The Hacker News

"Secure AI at scale and speed-learn the Framework in this free webinar."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 23 October 2025, 1333 UTC.

Content and Source:  "The Hacker News."

URL-- https://thehackernews.com/

Please check URL or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Secure AI at Scale and Speed — Learn the Framework in this Free Webinar

Oct 23, 2025Artificial Intelligence / Data Protection

AI is everywhere—and your company wants in. Faster products, smarter systems, fewer bottlenecks. But if you're in security, that excitement often comes with a sinking feeling. Because while everyone else is racing ahead, you're left trying to manage a growing web of AI agents you didn't create, can't fully see, and weren't designed to control. Join our upcoming webinar and learn how to make AI security work with you, not against you . The Quiet Crisis No One Talks About Did you know most companies now have 100 AI agents for every one human employee? Even more shocking? 99% of those AI identities are completely unmanaged. No oversight. No lifecycle controls. And every one of them could be a backdoor waiting to happen. It's not your fault. Traditional tools weren't built for this new AI world. But the risks are real—and growing. Let's Change That. Together. In our free webinar, " Turning Controls into Accelerators of AI Adoption ," we'll help you flip the script. Th...

ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More

Oct 23, 2025Cybersecurity / Hacking News

Criminals don't need to be clever all the time; they just follow the easiest path in: trick users, exploit stale components, or abuse trusted systems like OAuth and package registries. If your stack or habits make any of those easy, you're already a target. This week's ThreatsDay highlights show exactly how those weak points are being exploited — from overlooked misconfigurations to sophisticated new attack chains that turn ordinary tools into powerful entry points. Lumma Stealer Stumbles After Doxxing Drama Decline in Lumma Stealer Activity After Doxxing Campaign The activity of the Lumma Stealer (aka Water Kurita) information stealer has witnessed a "sudden drop" since last months after the identities of five alleged core group members were exposed as part of what's said to be an aggressive underground exposure campaign dubbed Lumma Rats since late August 2025. The targeted individuals are affiliated with the malware's development and administ...

Why Organizations Are Abandoning Static Secrets for Managed Identities

Oct 23, 2025DevOps / Data Protection

As machine identities explode across cloud environments, enterprises report dramatic productivity gains from eliminating static credentials. And only legacy systems remain the weak link. For decades, organizations have relied on static secrets, such as API keys, passwords, and tokens, as unique identifiers for workloads. While this approach provides clear traceability, it creates what security researchers describe as an "operational nightmare" of manual lifecycle management, rotation schedules, and constant credential leakage risks. This challenge has traditionally driven organizations toward centralized secret management solutions like HashiCorp Vault or CyberArk, which provide universal brokers for secrets across platforms. However, these approaches perpetuate the fundamental problem: the proliferation of static secrets requiring careful management and rotation. "Having a workload in Azure that needs to read data from AWS S3 is not ideal from a security perspective...

CISO Best Practices Cheat Sheet: Cloud Edition

WizCloud Security / Automation

Whether you're inheriting a cloud program, scaling multi-cloud or aligning with board goals, this cheat sheet helps drive measurable outcomes with proven frameworks & 90-day steps.

"Jingle Thief" Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards

Oct 23, 2025Financial Crime / Cloud Security

Cybersecurity researchers have shed light on a cybercriminal group called Jingle Thief that has been observed targeting cloud environments associated with organizations in the retail and consumer services sectors for gift card fraud. "Jingle Thief attackers use phishing and smishing to steal credentials, to compromise organizations that issue gift cards," Palo Alto Networks Unit 42 researchers Stav Setty and Shachar Roitman said in a Wednesday analysis. "Once they gain access to an organization, they pursue the type and level of access needed to issue unauthorized gift cards." The end goal of these efforts is to leverage the issued gift cards for monetary gain by likely reselling them on gray markets. Gift cards make for a lucrative choice as they can be easily redeemed with minimal personal information and are difficult to trace, making it harder for defenders to investigate the fraud. The name Jingle Thief is a nod to the threat actor's pattern of conduc...

Over 250 Magento Stores Hit Overnight as Hackers Exploit New Adobe Commerce Flaw

Oct 23, 2025Data Breach / Vulnerability

E-commerce security company Sansec has warned that threat actors have begun to exploit a recently disclosed security vulnerability in Adobe Commerce and Magento Open Source platforms, with more than 250 attack attempts recorded against multiple stores over the past 24 hours. The vulnerability in question is CVE-2025-54236 (CVSS score: 9.1), a critical improper input validation flaw that could be abused to take over customer accounts in Adobe Commerce through the Commerce REST API. Also known as SessionReaper, it was addressed by Adobe last month. A security researcher who goes by the name Blaklis is credited with the discovery and responsible disclosure of CVE-2025-54236. The Dutch company said that 62% of Magento stores remain vulnerable to the security flaw six weeks after public disclosure, urging website administrators to apply the patches as soon as possible before broader exploitation activity picks up. The attacks have originated from the following IP addresses, with un...

Keeper Security recognized in the 2025 Gartner® Magic Quadrant™ for PAM

Keeper SecurityPassword Security / Threat Detection

Access the full Magic Quadrant report and see how KeeperPAM compares to other leading PAM platforms.

Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks, CISA Confirms

Oct 23, 2025Vulnerability / Threat Intelligence

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Motex Lanscope Endpoint Manager to its Known Exploited Vulnerabilities ( KEV ) catalog, stating it has been actively exploited in the wild. The vulnerability, CVE-2025-61932 (CVSS v4 score: 9.3), impacts on-premises versions of Lanscope Endpoint Manager, specifically Client program and Detection Agent, and could allow attackers to execute arbitrary code on susceptible systems. "Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability, allowing an attacker to execute arbitrary code by sending specially crafted packets," CISA said. The flaw impacts versions 9.4.7.1 and earlier. It has been addressed in the versions below - 9.3.2.7 9.3.3.9 9.4.0.5 9.4.1.5 9.4.2.6 9.4.3.8 9.4.4.6 9.4.5.4 9.4.6.3, and 9.4.7.3 It's currently not known how the vulnerability is being exploited in rea...

Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign

Oct 22, 2025Malware / Cyber Espionage

The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities. The end goal of the campaign is to infiltrate high-value targets and facilitate intelligence gathering, Singaporean cybersecurity company Group-IB said in a technical report published today. More than three-fourths of the campaign's targets include embassies, diplomatic missions, foreign affairs ministries, and consulates, followed by international organizations and telecommunications firms. "MuddyWater accessed the compromised mailbox through NordVPN (a legitimate service abused by the threat actor), and used it to send phishing emails that appeared to be authentic correspondence," said security researchers Mahmoud Zohdy and Mansour Alhmoud. "By exploiting the trust a...

Ukraine Aid Groups Targeted Through Fake Zoom Meetings and Weaponized PDF Files

Oct 22, 2025Cybersecurity / Malware

Cybersecurity researchers have disclosed details of a coordinated spear-phishing campaign dubbed PhantomCaptcha targeting organizations associated with Ukraine's war relief efforts to deliver a remote access trojan that uses a WebSocket for command-and-control (C2). The activity, which took place on October 8, 2025, targeted individual members of the International Red Cross, Norwegian Refugee Council, United Nations Children's Fund (UNICEF) Ukraine office, Norwegian Refugee Council, Council of Europe's Register of Damage for Ukraine, and Ukrainian regional government administrations in the Donetsk, Dnipropetrovsk, Poltava, and Mikolaevsk regions, SentinelOne said in a new report published today. The phishing emails have been found to impersonate the Ukrainian President's Office, carrying a booby-trapped PDF document that contains an embedded link, which, when clicked, redirects victims to a fake Zoom site ("zoomconference[.]app") and tricks them into runn...

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch

Oct 22, 2025Cyber Espionage / Vulnerability

Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025. Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., as well as likely a state technology agency in an African country, a government department in the Middle East, and a finance company in a European country. According to Broadcom's Symantec Threat Hunter Team, the attacks involved the exploitation of CVE-2025-53770 , a now-patched security flaw in on-premise SharePoint servers that could be used to bypass authentication and achieve remote code execution. CVE-2025-53770, assessed to be a patch bypass for CVE-2025-49704 and CVE-2025-49706, has been weaponized as a zero-day by three Chinese threat groups , including Linen Typhoon (aka Budworm), Violet Typhoon (aka Sheathminer)...

Bridging the Remediation Gap: Introducing Pentera Resolve

Oct 22, 2025Security Validation / Incident Response

From Detection to Resolution: Why the Gap Persists A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels, metadata, and context. What's missing is a system of action. How do you transition from the detection and identification of a security issue to remediation and resolution? The Continuous Threat Exposure Management (CTEM) framework was introduced to help organizations address this challenge, calling for a repeatable approach to scoping, discovery, validation, and ultimately, the mobilization of remediation efforts. The goal is not just to identify risk, but to act on it, continuously and at scale. In most environments, that mobilization happens, but it relies on manual processes. Findings remain fragmented across tools, each with its own format, language, and logic. The responsibility to ...

Fake Nethereum NuGet Package Used Homoglyph Trick to Steal Crypto Wallet Keys

Oct 22, 2025Cryptocurrency / Software Integrity

Cybersecurity researchers have uncovered a new supply chain attack targeting the NuGet package manager with malicious typosquats of Nethereum , a popular Ethereum .NET integration platform, to steal victims' cryptocurrency wallet keys. The package, Netherеum.All , has been found to harbor functionality to decode a command-and-control (C2) endpoint and exfiltrate mnemonic phrases, private keys, and keystore data, according to security company Socket. The library was uploaded by a user named " nethereumgroup " on October 16, 2025. It was taken down from NuGet for violating the service's Terms of Use four days later. What's notable about the NuGet package is that it swaps the last occurrence of the letter "e" with the Cyrillic homoglyph "e" (U+0435) to fool unsuspecting developers into downloading it. In a further attempt to increase the credibility of the package, the threat actors have resorted to artificially inflating the download counts...

Why You Should Swap Passwords for Passphrases

Oct 22, 2025Data Breach / Enterprise Security

The advice didn't change for decades: use complex passwords with uppercase, lowercase, numbers, and symbols. The idea is to make passwords harder for hackers to crack via brute force methods. But more recent guidance shows our focus should be on password length, rather than complexity. Length is the more important security factor, and passphrases are the simplest way to get your users to create (and remember!) longer passwords. The math that matters When attackers steal password hashes from a breach, they brute-force by hashing millions of guesses per second until something matches. The time this takes depends on one thing: how many possible combinations exist. A traditional 8-character "complex" password (P@ssw0rd!) offers roughly 218 trillion combinations. Sounds impressive until you realize modern GPU setups can test those combinations in months, not years. Increase that to 16 characters using only lowercase letters, and you're looking at 26^16 combinations,...