News – October 2025

October 15, 2025

In cybersecurity, we often say that attackers only need to be right once – and defenders need to be right every time. Traditionally, we’ve focused on perimeter breaches, phishing campaigns, and zero-day exploits. But increasingly, attackers are bypassing these hardened defenses and taking a different route: persuading someone on the inside to hand over the keys. ...

October 15, 2025

The UK’s data watchdog has fined outsourcing firm Capita £14m after the personal data of 6.6 million people was stolen in a cyber-attack. The Information Commissioner’s Office (ICO) said Capita “failed to ensure the security of processing of personal data which left it at significant risk”. The fine was originally set at £45m but reduced after ...

October 15, 2025

A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It targets mainly Brazilians and uses Portuguese-named URLs. To evade detection, the command-and-control (C2) server verifies each download to ensure it originates from the malware itself. The whole infection chain is complex and fully fileless, and by the end, it will ...

October 15, 2025

TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices. The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older ...

October 14, 2025

Security researchers have discovered that as many as half of all geostationary satellites in Earth’s orbit are carrying unencrypted sensitive consumer, corporate, and military information, making this data wide open to eavesdropping. The researchers at UC San Diego and the University of Maryland spent $800 on an off-the-shelf satellite receiver and pointed it at the sky ...

October 14, 2025

Vietnam Airlines has confirmed that some customers’ personal information, including full names, email addresses and phone numbers, was exposed in a recent data breach linked to its technology partner’s online customer service platform. In an email sent to customers on Oct. 14, the national carrier said it was alerted after hackers uploaded 23 million customer records ...

October 14, 2025

Harvard is investigating a data breach after a Russian-speaking cybercrime organization claimed it was preparing to release information stolen through a vulnerability in a software suite used by the University. Clop, an organization that extorts payments from companies to prevent the release of stolen data, announced the breach on its leak site Saturday. The alleged breach ...

October 13, 2025

The private phone numbers of some Australia’s most high-profile politicians and businesspeople have been leaked online, including those of the prime minister and Opposition leader. A third-party website is reportedly using artificial intelligence to trawl through other sites like LinkedIn, lifting the personal details of politicians. The site boasts to have the personal phone numbers and ...

October 13, 2025

The Dutch government has granted itself the power to intervene in company decisions at Dutch-based Chinese-owned chipmaker Nexperia. The highly unusual step, announced late Sunday, grants the country the power to “halt and reverse” company decisions — meaning Nexperia cannot transfer assets or hire executives without Dutch government approval, according to national media. The move is ...

October 12, 2025

Australia’s Qantas Airways said on Sunday that it was one of the companies whose customer data had been published by cybercriminals after it was stolen by a hacker in a July breach of a database containing the personal information of the airline’s customers. The airline said in July that more than a million customers had sensitive ...