This posting is here to collect cyber security news in October 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in October 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
19 Comments
Tomi Engdahl says:
Tunisian sentenced to death for Facebook posts criticising president
https://www.reuters.com/world/africa/tunisian-sentenced-death-facebook-posts-criticising-president-2025-10-03/?utm_campaign&fbclid=IwdGRjcANNFdJjbGNrA00UrWV4dG4DYWVtAjExAAEe-AnR42m3G3ujXgmJ0Zd-uih7wwRp8soR7whv_XYmboANklLuTMkv3vLSGso_aem_XPP2GzLdN_XqnUTISDMFsA
TUNIS, Oct 3 (Reuters) – A Tunisian man has been sentenced to death on charges of insulting the president and assaulting state security through posts on social media, the head of the Tunisian League for Human Rights and his lawyer said on Friday.
The ruling is unprecedented in Tunisia, where restrictions on free speech have been tightened since President Kais Saied seized almost all powers in 2021.
“The judge in the Nabeul court sentenced the man to death over Facebook posts. It is a shocking and unprecedented ruling,” Bouthalja said.
The judgement has been appealed, he added.
Though courts have occasionally handed down death sentences in Tunisia, none have been carried out for more than three decades.
“We can’t believe it,” Jamal Chouchane, Saber’s brother, told Reuters by phone. “We are a family suffering from poverty, and now oppression and injustice have been added to poverty.”
Tomi Engdahl says:
Space command boss warns Russia is targeting UK satellites on a ‘weekly’ basis
The UK and the US conducted their first co-ordinated satellite manoeuvre in space last month
https://www.independent.co.uk/news/uk/home-news/putin-space-russia-paul-tedman-b2838540.html?fbclid=IwdGRjcANNFx1jbGNrA00W-2V4dG4DYWVtAjExAAEecP0hq5n8XlWbTBy0DeLoEHi_AYkFdS-kn1ozpLRlUVIVKK9YlHsEGybl1ho_aem_BH3EXaDA1Qvp1zn8wXuJ8A
Tomi Engdahl says:
Japanese restaurants, bars and stores are running low on beer and other beverages from industry leader Asahi Group as the impact from a cyberattack entered a fifth day on Friday, with no resolution in sight.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/xworm-malware-resurfaces-with-ransomware-module-over-35-plugins/
XWorm malware resurfaces with ransomware module, over 35 plugins
Tomi Engdahl says:
Red Hat fesses up to GitLab breach after attackers brag of data theft
Open source giant admits intruders broke into dedicated consulting instance, but insists core products untouched
https://www.theregister.com/2025/10/03/red_hat_gitlab_breach/
Tomi Engdahl says:
Oura’s Partnership With the Pentagon Is Ringing Alarm Bells for Customers
“It’s not paranoid to be concerned about your data. It’s justified.”
https://slate.com/technology/2025/10/oura-ring-pentagon-department-of-defense-health-wearable.html
Tomi Engdahl says:
OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely
https://cybersecuritynews.com/openssl-vulnerabilities/#google_vignette
The OpenSSL Project has released a critical security advisory, addressing three significant vulnerabilities that could allow attackers to execute remote code and potentially recover private cryptographic keys.
These flaws affect multiple OpenSSL versions across different platforms and could lead to memory corruption, denial of service attacks, and unauthorized access to sensitive cryptographic materials.
The most severe vulnerability involves out-of-bounds memory operations in RFC 3211 Key Encryption Key (KEK) unwrap functionality, tracked as CVE-2025-9230 with moderate severity.
Tomi Engdahl says:
U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/182925/hacking/u-s-cisa-adds-smartbedded-meteobridge-samsung-juniper-screenos-jenkins-and-gnu-bash-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Tomi Engdahl says:
https://www.theregister.com/2025/10/03/red_hat_gitlab_breach/
Tomi Engdahl says:
WhatsAppin ja Signalin käyttämä salaustekniikka otti kehitysloikan – “salauksen maailmanloppukaan” ei avaa viestejä
https://www.puhelinvertailu.com/uutiset/2025/10/05/whatsapp-signal-salaus-kvanttilaskenta-spqr#google_vignette
Tomi Engdahl says:
NIRS fire destroys government’s cloud storage system, no backups available
https://koreajoongangdaily.joins.com/news/2025-10-01/national/socialAffairs/NIRS-fire-destroys-governments-cloud-storage-system-no-backups-available/2412936?fbclid=IwdGRjcANRCz1jbGNrA1EKomV4dG4DYWVtAjExAAEeAWaOQ4U8aAUoXH1qKAW3-kiu8n0yL0WNowuiHJSE6Oek5fgEUEV4ZYKJ5MI_aem_2tYQSKQyVM8pVMt70Wwa0g
A fire at the National Information Resources Service (NIRS)’s Daejeon headquarters destroyed the government’s G-Drive cloud storage system, erasing work files saved individually by some 750,000 civil servants, the Ministry of the Interior and Safety said Wednesday.
The fire broke out in the server room on the fifth floor of the center, damaging 96 information systems designated as critical to central government operations, including the G-Drive platform. The G-Drive has been in use since 2018, requiring government officials to store all work documents in the cloud instead of on personal computers. It provided around 30 gigabytes of storage per person.
However, due to the system’s large-capacity, low-performance storage structure, no external backups were maintained — meaning all data has been permanently lost.
The scale of damage varies by agency. The Ministry of Personnel Management, which had mandated that all documents be stored exclusively on G-Drive, was hit hardest. The Office for Government Policy Coordination, which used the platform less extensively, suffered comparatively less damage.
The Interior Ministry explained that while most systems at the Daejeon data center are backed up daily to separate equipment within the same center and to a physically remote backup facility, the G-Drive’s structure did not allow for external backups. This vulnerability ultimately left it unprotected.
Criticism continues to build regarding the government’s data management protocols.
Tomi Engdahl says:
Linux has the lineage to out-evolve the deadliest of cyber threats, given the right push
Darwin would understand microkernels. We need microkernels that understand Darwin.
iconRupert Goodwins
Mon 22 Sep 2025 // 10:00 UTC
Opinion The IT industry is not only full of sharks, it has shark nature itself. It must keep moving forward to survive. Not all sharks are obligate ram ventilators, and not all IT changes all the time, but without innovation the sector would curdle and die
https://www.theregister.com/2025/09/22/linux_has_the_lineage_to/
Tomi Engdahl says:
Japan days away from running out of Asahi Super Dry due to cyber attack – reports
The attack forced the company to halt production at most of its 30 factories nationwide, including those producing its signature beer
https://www.theguardian.com/world/2025/oct/03/asahi-super-dry-days-away-from-running-out-in-japan-due-to-cyber-attack
Tomi Engdahl says:
Signal Protocol and Post-Quantum Ratchets
https://signal.org/blog/spqr/?fbclid=IwT01FWANMLqVleHRuA2FlbQIxMAABHsE29nXwgpVy0F9qam91uymB9zOO7Iym9We8VJ-V0z9yixT5jkolIzv9ptMG_aem_8hXJgqBDriFIGbxxGaRQ3w
Tomi Engdahl says:
Pwning a $60,000 Lighting Console in a Few Minutes
https://parzival.sh/blog/pwning-a-lighting-console-in-a-few-minutes?fbclid=Iwb21leANKaQJjbGNrA0po-WV4dG4DYWVtAjExAAEecVjsDaNElH1F9_QFgod5fcbbLimysiYiQYnBcOdTA5UhQyNAreszKzQ4pZI_aem_aOIfoEeuWJJIHf-4V6OfYw
Tomi Engdahl says:
https://abc7.com/post/thieves-targeting-copper-are-damaging-fiber-cables-leading-outages/17883287/
Tomi Engdahl says:
Tietokoneen hiiri voi paljastaa mitä huoneessa puhutaan
https://dawn.fi/uutiset/2025/10/06/hiiri-salakuuntelu
Tutkijat ovat havainneet, että aivan tavallinen tietokoneen hiirikin voi muuttua hyvin yllättäväksi vakoiluvälineeksi.
Kalifornian yliopiston tutkijat nimittäin ovat kehittäneet Mic-E-Mouse -nimisen konseptin (PDF), jossa optisen hiiren sensori saatiin muutettua salakuuntelun apuvälineeksi.
pienikin värähtely on luettavissa. Ja modernit pelihiiret rekisteröivät äärimmäisen pieniäkin liikkeitä, jopa 20 000 dpi:n tarkkuudella.
Tutkijat havaitsivat, että kun hiiren keräämää liikedataa kerättiin isompi määrä talteen, siitä pystyttiin tekoälyn avulla purkamaan myös ääniaaltoja, jotka sitten pystyttiin eristämään samassa tilassa käydyiksi keskusteluiksi.
Aiheesta uutisoineen Tom’s Hardwaren mukaan äänentunnistuksen tarkkuus Mic-E-Mousea käyttämällä on 42 ja 61 prosentin välimaastossa, eli se toimii varsin hyvin salakuuntelun välineenä.
Ongelmana on lähinnä se, että tietokoneen, johon hiiri on kytketty, täytyy kerätä hiiren liikedataa jatkuvasti ja tallettaa se johonkin myöhempää analysointia varten.
https://youtu.be/CY7Z37Ul8aQ?si=AdgRWINAyYn5A9No
Tomi Engdahl says:
A hacker claims to have stolen Huawei’s internal source code and sold it on an underground cybercriminal forum.
Read more: https://cnews.link/huawei-source-code-data-breach/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/18001-suomalaisten-luotto-digiturvaan-on-romahtanut