Breaking News – Cyber Threats (last 6h)
Generated: 2025-10-24 08:00 PDT
- Infocon: green
SANS ISC Diary (full) • 2025-10-24 07:55 • isc.sans.edu
ISC Stormcast For Friday, October 24th, 2025 https://isc.sans.edu/podcastdetail/9670
https://isc.sans.edu/diary.html?rss - Fake LastPass death claims used to breach password vaults
BleepingComputer • 2025-10-24 07:47 • www.bleepingcomputer.com
LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. […]
https://www.bleepingcomputer.com/news/security/fake-lastpass-death-claims-used-to-breach-password-vaults/ - How to reduce costs with self-service password resets
BleepingComputer • 2025-10-24 07:06 • www.bleepingcomputer.com
Password resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software’s uReset lets users securely reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification to stop misuse. […]
https://www.bleepingcomputer.com/news/security/how-to-reduce-costs-with-self-service-password-resets/ - APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
The Hacker News • 2025-10-24 07:00 • thehackernews.com
A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT.
The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. It also builds upon a prior
https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html - Mozilla: New Firefox extensions must disclose data collection practices
BleepingComputer • 2025-10-24 06:17 • www.bleepingcomputer.com
Starting next month, Mozilla will require Firefox extension developers to disclose whether their add-ons collect or share user data with third parties. […]
https://www.bleepingcomputer.com/news/software/mozilla-new-firefox-extensions-must-disclose-data-collection-practices/ - Part Four of The Kryptos Sculpture
Schneier on Security • 2025-10-24 04:01 • www.schneier.comTwo people found the solution. They used the power of research, not cryptanalysis, finding clues amongst the Sanborn papers at the Smithsonian’s Archives of American Art.
This comes as an awkward time, as Sanborn is auctioning off the solution. There were legal threats—I don’t understand their basis—and the solvers …
https://www.schneier.com/blog/archives/2025/10/part-four-of-the-kryptos-sculpture.html - The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently
The Hacker News • 2025-10-24 04:00 • thehackernews.com
Does your organization suffer from a cybersecurity perception gap? Findings from the Bitdefender 2025 Cybersecurity Assessment suggest the answer is probably “yes” — and many leaders may not even realize it.
This disconnect matters. Small differences in perception today can evolve into major blind spots tomorrow. After all, perception influences what organizations prioritize, where they
https://thehackernews.com/2025/10/the-cybersecurity-perception-gap-why.html - 3,000 YouTube Videos Exposed as Malware Traps in Massive Ghost Network Operation
The Hacker News • 2025-10-24 03:00 • thehackernews.com
A malicious network of YouTube accounts has been observed publishing and promoting videos that lead to malware downloads, essentially abusing the popularity and trust associated with the video hosting platform for propagating malicious payloads.
Active since 2021, the network has published more than 3,000 malicious videos to date, with the volume of such videos tripling since the start of the
https://thehackernews.com/2025/10/3000-youtube-videos-exposed-as-malware.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
