Breaking News – Cyber Threats (last 6h)
Generated: 2025-10-27 13:00 PDT
- Infocon: green
SANS ISC Diary (full) • 2025-10-27 12:55 • isc.sans.edu
Bytes over DNS
https://isc.sans.edu/diary.html?rss - X: Re-enroll 2FA security keys by November 10 or get locked out
BleepingComputer • 2025-10-27 12:36 • www.bleepingcomputer.com
X is warning that users must re-enroll their security keys or passkeys for two-factor authentication (2FA) before November 10 or they will be locked out of their accounts until they do so. […]
https://www.bleepingcomputer.com/news/security/x-re-enroll-2fa-security-keys-by-november-10-or-get-locked-out/ - Ransomware profits drop as victims stop paying hackers
BleepingComputer • 2025-10-27 12:22 • www.bleepingcomputer.com
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers’ demands. […]
https://www.bleepingcomputer.com/news/security/ransomware-profits-drop-as-victims-stop-paying-hackers/ - Windows will soon prompt for memory scans after BSOD crashes
BleepingComputer • 2025-10-27 11:36 • www.bleepingcomputer.com
Microsoft has started testing a new feature that prompts Windows 11 users to run a memory scan when logging in after a blue screen of death (BSOD). […]
https://www.bleepingcomputer.com/news/microsoft/windows-will-soon-prompt-for-memory-scans-after-bsod-crashes/ - QNAP warns of critical ASP.NET flaw in its Windows backup software
BleepingComputer • 2025-10-27 09:55 • www.bleepingcomputer.com
QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company’s NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. […]
https://www.bleepingcomputer.com/news/security/qnap-warns-its-windows-backup-software-is-also-affected-by-critical-aspnet-flaw/ - Italian spyware vendor linked to Chrome zero-day attacks
BleepingComputer • 2025-10-27 09:37 • www.bleepingcomputer.com
A zero-day vulnerability in Google Chrome exploited in Operation ForumTroll earlier this year delivered malware linked to Italian spyware vendor Memento Labs, born after IntheCyber Group acquired the infamous Hacking Team. […]
https://www.bleepingcomputer.com/news/security/italian-spyware-vendor-linked-to-chrome-zero-day-attacks/ - X Warns Users With Security Keys to Re-Enroll Before November 10 to Avoid Lockouts
The Hacker News • 2025-10-27 09:12 • thehackernews.com
Social media platform X is urging users who have enrolled for two-factor authentication (2FA) using passkeys and hardware security keys like Yubikeys to re-enroll their key to ensure continued access to the service.
To that end, users are being asked to complete the re-enrollment, either using their existing security key or enrolling a new one, by November 10, 2025.
“After November 10, if you
https://thehackernews.com/2025/10/x-warns-users-with-security-keys-to-re.html - Google says everyone will be able to vibe code video games
BleepingComputer • 2025-10-27 08:59 • www.bleepingcomputer.com
Google AI Studio product lead teased that everyone will be able to vibe code video games by the end of the year. […]
https://www.bleepingcomputer.com/news/google/google-says-everyone-will-be-able-to-vibe-code-video-games/ - Microsoft: New policy removes pre-installed Microsoft Store apps
BleepingComputer • 2025-10-27 08:13 • www.bleepingcomputer.com
Microsoft now allows IT administrators to remove pre-installed Microsoft Store apps (also known as in-box apps) using a new app management policy. […]
https://www.bleepingcomputer.com/news/microsoft/microsoft-now-lets-admins-remove-pre-installed-microsoft-store-apps-via-policy/ - Louvre Jewel Heist
Schneier on Security • 2025-10-27 08:03 • www.schneier.comI assume I don’t have to explain last week’s Louvre jewel heist. I love a good caper, and have (like many others) eagerly followed the details. An electric ladder to a second-floor window, an angle grinder to get into the room and the display cases, security guards there more to protect patrons …
https://www.schneier.com/blog/archives/2025/10/louvre-jewel-heist.html - New ChatGPT Atlas Browser Exploit Lets Attackers Plant Persistent Hidden Commands
The Hacker News • 2025-10-27 07:31 • thehackernews.com
Cybersecurity researchers have discovered a new vulnerability in OpenAI’s ChatGPT Atlas web browser that could allow malicious actors to inject nefarious instructions into the artificial intelligence (AI)-powered assistant’s memory and run arbitrary code.
“This exploit can allow attackers to infect systems with malicious code, grant themselves access privileges, or deploy malware,” LayerX
https://thehackernews.com/2025/10/new-chatgpt-atlas-browser-exploit-lets.html - The State of Exposure Management in 2025: Insights From 3,000+ Organizations
BleepingComputer • 2025-10-27 07:01 • www.bleepingcomputer.com
Attackers are using AI to weaponize old vulnerabilities while security teams face expanding attack surfaces and limited resources. Intruder’s 2025 Exposure Management Index reveals how 3,000+ organizations are adapting and fixing critical flaws faster than ever. […]
https://www.bleepingcomputer.com/news/security/the-state-of-exposure-management-in-2025-insights-from-3-000-plus-organizations/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
