Issues

Ransomware Profits Drop as Victims Stop Paying Hackers

,

Ransomware payments have dropped to 23% among breached companies, marking a continuous decline. Enhanced security and pressure from authorities are cited as reasons for this trend. As ransomware groups shift focus from encryption to data theft, newer attacks show only a 19% payment rate when data is stolen without encryption. Average ransom payments decreased to $377,000. Targeting mid-sized firms increases as larger companies fortify defenses. Cyber attackers may pivot to social engineering to gain access as profits dwindle.

https://www.bleepingcomputer.com/news/security/ransomware-profits-drop-as-victims-stop-paying-hackers/

Compromised YouTube Accounts Distribute Infostealer Malware

A large-scale malware campaign called the “YouTube Ghost Network” exploited over 3,000 malicious YouTube videos, hosted on fake or compromised accounts, to distribute infostealers targeting users seeking pirated software or game hacks. The top targets were Adobe and FL Studio products, with videos guiding users to download files from third-party sites and often to disable Windows Defender. The operation relied on a structure that quickly replaced banned accounts and faked user trust with positive comments. Main infostealers included Lumma, Rhadamanthys, StealC, and Redline. The report highlights the risks of using cracked software and notes the increasing sophistication of such attacks on popular platforms.

https://thecyberexpress.com/compromised-youtube-accounts-infostealer-malware/

US to Attend UN Cybercrime Treaty Signing in Hanoi Despite Industry Concerns

US to attend UN cybercrime treaty signing in Hanoi despite industry and human rights concerns. The treaty, adopted after five years amid backlash, aims to improve international cooperation on cybercrime but raises fears over electronic surveillance and human rights violations. Approximately 30-36 countries may sign, while critics warn it could facilitate digital repression. The US, previously opposed, now supports the treaty for potential reforms, although concerns about its implications persist.

https://therecord.media/cybercrime-treaty-signing-hanoi

LockBit Returns — and It Already Has Victims

LockBit ransomware has resurfaced, targeting organizations globally with a new variant, LockBit 5.0. This group, previously disrupted in early 2024, has resumed operations, exploiting vulnerabilities across Windows, Linux, and ESXi systems. With enhanced evasion techniques, faster encryption, and multi-platform support, it poses a renewed threat to businesses.

https://blog.checkpoint.com/research/lockbit-returns-and-it-already-has-victims/

AI Agent Phishing: Proofpoint’s New Defense

,

AI agents are now targets for email phishing, with cybercriminals exploiting prompts in emails to manipulate AI responses. Proofpoint introduced new AI defense tools to scan potential threats before they reach inboxes, enhancing email security. Traditional methods focus on known threats but fail against sophisticated attacks targeting AI systems. Proofpoint's real-time scanning aims to prevent AI exploitation pre-delivery by using refined detection models. The evolution of security must adapt to address these new risks as AI becomes more integrated into enterprise systems.

https://spectrum.ieee.org/ai-agent-phishing

OpenAI CISO Admits They Have Become the Theranos of AI

OpenAI's CISO, Dane Stuckey, admits their new browser has unresolved security vulnerabilities that could be exploited to steal user data, echoing dubious practices reminiscent of Theranos. Stuckey, previously from Palantir, seems more focused on satisfying government contracts than ensuring product security. His admission highlights reliance on users for security, suggesting a business model based on shipping flawed products and responding to breaches reactively. This strategy, while potentially beneficial for state actors, poses significant risks, including compromised user credentials and data exfiltration from vital systems. The practice raises ethical concerns reminiscent of past corporate negligence, suggesting intentional harm for profit.

https://www.flyingpenguin.com/?p=73411

Sneaky Mermaid Attack in Microsoft 365 Copilot Steals Data

, ,

Microsoft fixed a security vulnerability in Microsoft 365 Copilot that allowed data theft through indirect prompt injection attacks. A researcher discovered the flaw leveraging Mermaid diagrams, enabling sensitive email data to be exfiltrated. Microsoft confirmed the patch but did not award the researcher a bug bounty since Copilot is not eligible for their reward program.

https://www.theregister.com/2025/10/24/m365_copilot_mermaid_indirect_prompt_injection/

Is AI Moving Faster Than Its Safety Net?

AI development is rapidly outpacing safety measures, raising concerns about privacy and security. Experts warn that as AI improves, it risks bypassing human control due to unintended consequences, like misusing private data. AI browsers pose additional threats, as they can be easily manipulated to follow harmful commands. Scammers exploit this by creating fake AI interfaces that deceive users into sharing sensitive information. Consumers should remain cautious, question new technologies, and prioritize safety over speed.

https://www.malwarebytes.com/blog/news/2025/10/is-ai-moving-faster-than-its-safety-net

Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation

Smishing Triad linked to over 194,000 malicious domains in a global phishing scheme since January 2024, targeting various services. The group, based in China, scams users with fake notifications, generating over $1 billion in three years. Their infrastructure uses U.S. cloud services, registering many disposable domains to evade detection. These campaigns increasingly target brokerage accounts, manipulating stock prices under the “phishing-as-a-service” model, employing a network of developers and spammers.

https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html

Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287

, ,

Microsoft released an out-of-band security update for a critical remote code execution vulnerability (CVE-2025-59287) affecting Windows Server Update Service. CISA urges organizations to identify vulnerable servers, apply the update, and reboot. If immediate application isn't possible, disable WSUS or block ports 8530/8531. The vulnerability is now in CISA's Known Exploited Vulnerabilities Catalog. Report incidents to CISA's Operations Center.

https://www.cisa.gov/news-events/alerts/2025/10/24/microsoft-releases-out-band-security-update-mitigate-windows-server-update-service-vulnerability-cve

A Single DNS Race Condition Brought AWS to Its Knees

,

A race condition in Amazon's DynamoDB DNS management caused a major outage, disrupting services and estimated damage in the hundreds of billions. The error began on October 19, 2025, when the system left an empty DNS record due to a timing conflict between DNS planners and enactors. This led to widespread failures, impacting EC2 launches and other AWS services. Amazon has suspended the affected automation until fixes are implemented.

https://www.theregister.com/2025/10/23/amazon_outage_postmortem/

Summary of the Amazon DynamoDB Service Disruption in the Northern Virginia (US-EAST-1) Region

,

DynamoDB Incident Summary (Oct 19-20, 2025): Service disruption occurred in N. Virginia (us-east-1) due to DNS failures affecting API, EC2, NLB, and other services. Latent defect in DNS management led to failed connections and increased errors across multiple AWS services. Recovery actions taken included engineering interventions and system restarts, with full services restored by Oct 20. Improvements planned to prevent recurrence and enhance reliability.

https://aws.amazon.com/message/101925/

Spoofed AI Sidebars Can Trick Atlas, Comet Users Into Dangerous Actions

, ,

Security Vulnerability in AI Browsers: OpenAI's Atlas and Perplexity's Comet browsers are susceptible to AI sidebar spoofing attacks, allowing hackers to deceive users into executing harmful instructions. Researchers from SquareX demonstrated that malicious extensions can overlay a fake AI sidebar, leading users to phishing sites, compromising Google accounts, or executing harmful commands. Users are advised to restrict sensitive activities on these browsers due to their current security weaknesses.

https://www.bleepingcomputer.com/news/security/spoofed-ai-sidebars-can-trick-atlas-comet-users-into-dangerous-actions/

Kristi Noem Pledged to Boost the Nation’s Cybersecurity. She Gutted It Instead.

Homeland Security Secretary Kristi Noem's substantial cuts to the Cybersecurity and Infrastructure Security Agency have raised concerns about U.S. cyber defenses, particularly as threats from adversaries like China and Russia increase. While Noem claims to prioritize cybersecurity, her actions—such as staffing reductions and funding cuts for election security—reflect the opposite. Critics argue that this undermines CISA's effectiveness and diminishes the nation's ability to protect critical infrastructure. CISA is currently under-resourced and lacks a Senate-confirmed leader amidst escalating cyber threats.

https://www.politico.com/news/2025/10/23/kristi-noem-cybersecurity-strategy-concerns-cisa-00619108

Scroll to Top