Breaking News – Cyber Threats (last 6h)
Generated: 2025-10-29 17:00 PDT
- Malicious NPM packages fetch infostealer for Windows, Linux, macOS
BleepingComputer • 2025-10-29 16:16 • www.bleepingcomputer.com
Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. […]
https://www.bleepingcomputer.com/news/security/malicious-npm-packages-fetch-infostealer-for-windows-linux-macos/ - WordPress security plugin exposes private data to site subscribers
BleepingComputer • 2025-10-29 13:44 • www.bleepingcomputer.com
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. […]
https://www.bleepingcomputer.com/news/security/wordpress-security-plugin-exposes-private-data-to-site-subscribers/ - Windows Server Update Services (WSUS) vulnerability abused to harvest sensitive data
Sophos Threat Research • 2025-10-29 12:46 • news.sophos.com
Exploitation of CVE-2025-59287 began after public disclosure and the release of proof-of-concept code
https://news.sophos.com/en-us/2025/10/29/windows-server-update-services-wsus-vulnerability-abused-to-harvest-sensitive-data/ - Canada says hacktivists breached water and energy facilities
BleepingComputer • 2025-10-29 12:03 • www.bleepingcomputer.com
The Canadian Centre for Cyber Security warned today that hacktivists have breached critical infrastructure systems multiple times across the country, allowing them to modify industrial controls that could have led to dangerous conditions. […]
https://www.bleepingcomputer.com/news/security/canada-says-hacktivists-breached-water-and-energy-facilities/
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
