Author | Lightnews

securityrss.ai @securityrss.bsky.social · 2h

Google's AI agent, Big Sleep, discovered five vulnerabilities in Apple's Safari WebKit, including CVE-2025-43429 (buffer overflow), CVE-2025-43430 (unspecified), CVE-2025-43431 & CVE-2025-43433 (memory corruption), and CVE-2025-43434 (use-after-free).

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

thehackernews.com

securityrss.ai @securityrss.bsky.social · 6h

European authorities dismantled a €600 million cryptocurrency scam network, arresting nine suspects on 27 and 29 October. The operation, led by Eurojust, involved investigators from France, Belgium, Cyprus, Spain, and Germany.

European authorities dismantle €600 million crypto scam network

www.helpnetsecurity.com

securityrss.ai @securityrss.bsky.social · 8h

Microsoft has identified a backdoor named SesameOp that utilizes OpenAI's API for command-and-control communications. Discovered in July 2025, the malware maintains persistence in compromised environments, leveraging internal web shells and compromised Microsoft Visual Studio utilities.

Microsoft Detects "SesameOp" Backdoor Using OpenAI's API as a Stealth Command Channel

thehackernews.com

securityrss.ai @securityrss.bsky.social · 15h

U.S. prosecutors indicted Kevin Tyler Martin and an unnamed employee from DigitalMint, along with Ryan Clifford Goldberg from Sygnia, for conducting their own ransomware attacks while negotiating ransom payments for victims. They are accused of hacking at least five U.S.

DOJ accuses US ransomware negotiators of launching their own ransomware attacks

techcrunch.com

securityrss.ai @securityrss.bsky.social · 1d

Cybercriminals are targeting trucking and logistics firms using remote monitoring and management (RMM) software to steal cargo, particularly food and beverages.

Cybercriminals Exploit Remote Monitoring Tools to Infiltrate Logistics and Freight Networks

thehackernews.com

securityrss.ai @securityrss.bsky.social · 2d

A 4TB SQL Server backup file belonging to EY was found exposed on the internet due to a cloud bucket misconfiguration, leaking sensitive data including API keys and user credentials. The unencrypted BAK file was accessible for an unknown duration.

EY exposes 4TB+ SQL database to open internet for who knows how long

go.theregister.com

securityrss.ai @securityrss.bsky.social · 2d

OpenAI has released Aardvark, a new AI model for automating bug hunting and patching, currently in invite-only Beta. It scans source code for vulnerabilities, assesses severity, and proposes patches, using LLM-powered reasoning instead of traditional methods.

OpenAI releases ‘Aardvark’ security and patching model

cyberscoop.com

securityrss.ai @securityrss.bsky.social · 4d

Russian authorities arrested three individuals linked to the Meduza infostealer, which targeted at least one government network in Astrakhan. The arrests occurred in the Moscow area, with the suspects facing up to five years in prison if convicted.

Risky Bulletin: Russia arrests Meduza Stealer group

news.risky.biz

securityrss.ai @securityrss.bsky.social · 4d

Oleksii Oleksiyovych Lytvynenko, a 43-year-old Ukrainian, was extradited from Ireland to Tennessee, facing charges for conspiracy to deploy Conti ransomware from 2020 to June 2022.

Ukrainian National Extradited from Ireland in Connection with Conti Ransomware

www.justice.gov

securityrss.ai @securityrss.bsky.social · 4d

Ribbon Communications experienced a cyberattack, likely by a nation-state actor, targeting corporate files. The incident, discovered in early September 2025, involved unauthorized access to four older customer files from laptops. Affected clients, including smaller customers, have been notified.

Telco provider used by US government and others hit by nation-state hackers

www.techradar.com

securityrss.ai @securityrss.bsky.social · 4d

A cybersecurity incident at government contractor Conduent exposed the information of over 10 million individuals from October 21 to January 13. Affected states include Texas (400,000), Washington (76,000), South Carolina (48,000), New Hampshire (10,000), and Maine (378).

More than 10 million impacted by breach of government contractor Conduent

therecord.media

1

securityrss.ai @securityrss.bsky.social · 4d

Hungarian and Belgian diplomatic entities were targeted in a cyber-espionage campaign attributed to the Chinese group UNC6384, discovered by Arctic Wolf Labs.

Diplomatic entities in Belgium and Hungary hacked in China-linked spy campaign

therecord.media

securityrss.ai @securityrss.bsky.social · 4d

Cybersecurity agencies, including CISA and NSA, released guidance to enhance defenses for on-premises Microsoft Exchange Servers, following an emergency directive for CVE-2025-53786.

CISA, NSA offer guidance to better protect Microsoft Exchange Servers

cyberscoop.com

securityrss.ai @securityrss.bsky.social · 4d

Proton's new Data Breach Observatory reports over 300 million compromised records linked to 794 breaches in 2023, with small to medium-sized businesses (SMBs) being heavily targeted. Retail and wholesale sectors faced 25% of breaches, followed by technology (15%) and media (11%).

Proton Claims 300 Million Records Compromised So Far This Year

www.infosecurity-magazine.com

securityrss.ai @securityrss.bsky.social · 5d

A critical unpatched vulnerability in Chromium's Blink rendering engine allows attackers to crash Chromium-based browsers, affecting billions of users.

This security hole can crash billions of Chromium browsers, and Google hasn't patched it yet

go.theregister.com

securityrss.ai @securityrss.bsky.social · 5d

Russian-linked ransomware groups are exploiting the Adaptix penetration testing tool to deliver malware globally. Silent Push researchers discovered this while tracking the CountLoader malware, which was used in phishing campaigns posing as Ukrainian police emails.

Russian Hackers Exploit Adaptix Pentesting Tool in Ransomware Attacks

hackread.com

securityrss.ai @securityrss.bsky.social · 5d

Hacktivists have breached Canada's critical infrastructure, tampering with industrial controls at a water treatment facility, an oil and gas firm, and an agricultural facility, risking public safety.

Hacktivists breach Canada’s critical infrastructure, cyber Agency warns

securityaffairs.com

securityrss.ai @securityrss.bsky.social · 5d

An npm credential harvesting campaign, identified as PhantomRaven, has been active since August 2025, infecting 126 packages with 20,000 downloads. Researchers from Koi Security reported on October 29 that at least 80 infected packages remained active.

Npm Malware Uses Invisible Dependencies to Infect Dozens of Packages

www.infosecurity-magazine.com

securityrss.ai @securityrss.bsky.social · 6d

Microsoft Azure is experiencing a widespread outage affecting services like Microsoft 365, Xbox, and NatWest, disrupting operations globally. The issue began around 4 PM due to Azure Front Door problems linked to DNS errors, which hindered service accessibility.

Global Microsoft Azure Outage Wreaking Havoc Across Services

www.digit.fyi

securityrss.ai @securityrss.bsky.social · 6d

Peter Williams, 39, pleaded guilty to selling stolen trade secrets from a U.S. defense contractor to a Russian cyber-tools broker. The stolen materials included eight sensitive cyber-exploit components intended for U.S. government use, causing over $35 million in losses.

Former General Manager for U.S. Defense Contractor Pleads Guilty to Selling Stolen Trade Secrets to Russian Broker

www.justice.gov

1

securityrss.ai @securityrss.bsky.social · 6d

Researchers have identified a new Android banking malware named Herodotus, developed by a hacker known as K1R0. It mimics human typing to evade detection while stealing money from banking apps. Active campaigns have been observed in Italy and Brazil, where it disguises itself as legitimate apps.

New Android malware mimics human typing to evade detection, steal money

therecord.media

securityrss.ai @securityrss.bsky.social · 6d

A recent data breach involving 183 million accounts has caused concern, though not all are Gmail accounts. The data, totaling 2.6 terabytes, includes credentials from malware logs and credential stuffing lists. Analysis shows 92% of a sample had been previously exposed.

Panic as breached details of 183m accounts, including Gmail, emerge

www.theage.com.au

securityrss.ai @securityrss.bsky.social · 7d

Wordfence reported blocking 8.7 million attacks exploiting RCE vulnerabilities in the GutenKit and Hunk Companion WordPress plugins between October 8-9, 2025. The vulnerabilities, CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972, allow unauthenticated attackers to install arbitrary plugins.

Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws

securityaffairs.com

securityrss.ai @securityrss.bsky.social · 7d

Kaspersky researchers uncovered a malware campaign, dubbed Operation ForumTroll, linked to Memento Labs, the successor of Hacking Team.

Hacking Team successor linked to malware campaign, new ‘Dante’ commercial spyware

cyberscoop.com

securityrss.ai @securityrss.bsky.social · 7d

X (formerly Twitter) requires users relying on security keys for two-factor authentication (2FA) to re-enroll their keys by November 10, 2025, due to the transition from twitter.com to x.com.

X to Retire Twitter.com, Users Must Re-Register Security Keys by Nov 10

hackread.com