malware factory. Over 3,000 fake “tutorials” hide stealers like Lumma and Rhadamanthys.

They hijack real channels — likes, comments, and all — to look legit.

Even that “Photoshop crack” or “Roblox cheat” video could infect you.

Read here ↓ https://thehackernews.com/2025/10/3000-youtube-videos-exposed-as-malware.html

Your SOC passed every test.
But your people? Failed the real one.

Modern AEV tools prove your defenses work —
until humans enter the equation.

The next frontier of validation isn’t technical.
It’s behavioral ↓ https://thehackernews.com/expert-insights/2025/10/beyond-tools-why-testing-human.html

🚨 A bug in the FIA driver portal exposed Formula 1 drivers’ personal data — including passports and licenses.

Anyone could become an “admin” with a single API request.

The flaw is now fixed — but it was open for days ↓ https://thehackernews.com/2025/10/threatsday-bulletin-176m-crypto-fine.html#admin-bug-exposes-formula-1-driver-data

India’s BOSS Linux systems are under silent attack.

A Pakistan-linked group just dropped a new Golang RAT — DeskRAT — hidden inside fake government PDFs.

It sticks around with 4 persistence tricks and steals files through WebSockets.

Read ↓ https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html

Microsoft just patched a critical WSUS flaw (CVE-2025-59287) — and attackers are already using it.

One crafted request = full SYSTEM control.

The twist? It comes from BinaryFormatter — the same tool Microsoft killed off last year.

Patch now ↓ https://thehackernews.com/2025/10/microsoft-issues-emergency-patch-for.html

🚨 194,000 fake sites. $1B stolen.

The Smishing Triad is posing as USPS, banks, and toll services — all hosted on U.S. clouds to stay invisible.

Next target: brokerage accounts.

Full report ↓ https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html

⚡ OpenAI’s new ChatGPT Atlas browser can be hijacked by a fake URL.

A prompt injection disguised as a normal link tricks the omnibox into running hidden commands.

One click, and your AI agent takes orders from attackers.

Read here ↓ https://thehackernews.com/2025/10/chatgpt-atlas-browser-can-be-tricked-by.html

Qilin ransomware just got smarter.

It’s hitting Windows and Linux together, wiping Veeam backups, and using a vulnerable driver to shut down security tools — all in one strike.

Over 100 victims in June alone.

Full story ↓ https://thehackernews.com/2025/10/qilin-ransomware-combines-linux-payload.html

CISOs planning 2026 budgets are rethinking priorities.

Data visibility & DSPM are moving from “nice-to-have” to the foundation for risk reduction, faster audits & ROI.

Read: Why Data Visibility Belongs in Your 2026 Cybersecurity Budget 👇 https://thn.news/security-priority-guide

🔥 The week in cyber: patches weren’t fast enough, trust wasn’t enough, and attackers weren’t waiting.

→ WSUS exploited
→ LockBit 5.0 returns
→ Telegram backdoor
→ F5 breach deepens
→ YouTube malware surge
→ MuddyWater spying
→ Lazarus fake jobs
→ CoPhish OAuth attack
→ Russia bug law
→ UN cyber treaty

⚡ Read the recap: https://thehackernews.com/2025/10/weekly-recap-wsus-exploited-lockbit-50.html

🚨 New exploit targets ChatGPT Atlas AI browser.

Researchers at LayerX found a CSRF flaw that lets attackers inject code into its persistent memory, surviving across browsers, sessions, and devices.

Once infected, even a normal chat can silently execute hidden commands.

Full report ↓ https://thehackernews.com/2025/10/new-chatgpt-atlas-browser-exploit-lets.html

⚠️ WARNING: X users with security keys (like YubiKeys) must re-enroll 2FA by Nov 10, 2025 — or get locked out.

The update moves keys from twitter[.]com to x[.]com as Twitter’s domain is retired.

Details ↓ https://thehackernews.com/2025/10/x-warns-users-with-security-keys-to-re.html

⚡ Security and speed shouldn’t be enemies.

But when AI agents multiply faster than controls can keep up, most orgs fall into firefighting mode.

Join our live session to see how forward-thinking teams are:

✅ Governing thousands of AI agents automatically
✅ Embedding security guardrails that scale
✅ Shipping AI features faster — and safer

Live webinar: Learn how to scale AI securely, without compromise → https://thehacker.news/securing-ai-adoption