Categories AI Security Highlights Industry & Tools

Cyber Threat Weekly – Week of 2025-10-20

  • By Report Bot
  • Estimated read time 17 min read
  • October 20, 2025

Cyber Threat Weekly – Week of 2025-10-20

This week’s roundup tracks 0 vulnerability items and 17 ransomware/malware stories, alongside 10 law-enforcement actions, 6 policy updates, and 43 AI security notes. Headlines include “Major blow to billion-euro glass eel trafficking networks” and “17 suspected human traffickers arrested in Albania and Colombia.” All timestamps below are shown in Pacific Time.

 

Japanese retailer Askul halts online orders, shipments after ransomware attack

 

Judge bars NSO from targeting WhatsApp users with spyware, reduces damages in landmark case

 

China claims it caught US attempting cyberattack on national time center

 

Home security firm Verisure reports data breach at Swedish subsidiary

 

Evilginx’s creator reckons with the dark side of red-team tools

 

Top Highlights

Major blow to billion-euro glass eel trafficking networks

2025-10-20 11:10 AM PT

The latest iteration of Operation LAKE, which ran from October 2024 to June 2025, uncovered large-scale trafficking networks and disrupted the flow of live eels destined for illegal farms in Asia.The operation led to:16,131 inspections carried out across Europe26 arrests22 tonnes of glass eels seizedOrganised crime at the heart of traffickingInvestigations revealed that several organised crime groups were driving the…

17 suspected human traffickers arrested in Albania and Colombia

2025-10-20 11:10 AM PT

17 suspected human traffickers arrested in Albania and Colombia. The criminal network is believed to have sexually exploited over 50 victims in Albania and Croatia, trafficked from South America to Europe.

Europol conference warns: cybercrime fight hinges on access to data

2025-10-20 11:10 AM PT

Criminals are exploiting encryption, anonymisation and emerging technologies faster than regulators and law enforcement can respond – making access to data the decisive challenge in the fight against cybercrime. This was the warning sounded at Europol’s 4th Annual Cybercrime Conference this week.

Counterfeit and substandard food worth EUR 95 million seized in global operation

2025-10-20 11:10 AM PT

Europol, OLAF, DG SANTE and 31 countries across Europe and beyond, together with food and beverage producers from the private sector, joined forces in the fourteenth edition of Operation OPSON. This yearly effort targets the criminals behind counterfeit and substandard food and beverages. Law enforcement, customs and food regulatory agencies seized 259 012 packages, 1 416 168 litres of beverages and 11 566 958 kilograms of food, including meat and seafood.

Luxury hybrid car thieves taken down in Belgium, Italy and Spain

2025-10-20 11:10 AM PT

A highly specialised organised crime network responsible for the theft of more than 100 luxury hybrid cars has been dismantled in an international operation led by the Italian Carabinieri with support from Europol and Eurojust. The estimated value of all stolen cars is of at least EUR 3 million.

Five central suspects arrested in whole-sale cocaine trafficking case

2025-10-20 11:10 AM PT

Between 1 and 2 October, the Colombian Police (Policia Nacional de Colombia) and the Spanish Guardia Civil, supported by Europol, targeted five key suspects, linked to the so-called Clan del Golfo, allegedly responsible for whole-sale cocaine trafficking operations from South America to Europe. In particular, the criminal network oversaw first-hand the production, transportation and distribution of cocaine throughout the entire logistics chains. To support field activities on the action day, Europol deployed two experts to Colombia and Spain.

Ransomware & Malware

Law Enforcement

  • Major blow to billion-euro glass eel trafficking networks

    2025-10-20 11:10 AM PT
    The latest iteration of Operation LAKE, which ran from October 2024 to June 2025, uncovered large-scale trafficking networks and disrupted the flow of live eels destined for illegal farms in Asia.The operation led to:16,131 inspections carried out across Europe26 arrests22 tonnes of glass eels seizedOrganised crime at the heart of traffickingInvestigations revealed that several organised crime groups were driving the…
  • 17 suspected human traffickers arrested in Albania and Colombia

    2025-10-20 11:10 AM PT
    17 suspected human traffickers arrested in Albania and Colombia. The criminal network is believed to have sexually exploited over 50 victims in Albania and Croatia, trafficked from South America to Europe.
  • Europol conference warns: cybercrime fight hinges on access to data

    2025-10-20 11:10 AM PT
    Criminals are exploiting encryption, anonymisation and emerging technologies faster than regulators and law enforcement can respond – making access to data the decisive challenge in the fight against cybercrime. This was the warning sounded at Europol’s 4th Annual Cybercrime Conference this week.
  • Counterfeit and substandard food worth EUR 95 million seized in global operation

    2025-10-20 11:10 AM PT
    Europol, OLAF, DG SANTE and 31 countries across Europe and beyond, together with food and beverage producers from the private sector, joined forces in the fourteenth edition of Operation OPSON. This yearly effort targets the criminals behind counterfeit and substandard food and beverages. Law enforcement, customs and food regulatory agencies seized 259 012 packages, 1 416 168 litres of beverages and 11 566 958 kilograms of food, including meat and seafood.
  • Luxury hybrid car thieves taken down in Belgium, Italy and Spain

    2025-10-20 11:10 AM PT
    A highly specialised organised crime network responsible for the theft of more than 100 luxury hybrid cars has been dismantled in an international operation led by the Italian Carabinieri with support from Europol and Eurojust. The estimated value of all stolen cars is of at least EUR 3 million.
  • Five central suspects arrested in whole-sale cocaine trafficking case

    2025-10-20 11:10 AM PT
    Between 1 and 2 October, the Colombian Police (Policia Nacional de Colombia) and the Spanish Guardia Civil, supported by Europol, targeted five key suspects, linked to the so-called Clan del Golfo, allegedly responsible for whole-sale cocaine trafficking operations from South America to Europe. In particular, the criminal network oversaw first-hand the production, transportation and distribution of cocaine throughout the entire logistics chains. To support field activities on the action day, Europol deployed two experts to Colombia and Spain.
  • Europol welcomes the European Investment Bank to its secure information exchange network

    2025-10-20 11:10 AM PT
    The European Investment Bank (EIB) has today joined Europol’s Secure Information Exchange Network Application (SIENA), marking a new step in the cooperation between the two institutions to protect the EU’s financial interests and combat serious crime.
  • Over 30 potential victims identified in action against human trafficking enabled online

    2025-10-20 11:10 AM PT
    From 15 to 19 September 2025, Europol supported the fourth edition of the EMPACT Trafficking in Human Beings (THB) Hackathon, an action week against human trafficking enabled online. It was led by Dutch authorities, with the support of Germany and the United Kingdom, and brought together 73 specialists from 26 countries across the world. Eurojust also participated in the action.

Policy & Compliance

  • CISA Adds Five Known Exploited Vulnerabilities to Catalog

    2025-10-20 05:00 AM PT
    <p>CISA has added five new vulnerabilities to its <a class=”Hyperlink SCXW224554940 BCX8″ href=”https://www.cisa.gov/known-exploited-vulnerabilities-catalog” rel=”noreferrer noopener” target=”_blank” title=”Known Exploited Vulnerabilities (KEV) Catalog”><u>Known Exploited Vulnerabilities (KEV) Catalog</u></a>, based on evidence of active exploitation.</p> <ul> <li> <div class=”ListContainerWrapper SCXW137113736 BCX8″> <p><a class=”Hyperlink SCXW137113736 BCX8″ href=”https://www.cve.org/CVERecord?id=CVE-2022-48503″ rel=”noreferrer noopener” target=”_blank” title=”CVE-2022-48503″><u>CVE-2022-48503</u></a> Apple Multiple Products Unspecified Vul
  • CISA Releases Thirteen Industrial Control Systems Advisories

    2025-10-16 05:00 AM PT
    <p>CISA released thirteen Industrial Control Systems (ICS) advisories on October 16, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.</p> <ul> <li>ICSA-25-289-01 <a href=”https://www.cisa.gov/news-events/ics-advisories/icsa-25-289-01″ title=”Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7″>Rockwell Automation FactoryTalk View Machine Edition and PanelView Plus 7</a></li> <li>ICSA-25-289-02 <a href=”https://www.cisa.gov/news-events/ics-advisories/icsa-25-289-02″ title=”Rockwell Automation FactoryTalk Linx”>Rockwell Automation FactoryTalk Li
  • CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices

    2025-10-15 05:00 AM PT
    <p>Today, CISA issued Emergency Directive <a href=”https://www.cisa.gov/news-events/directives/ed-26-01-mitigate-vulnerabilities-f5-devices” title=”ED 26-01: Mitigate Vulnerabilities in F5 Devices”>ED 26-01: Mitigate Vulnerabilities in F5 Devices</a> to direct Federal Civilian Executive Branch agencies to inventory F5 BIG-IP products, evaluate if the networked management interfaces are accessible from the public internet, and apply newly released updates from F5. </p> <p>A nation-state affiliated cyber threat actor has compromised F5 systems and exfiltrated data, including portions of the BIG-IP proprietary source code and vulnerability infor
  • CISA Adds One Known Exploited Vulnerability to Catalog

    2025-10-15 05:00 AM PT
    <p>CISA has added one new vulnerability to its <a href=”https://www.cisa.gov/known-exploited-vulnerabilities-catalog” title=”Known Exploited Vulnerabilities (KEV) Catalog”>Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href=”https://www.cve.org/CVERecord?id=CVE-2025-54253″ target=”_blank” title=”https://www.cve.org/cverecord?id=cve-2025-54253″><u>CVE-2025-54253</u></a> Adobe Experience Manager Forms Code Execution Vulnerability</li> </ul> <p>This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. </p>
  • CISA Releases One Industrial Control Systems Advisory

    2025-10-14 05:00 AM PT
    <p>CISA released one Industrial Control Systems (ICS) advisory on October 14, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.</p> <ul> <li>ICSA-25-287-01 <a href=”https://www.cisa.gov/news-events/ics-advisories/icsa-25-287-01″ title=”Rockwell Automation 1715 EtherNet/IP Comms Module”>Rockwell Automation 1715 EtherNet/IP Comms Module</a></li> </ul> <p>CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.</p>
  • CISA Adds Five Known Exploited Vulnerabilities to Catalog

    2025-10-14 05:00 AM PT
    <p>CISA has added five new vulnerabilities to its <a href=”https://www.cisa.gov/known-exploited-vulnerabilities-catalog” title=”Known Exploited Vulnerabilities (KEV) Catalog”>Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p> <ul> <li><a href=”https://www.cve.org/CVERecord?id=CVE-2016-7836″ target=”_blank” title=”CVE-2016-7836″>CVE-2016-7836</a> SKYSEA Client View Improper Authentication Vulnerability</li> <li><a href=”https://www.cve.org/CVERecord?id=CVE-2025-6264″ target=”_blank” title=”CVE-2025-6264″>CVE-2025-6264</a> Rapid7 Velociraptor Incorrect Default Permissions Vulnerability</li> <li><a h

AI Security

  • The Role of Federated Learning in Improving Financial Security: A Survey

    2025-10-19 09:00 PM PT
    arXiv:2510.14991v1 Announce Type: new Abstract: With the growth of digital financial systems, robust security and privacy have become a concern for financial institutions. Even though traditional machine learning models have shown to be effective in fraud detections, they often compromise user data by requiring centralized access to sensitive information. In IoT-enabled financial endpoints such as ATMs and POS Systems that regularly produce sensitive data that is sent over the network. Federated Learning (FL) offers a privacy-preserving, decentralized model training across institutions without sharing raw data. FL enables cross-silo collabora
  • A Light Weight Cryptographic Solution for 6LoWPAN Protocol Stack

    2025-10-19 09:00 PM PT
    arXiv:2510.14993v1 Announce Type: new Abstract: Lightweight cryptography is an emerging field in the field of research, which endorses algorithms which are best suited for constrained environment. Design metrics like Gate Equivalence (GE), Memory Requirement, Power Consumption, and Throughput play a vital role in the applications like IoT. This paper presents the 6LoWPAN Protocol Stack which is a popular standard of communication for constrained devices. This paper presents an implementation of a lightweight 6LoWPAN Protocol stack by using a Light weight Cipher instead of regular heavy encryption cipher AES. The cipher proposed in this paper
  • VaultGemma: A Differentially Private Gemma Model

    2025-10-19 09:00 PM PT
    arXiv:2510.15001v1 Announce Type: new Abstract: We introduce VaultGemma 1B, a 1 billion parameter model within the Gemma family, fully trained with differential privacy. Pretrained on the identical data mixture used for the Gemma 2 series, VaultGemma 1B represents a significant step forward in privacy-preserving large language models. We openly release this model to the community
  • Active Honeypot Guardrail System: Probing and Confirming Multi-Turn LLM Jailbreaks

    2025-10-19 09:00 PM PT
    arXiv:2510.15017v1 Announce Type: new Abstract: Large language models (LLMs) are increasingly vulnerable to multi-turn jailbreak attacks, where adversaries iteratively elicit harmful behaviors that bypass single-turn safety filters. Existing defenses predominantly rely on passive rejection, which either fails against adaptive attackers or overly restricts benign users. We propose a honeypot-based proactive guardrail system that transforms risk avoidance into risk utilization. Our framework fine-tunes a bait model to generate ambiguous, non-actionable but semantically relevant responses, which serve as lures to probe user intent. Combined with
  • Physical Layer Deception based on Semantic Distortion

    2025-10-19 09:00 PM PT
    arXiv:2510.15063v1 Announce Type: new Abstract: Physical layer deception (PLD) is a framework we previously introduced that integrates physical layer security (PLS) with deception techniques, enabling proactive countermeasures against eavesdropping rather than relying solely on passive defense. We extend this framework to a semantic communication model and conduct a theoretical analysis using semantic distortion as the performance metric. In this work, we further investigate the receiver’s selection of decryption strategies and the transmitter’s optimization of encryption strategies. By anticipating the decryption strategy likely to be employ
  • Sequential Comics for Jailbreaking Multimodal Large Language Models via Structured Visual Storytelling

    2025-10-19 09:00 PM PT
    arXiv:2510.15068v1 Announce Type: new Abstract: Multimodal large language models (MLLMs) exhibit remarkable capabilities but remain susceptible to jailbreak attacks exploiting cross-modal vulnerabilities. In this work, we introduce a novel method that leverages sequential comic-style visual narratives to circumvent safety alignments in state-of-the-art MLLMs. Our method decomposes malicious queries into visually innocuous storytelling elements using an auxiliary LLM, generates corresponding image sequences through diffusion models, and exploits the models’ reliance on narrative coherence to elicit harmful outputs. Extensive experiments on har
  • SMOTE and Mirrors: Exposing Privacy Leakage from Synthetic Minority Oversampling

    2025-10-19 09:00 PM PT
    arXiv:2510.15083v1 Announce Type: new Abstract: The Synthetic Minority Over-sampling Technique (SMOTE) is one of the most widely used methods for addressing class imbalance and generating synthetic data. Despite its popularity, little attention has been paid to its privacy implications; yet, it is used in the wild in many privacy-sensitive applications. In this work, we conduct the first systematic study of privacy leakage in SMOTE: We begin by showing that prevailing evaluation practices, i.e., naive distinguishing and distance-to-closest-record metrics, completely fail to detect any leakage and that membership inference attacks (MIAs) can b
  • PoTS: Proof-of-Training-Steps for Backdoor Detection in Large Language Models

    2025-10-19 09:00 PM PT
    arXiv:2510.15106v1 Announce Type: new Abstract: As Large Language Models (LLMs) gain traction across critical domains, ensuring secure and trustworthy training processes has become a major concern. Backdoor attacks, where malicious actors inject hidden triggers into training data, are particularly insidious and difficult to detect. Existing post-training verification solutions like Proof-of-Learning are impractical for LLMs due to their requirement for full retraining, lack of robustness against stealthy manipulations, and inability to provide early detection during training. Early detection would significantly reduce computational costs. To

Industry & Tools

Posted: 2025-10-20 11:10 AM PT
Tags , ,

Written By

Report Bot

More From Author

Breaking News – Cyber Threats – 2025-10-25 08:00 PDT

  • October 25, 2025

Breaking News – Cyber Threats – 2025-10-25 03:00 PDT

  • October 25, 2025

Breaking News – Cyber Threats – 2025-10-24 22:00 PDT

  • October 24, 2025