News – October 2025


  • Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users

    October 3, 2025

    Trend Research is currently investigating an aggressive malware campaign that leverages online instant messaging platform WhatsApp as its primary infection vector. Unlike traditional attacks focused on theft or ransomware, this campaign is engineered for speed and propagation, abusing social trust and automation to spread among Windows users. Trend Research analysis identifies the campaign as SORVEPOTEL, and ...

  • UK: Renault and Dacia customer data stolen in third party cyber attack

    October 2, 2025

    Renault has become the most recent victim of a cyber attack. Customers of the French firm and its sister brand Dacia have been warned that their personal data, including postal addresses and emails, has been stolen by hackers. In an email sent out to customers, Renault said: “We are very sorry to inform you about a ...

  • Confucius Espionage: From Stealer to Backdoor

    October 2, 2025

    The Confucius group is a long-running cyber-espionage actor operating primarily across South Asia. First identified in 2013, the group is believed to have links to state-sponsored operations in the region. Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries—especially in Pakistan—using spear-phishing and malicious documents as initial access ...

  • Red Hat confirms major data breach after hackers claim mega haul

    October 2, 2025

    Red Hat has confirmed suffering a potentially serious data breach, but the company said it was not able to verify hacker claims of stolen customer secrets. A hacking group called Crimson Collective claims to have accessed Red Hat’s private GitHub repositories, and exfiltrated approximately 570GB of different files from 28,000 internal projects. Among the files were ...

  • US Air Force admits SharePoint privacy issue as reports trickle out of possible breach

    October 1, 2025

    The US Air Force is reportedly investigating a potential data breach caused by a Microsoft SharePoint issue. A report from The Register revealed the Air Force Personnel Center Directorate of Technology and Information issued a data breach notification shared on social media. “This message is to inform you of a critical Personally Identifiable Information (PII) and ...

  • UK government tries again to access encrypted Apple customer data

    October 1, 2025

    The U.K. government is still trying to gain access to encrypted iCloud data, according to the Financial Times, after British officials allegedly filed a new secret order demanding Apple build a backdoor. On Wednesday, the British newspaper reported that the U.K. Home Office sent an order to Apple earlier in September requesting that the tech giant ...

  • Forensic journey: hunting evil within AmCache

    October 1, 2025

    When it comes to digital forensics, AmCache plays a vital role in identifying malicious activities in Windows systems. This artifact allows the identification of the execution of both benign and malicious software on a machine. It is managed by the operating system, and at the time of writing this article, there is no known way to ...

  • This new phishing kit turns PDF files into malware

    October 1, 2025

    A new PDF phishing kit is being sold on the dark web, promising customers advanced features, a simple interface, and competitive pricing, experts have warned. Security researchers from Varonis spotted MatrixPDF, an advanced solution being advertised as a legitimate tool, despite being circulated around the dark web. Its full name is MatrixPDF: Document Builder – Advanced ...

  • Data breach at Canadian airline WestJet affects 1.2M passengers

    October 1, 2025

    Canada’s second largest airline WestJet said the personal information of 1.2 million passengers was stolen in a cyberattack and data breach earlier this year. The airline disclosed the number of affected passengers in a filing with Maine’s attorney general, which confirmed 240 residents in the state were also affected. According to the notice, the stolen data ...

  • UK Government Wants to Keep $7 Billion in Stolen Bitcoin It Has Seized

    October 1, 2025

    The U.K. Government is seeking to keep most of the $7 billion in Bitcoin it seized in connection with a Chinese investment fraud, following the conviction of the fraud’s alleged organizer this week. Zhimin Qian pleaded guilty on counts of possessing and transferring criminal property at Southwark Crown Court on Monday, following last year’s conviction of ...