🚨 CISA just flagged a live zero-day in Smartbedded Meteobridge.

Remote attackers can hijack weather stations → full root access.

No login needed—just click a link. CGI script + eval = instant code execution.

Patches only dropped in May ↓ https://thehackernews.com/2025/10/cisa-flags-meteobridge-cve-2025-4008.html

🚨 A new APT group is hijacking real government email accounts to hack Russian state agencies.

Their malware exfiltrates data through a Telegram bot.

And it’s not just Russia—English & Arabic filenames suggest the target list is much wider.

Read ↓ https://thehackernews.com/2025/10/new-cavalry-werewolf-attack-hits.html

⚡ Enterprises are hitting a new blind spot.

Passwork 7 now combines password + secrets management in one platform.

That means SSH keys, tokens, and DB logins live next to everyday credentials — all gated by roles and vault design.

One misstep = organization-wide exposure.

Here’s how it works ↓ https://thehackernews.com/2025/10/product-walkthrough-how-passwork-7.html

🕵️ One click. One ZIP.

SORVEPOTEL self-replicates through WhatsApp Web — blasting itself to all your contacts and groups until your account is banned.

Targets enterprises, uses LNK → PowerShell for persistence.

Read more → https://thehackernews.com/2025/10/researchers-warn-of-self-spreading.html

⚠️ Rhadamanthys now fingerprints devices and hides malware inside PNG/JPEG/WAV files.

It’s sold by subscription from $299/mo — a business, not a hobby.

Expert detail: payloads need a secret key from the C2 server to decrypt (stego delivery).

Read the stealth trick that beats many scanners → https://thehackernews.com/2025/10/rhadamanthys-stealer-evolves-adds.html

💀 Another breach caused by a “secure” password.
Hackers don’t need zero-days when your policy is the backdoor.

See why complexity rules fail—and how to block breached creds before attackers use them.

📅 Join the live webinar. Save your spot → https://thehacker.news/password-graveyard

🚨 Detour Dog just flipped the script!

The group once known for shady redirects is now pushing Strela Stealer via hacked WordPress sites + DNS TXT records.

90% of sites look normal—until they quietly fetch malware.

Learn more ↓ https://thehackernews.com/2025/10/detour-dog-caught-running-dns-powered.html

🧨 500% surge in scans hitting Palo Alto Networks logins.

GreyNoise says it’s the highest spike in months — and eerily mirrors Cisco ASA activity seen right before two zero-days dropped.

History may be repeating itself.

Read what they saw first → https://thehackernews.com/2025/10/scanning-activity-on-palo-alto-networks.html

🚨 New: “CometJacking” turns Perplexity’s Comet into an insider threat.

A single URL hijacks the agent, queries memory (collection=…), and Base64s your Gmail/Calendar off-box—no creds needed.

Perplexity says “no impact.”

See the exact payload + defenses → https://thehackernews.com/2025/10/cometjacking-one-click-can-turn.html

🚨 Oracle just rushed a patch for CVE-2025-61882 — a 9.8 critical flaw in E-Business Suite already exploited by Cl0p in live data theft attacks.

The zero-day lets attackers seize control without a username or password.

Experts warn many may already be breached.

Details here ↓ https://thehackernews.com/2025/10/oracle-rushes-patch-for-cve-2025-61882.html

A “harmless” ICS calendar file exploited Zimbra’s XSS zero-day flaw (CVE-2025-27915) — turning an invite into a full data stealer.

Target: Brazil’s military.
The script waited 72 hours before exfiltrating credentials.

Read → https://thehackernews.com/2025/10/zimbra-zero-day-exploited-to-target.html

[New] China-linked group UAT-8099 is hijacking Microsoft IIS servers across 🇮🇳🇹🇭🇻🇳🇨🇦🇧🇷 — not to steal data, but to manipulate Google search rankings and loot credentials.

The kicker? Their malware only activates when Googlebot visits.

Inside: RDP persistence, BadIIS variants, and stealth backlink fraud ↓ https://thehackernews.com/2025/10/chinese-cybercrime-group-runs-global.html

Your AI models may already be leaking data.

The worst part? Most “AI security tools” can’t even see it.

Here’s what to ask before trusting any AI-SPM solution ↓ https://thehackernews.com/2025/10/5-critical-questions-for-adopting-ai.html

⚡ The threat landscape never slows down — but awareness keeps you ahead.

This week’s highlights focus on patching smarter, spotting early risks, and staying ready for what’s next.

🛡️ Stay sharp. Patch fast. Defend better.

🔗 Read the full recap: https://thehackernews.com/2025/10/weekly-recap-oracle-0-day-bitlocker.html

🚨 Chrome prefs can be poisoned.

Attackers can force malicious extensions active by default—bypassing policies.

The secret? A flaw in Chrome’s super_mac.

Learn how it works → https://thehackernews.com/2025/10/threatsday-bulletin-carplay-exploit.html#prefs-can-be-poisoned-extensions-forced-active

🚨 A Chinese research lab — BIETA — linked to Beijing’s spy agency has been developing covert communication and malware tools for years, according to a new report.

They’ve been selling them under the guise of “forensics” and “network testing” products.

Full story ↓ https://thehackernews.com/2025/10/new-report-links-research-firms-bieta.html

🚨 Attackers now exploit new vulnerabilities within hours—but most orgs still patch once a month.

The result? $5M average breach cost and rising.

The old patch cycle isn’t slow—it’s negligent.

The future is continuous, real-time remediation ↓ https://thehackernews.com/expert-insights/2025/10/continuous-patch-management-why-future.html

🚨 Microsoft just confirmed a critical GoAnywhere flaw (CVE-2025-10035) — already exploited to deploy Medusa ransomware.

Attackers had a month-long head start — silently breaching orgs while vendors stayed quiet.

It’s not just RCE — it’s persistence, lateral movement, and Cloudflare-tunneled C2.

Details ↓ https://thehackernews.com/2025/10/microsoft-links-storm-1175-to.html

🚨 Oracle EBS just joined CISA’s Known Exploited list.

Cl0p (aka Graceful Spider) is using CVE-2025-61882 — a 9.8 RCE — to hit unpatched systems right now.

Attackers are chaining five bugs to hijack servers pre-auth.

Patch immediately. Read how the attack works ↓ https://thehackernews.com/2025/10/oracle-ebs-under-fire-as-cl0p-exploits.html

🚨WARNING: CVE-2025-49844 (RediShell): Redis flaw rated 10.0 CVSS

A 13-year-old bug lets attackers escape Lua sandbox and run code on the host.

Even worse — 60,000 Redis servers online have no auth.

Patch now or risk full system takeover: https://thehackernews.com/2025/10/13-year-redis-flaw-exposed-cvss-100.html