The Hacker News

🔥 OpenAI just launched an AI #cybersecurity researcher. It finds bugs, proves they’re real, and patches them — all by itself. Powered by GPT-5, it’s already discovered 10 vulnerabilities. The age of autonomous bug hunters starts now → https://thehackernews.com/2025/10/openai-unveils-aardvark-gpt-5-agent.html

Nation-state hackers built Airstalk, a new malware abusing VMware Workspace ONE’s MDM API as a covert C2 channel. Signed with a stolen cert, it’s exfiltrating browser data from BPO networks. Full analysis ↓ https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html

🚨 China-backed hackers exploited an unpatched Windows shortcut bug to breach European diplomats. UNC6384 used fake “EU Commission” and NATO meeting invites to plant PlugX malware (CVE-2025-9491) — still unpatched by Microsoft. Full story ↓ https://thehackernews.com/2025/10/china-linked-hackers-exploit-windows.html

⚠️ Chinese hackers are exploiting a critical 9.3 CVE (CVE-2025-61932) in Motex Lanscope Endpoint Manager. It lets them run SYSTEM-level commands and plant a Gokcpdoor backdoor with new multiplexed C2 channels. Active attacks confirmed ↓ https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html

Most MSPs are walking straight into a trap. Clients now expect enterprise-level cybersecurity — but many providers are still selling basic IT support. The result? Lost clients, slower growth, and higher risk exposure. Is your MSP ready to lead with security? ↓ https://thehackernews.com/2025/10/the-msp-cybersecurity-readiness-guide.html

CISA and NSA just issued a warning: Exchange servers are still getting hacked. Now a new WSUS flaw (CVE-2025-59287) lets attackers run code remotely. Even patched systems aren’t fully safe. If you manage Exchange or WSUS, read this ↓ https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html

A Mac app just bypassed macOS permission checks — silently turning on the mic and camera. ThreatLocker’s new Device Access Control (DAC) for macOS, now in Beta, flags hidden risks like unencrypted drives, SMBv1, and weak sharing settings — before attackers can exploit them. Learn more ↓ https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html

Developers accidentally leaked VS Code tokens — letting attackers publish fake extensions. Eclipse has revoked the tokens and added new safeguards after a campaign dubbed “GlassWorm.” Read → https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html

CISA added a new VMware zero-day to its KEV list. CVE-2025-41244 (CVSS 7.8) lets local users on VMs with VMware Tools + Aria Operations gain root access. Exploited since Oct 2024 by China-linked UNC5174. Patch released last month ↓ https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html

💀 Google says it blocks over 10 billion scam calls and messages every month. But scammers have adapted — they’ve gone social. Now they send fake job offers in group chats, even adding fake “friends” to make it look real. The new scam tactic most experts overlooked ↓ https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html

🔥 A tool built for defenders is now arming attackers. AdaptixC2 — an open-source C2 in Golang — was made for red teams. Now, Russian ransomware gangs use it in fake Microsoft Teams help-desk scams. Details ↓ https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html

⚠️ “Patch everything” is dead. At the BAS Summit, CISOs said it straight — not every vuln matters, only the exploitable ones do. Breach simulation shows where you bleed, not where scanners scream. Proof beats panic. Read how BAS powers real defense → https://thehackernews.com/2025/10/the-death-of-security-checkbox-bas-is.html

🚨 A single line of JavaScript can crash any Chromium browser. Researcher Jose Pino calls it Brash — it abuses how document.title handles rapid updates. 24 million title changes per second = instant crash. Still unpatched. Details ↓ https://thehackernews.com/2025/10/new-brash-exploit-crashes-chromium.html

⚡ Cybercrime just got quieter, cheaper, and a lot more precise. 💥 DNS flaws exploited 💥 Rust binaries hiding payloads 💥 Supply-chain heists rising 💥 New RATs everywhere Your weekly ThreatsDay recap has it all → https://thehackernews.com/2025/10/threatsday-bulletin-dns-poisoning-flaw.html

🚨 PhantomRaven hit the npm registry — 126 malicious packages, 86K+ installs, stealing npm tokens, GitHub creds, and CI/CD secrets. They hide malware in remote dynamic dependencies that show 0 deps, so scanners miss them. Details → https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html

🚨 PHP servers are under attack. Mirai, Mozi, and Gafgyt botnets are exploiting old CVEs to hijack WordPress and Craft CMS sites. Some break-ins start from leftover PhpStorm debug sessions still running in production. Check if yours is exposed ↓ https://thehackernews.com/2025/10/experts-reports-sharp-increase-in.html

⚠️ AI browsers like ChatGPT Atlas and Perplexity Comet can be tricked into using fake data. A new exploit — “AI-targeted cloaking” — lets attackers show one version of a page to humans and another to AI crawlers. Same old SEO trick. New weapon: misinformation at scale. Read how it works ↓ https://thehackernews.com/2025/10/new-ai-targeted-cloaking-attack-tricks.html

⚡ Your AI-driven compliance might already be non-compliant. Regulators aren’t ready — but you can be. Join the live session Nov 3 to uncover hidden risks and real fixes. Register free → https://thehackernews.com/2025/10/discover-practical-ai-tactics-for-grc.html

🔴 The next big breach won’t start with a stolen password. It’ll come from your own AI. Agentic AIs are the new “confused deputies” — doing what attackers tell them, with the access you gave them. The scariest part? You trained the threat ↓ https://thehackernews.com/2025/10/preparing-for-digital-battlefield-of.html

🚨 Russian hackers breached Ukrainian networks — no malware needed. They hijacked Windows tools (PowerShell, RDPClip, OpenSSH) to steal data and stay hidden for months. Real fileless persistence — living in memory, invisible to AV. Learn how they did it & how to detect it ↓ https://thehackernews.com/2025/10/russian-hackers-target-ukrainian.html