Top Security Breaches 2025-10-28
Auto-generated 2025-10-28T09:00:32.559045+00:00 (UTC)
-
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
Source: The Hacker News | Published: 2025-10-27T08:55:00+00:00 | Score: 18.899
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June.
The development comes as the ransomware-as-a-service (RaaS) operation has emerged as one of the most active ransomware groups, accounting for -
Google disputes false claims of massive Gmail data breach
Source: BleepingComputer | Published: 2025-10-27T20:32:01+00:00 | Score: 17.761
Google was once again forced to announce that it had not suffered a data breach after numerous news outlets published sensational stories about a fake breach that purportedly exposed 183 million accounts. […]
-
Ransomware profits drop as victims stop paying hackers
Source: BleepingComputer | Published: 2025-10-27T19:22:38+00:00 | Score: 16.649
The number of victims paying ransomware threat actors has reached a new low, with just 23% of the breached companies giving in to attackers’ demands. […]
-
⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens
Source: The Hacker News | Published: 2025-10-27T12:51:00+00:00 | Score: 14.448
Security, trust, and stability — once the pillars of our digital world — are now the tools attackers turn against us. From stolen accounts to fake job offers, cybercriminals keep finding new ways to exploit both system flaws and human behavior.
Each new breach proves a harsh truth: in cybersecurity, feeling safe can be far more dangerous than being alert.
Here’s how that false sense of security -
Tuesday briefing: What the mistaken release of Hadush Kebatu reveals about a Prison Service in crisis
Source: World news | The Guardian | Published: 2025-10-28T06:27:16+00:00 | Score: 13.773
In today’s newsletter: Rising numbers of prisoners released by accident are laying bare systemic failings in England and Wales, from overworked staff to issues with probation Good morning. Maybe the most gobsmacking detail about the accidental release of Hadush Kebatu from HMP Chelmsford was this, from a delivery driver who was delivering equipment to the prison as he left: Kebatu, who was serving a sentence for sexual assault and was due to be deported, appeared baffled as he walked free, and lingered outside the gates for an hour and a half before heading away. “They [the officers] were basically sending him away, saying, ‘Go, you’ve been released, you go,’” the driver told Sky News . “He kept scratching his head and saying, ‘Where do I go, where do I go?’” On its face, that might look like incompetence. But the fiasco of Kebatu’s release may point to much bigger issues in the prison system. Yesterday, the justice secretary, David Lammy blamed “human error” – while the Prison Officers’ Association (POA) called the suspension of a single officer “unjust”. Hurrican Melissa | Jamaicans have started to take shelter from Hurricane Melissa as the category 5 storm neared the coast amid warnings of catastrophic flooding, landslides and extensive infrastructure damage. The slow-moving giant is set to make landfall early on Tuesday. Climate crisis | Humanity has failed to limit global heating to 1.5C and must change course immediately, the secretary general of the UN has warned. In his only interview before next month’s Cop30 climate summit, António Guterres acknowledged it is now “inevitable” that humanity will overshoot the target. Reform UK | Nigel Farage has defended remarks made by a Reform MP who said seeing adverts full of black and Asian people “drives her mad”. The Reform UK leader said if he felt Sarah Pochin’s words were “deliberately and genuinely racist”, he would have “taken action” against her. Sudan | Fears grew for hundreds of thousands of civilians trapped in El Fasher after the paramilitary Rapid Support Forces said it had captured the city, which it has been besieging for more than a year in Sudan’s civil war. Ministry of Defence | At least 49 family members and colleagues of Afghans affected by the MoD’s mass data breach have been killed, according to research submitted to a parliamentary committee. Continue reading…
-
Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft’s July Patch
Source: The Hacker News | Published: 2025-10-22T12:56:00+00:00 | Score: 12.949
Threat actors with ties to China exploited the ToolShell security vulnerability in Microsoft SharePoint to breach a telecommunications company in the Middle East after it was publicly disclosed and patched in July 2025.
Also targeted were government departments in an African country, as well as government agencies in South America, a university in the U.S., as well as likely a state technology -
Bridging the Remediation Gap: Introducing Pentera Resolve
Source: The Hacker News | Published: 2025-10-22T11:55:00+00:00 | Score: 12.936
From Detection to Resolution: Why the Gap Persists
A critical vulnerability is identified in an exposed cloud asset. Within hours, five different tools alert you about it: your vulnerability scanner, XDR, CSPM, SIEM, and CMDB each surface the issue in their own way, with different severity levels, metadata, and context.
What’s missing is a system of action. How do you transition from the -
Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
Source: The Hacker News | Published: 2025-10-21T07:23:00+00:00 | Score: 12.58
A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon.
The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler Gateway appliance to obtain initial access.
Salt Typhoon, also known as Earth Estries, FamousSparrow,
End of report.
