Breaking News – Cyber Threats (last 6h)
Generated: 2025-10-24 13:00 PDT
- Infocon: green
SANS ISC Diary (full) • 2025-10-24 12:55 • isc.sans.edu
ISC Stormcast For Friday, October 24th, 2025 https://isc.sans.edu/podcastdetail/9670
https://isc.sans.edu/diary.html?rss - Hackers launch mass attacks exploiting outdated WordPress plugins
BleepingComputer • 2025-10-24 12:28 • www.bleepingcomputer.com
A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). […]
https://www.bleepingcomputer.com/news/security/hackers-launch-mass-attacks-exploiting-outdated-wordpress-plugins/ - Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
The Hacker News • 2025-10-24 11:35 • thehackernews.com
The threat actors behind a large-scale, ongoing smishing campaign have been attributed to more than 194,000 malicious domains since January 1, 2024, targeting a broad range of services across the world, according to new findings from Palo Alto Networks Unit 42.
“Although these domains are registered through a Hong Kong-based registrar and use Chinese nameservers, the attack infrastructure is
https://thehackernews.com/2025/10/smishing-triad-linked-to-194000.html - Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
The Hacker News • 2025-10-24 09:30 • thehackernews.com
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant
https://thehackernews.com/2025/10/microsoft-issues-emergency-patch-for.html - Critical WSUS flaw in Windows Server now exploited in attacks
BleepingComputer • 2025-10-24 09:28 • www.bleepingcomputer.com
Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code. […]
https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-windows-server-wsus-flaw-in-attacks/ - Amazon: This week’s AWS outage caused by major DNS failure
BleepingComputer • 2025-10-24 08:33 • www.bleepingcomputer.com
Amazon says a major DNS failure was behind a massive AWS (Amazon Web Services) outage that took down many websites and online services on Monday. […]
https://www.bleepingcomputer.com/news/technology/amazon-this-weeks-aws-outage-caused-by-major-dns-failure/ - Fake LastPass death claims used to breach password vaults
BleepingComputer • 2025-10-24 07:47 • www.bleepingcomputer.com
LastPass is warning customers of a phishing campaign sending emails with an access request to the password vault as part of a legacy inheritance process. […]
https://www.bleepingcomputer.com/news/security/fake-lastpass-death-claims-used-to-breach-password-vaults/ - How to reduce costs with self-service password resets
BleepingComputer • 2025-10-24 07:06 • www.bleepingcomputer.com
Password resets account for nearly 40% of IT help desk calls, costing orgs time and money. Specops Software’s uReset lets users securely reset passwords with flexible MFA options like Duo, Okta, and Yubikey while enforcing identity verification to stop misuse. […]
https://www.bleepingcomputer.com/news/security/how-to-reduce-costs-with-self-service-password-resets/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
