Breaking News – Cyber Threats (last 6h)
Generated: 2025-10-28 08:00 PDT
- Infocon: green
SANS ISC Diary (full) • 2025-10-28 07:55 • isc.sans.edu
A phishing with invisible characters in the subject line
https://isc.sans.edu/diary.html?rss - BiDi Swap: The bidirectional text trick that makes fake URLs look real
BleepingComputer • 2025-10-28 07:05 • www.bleepingcomputer.com
Attackers are abusing bidirectional text to make fake URLs look real, reviving a decade-old browser flaw now fueling new phishing tricks. Varonis reveals how the “BiDi Swap” technique works and what organizations need to watch out for. […]
https://www.bleepingcomputer.com/news/security/bidi-swap-the-bidirectional-text-trick-that-makes-fake-urls-look-real/ - New Atroposia malware comes with a local vulnerability scanner
BleepingComputer • 2025-10-28 06:15 • www.bleepingcomputer.com
A new malware-as-a-service (MaaS) platform named Atroposia provides cybercriminals a remote access trojan that combines capabilities for persistent access, evasion, data theft, and local vulnerability scanning. […]
https://www.bleepingcomputer.com/news/security/new-atroposia-malware-comes-with-a-local-vulnerability-scanner/ - Why Early Threat Detection Is a Must for Long-Term Business Growth
The Hacker News • 2025-10-28 04:55 • thehackernews.com
In cybersecurity, speed isn’t just a win — it’s a multiplier. The faster you learn about emerging threats, the faster you adapt your defenses, the less damage you suffer, and the more confidently your business keeps scaling. Early threat detection isn’t about preventing a breach someday: it’s about protecting the revenue you’re supposed to earn every day.
Companies that treat cybersecurity as a
https://thehackernews.com/2025/10/why-early-threat-detection-is-must-for.html - Social Engineering People’s Credit Card Details
Schneier on Security • 2025-10-28 04:01 • www.schneier.comGood Wall Street Journal article on criminal gangs that scam people out of their credit card information:
Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid traffic violations.
The texts are ploys to get unsuspecting victims to fork over their cred…
https://www.schneier.com/blog/archives/2025/10/social-engineering-peoples-credit-card-details.html - Is Your Google Workspace as Secure as You Think it is?
The Hacker News • 2025-10-28 03:30 • thehackernews.com
The New Reality for Lean Security Teams
If you’re the first security or IT hire at a fast-growing startup, you’ve likely inherited a mandate that’s both simple and maddeningly complex: secure the business without slowing it down.
Most organizations using Google Workspace start with an environment built for collaboration, not resilience. Shared drives, permissive settings, and constant
https://thehackernews.com/2025/10/is-your-google-workspace-as-secure-as.html - A phishing with invisible characters in the subject line, (Tue, Oct 28th)
SANS ISC Diary (full) • 2025-10-28 03:12 • isc.sans.eduWhile reviewing malicious messages that were delivered to our handler inbox over the past few days, I noticed that the “subject†of one phishing e-mail looked quite strange when displayed in the Outlook message list…
- New Herodotus Android malware fakes human typing to avoid detection
BleepingComputer • 2025-10-28 03:00 • www.bleepingcomputer.com
A new Android malware family, Herodotus, uses random delay injection in its input routines to mimic human behavior on mobile devices and evade timing-based detection by security software. […]
https://www.bleepingcomputer.com/news/security/new-herodotus-android-malware-fakes-human-typing-to-avoid-detection/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
