This posting is here to collect cyber security news in October 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in October 2025.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
96 Comments
Tomi Engdahl says:
Tunisian sentenced to death for Facebook posts criticising president
https://www.reuters.com/world/africa/tunisian-sentenced-death-facebook-posts-criticising-president-2025-10-03/?utm_campaign&fbclid=IwdGRjcANNFdJjbGNrA00UrWV4dG4DYWVtAjExAAEe-AnR42m3G3ujXgmJ0Zd-uih7wwRp8soR7whv_XYmboANklLuTMkv3vLSGso_aem_XPP2GzLdN_XqnUTISDMFsA
TUNIS, Oct 3 (Reuters) – A Tunisian man has been sentenced to death on charges of insulting the president and assaulting state security through posts on social media, the head of the Tunisian League for Human Rights and his lawyer said on Friday.
The ruling is unprecedented in Tunisia, where restrictions on free speech have been tightened since President Kais Saied seized almost all powers in 2021.
“The judge in the Nabeul court sentenced the man to death over Facebook posts. It is a shocking and unprecedented ruling,” Bouthalja said.
The judgement has been appealed, he added.
Though courts have occasionally handed down death sentences in Tunisia, none have been carried out for more than three decades.
“We can’t believe it,” Jamal Chouchane, Saber’s brother, told Reuters by phone. “We are a family suffering from poverty, and now oppression and injustice have been added to poverty.”
Tomi Engdahl says:
Space command boss warns Russia is targeting UK satellites on a ‘weekly’ basis
The UK and the US conducted their first co-ordinated satellite manoeuvre in space last month
https://www.independent.co.uk/news/uk/home-news/putin-space-russia-paul-tedman-b2838540.html?fbclid=IwdGRjcANNFx1jbGNrA00W-2V4dG4DYWVtAjExAAEecP0hq5n8XlWbTBy0DeLoEHi_AYkFdS-kn1ozpLRlUVIVKK9YlHsEGybl1ho_aem_BH3EXaDA1Qvp1zn8wXuJ8A
Tomi Engdahl says:
Japanese restaurants, bars and stores are running low on beer and other beverages from industry leader Asahi Group as the impact from a cyberattack entered a fifth day on Friday, with no resolution in sight.
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/xworm-malware-resurfaces-with-ransomware-module-over-35-plugins/
XWorm malware resurfaces with ransomware module, over 35 plugins
Tomi Engdahl says:
Red Hat fesses up to GitLab breach after attackers brag of data theft
Open source giant admits intruders broke into dedicated consulting instance, but insists core products untouched
https://www.theregister.com/2025/10/03/red_hat_gitlab_breach/
Tomi Engdahl says:
Oura’s Partnership With the Pentagon Is Ringing Alarm Bells for Customers
“It’s not paranoid to be concerned about your data. It’s justified.”
https://slate.com/technology/2025/10/oura-ring-pentagon-department-of-defense-health-wearable.html
Tomi Engdahl says:
OpenSSL Vulnerabilities Let Attackers Execute Malicious Code and Recover Private Key Remotely
https://cybersecuritynews.com/openssl-vulnerabilities/#google_vignette
The OpenSSL Project has released a critical security advisory, addressing three significant vulnerabilities that could allow attackers to execute remote code and potentially recover private cryptographic keys.
These flaws affect multiple OpenSSL versions across different platforms and could lead to memory corruption, denial of service attacks, and unauthorized access to sensitive cryptographic materials.
The most severe vulnerability involves out-of-bounds memory operations in RFC 3211 Key Encryption Key (KEK) unwrap functionality, tracked as CVE-2025-9230 with moderate severity.
Tomi Engdahl says:
U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/182925/hacking/u-s-cisa-adds-smartbedded-meteobridge-samsung-juniper-screenos-jenkins-and-gnu-bash-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Tomi Engdahl says:
https://www.theregister.com/2025/10/03/red_hat_gitlab_breach/
Tomi Engdahl says:
WhatsAppin ja Signalin käyttämä salaustekniikka otti kehitysloikan – “salauksen maailmanloppukaan” ei avaa viestejä
https://www.puhelinvertailu.com/uutiset/2025/10/05/whatsapp-signal-salaus-kvanttilaskenta-spqr#google_vignette
Tomi Engdahl says:
NIRS fire destroys government’s cloud storage system, no backups available
https://koreajoongangdaily.joins.com/news/2025-10-01/national/socialAffairs/NIRS-fire-destroys-governments-cloud-storage-system-no-backups-available/2412936?fbclid=IwdGRjcANRCz1jbGNrA1EKomV4dG4DYWVtAjExAAEeAWaOQ4U8aAUoXH1qKAW3-kiu8n0yL0WNowuiHJSE6Oek5fgEUEV4ZYKJ5MI_aem_2tYQSKQyVM8pVMt70Wwa0g
A fire at the National Information Resources Service (NIRS)’s Daejeon headquarters destroyed the government’s G-Drive cloud storage system, erasing work files saved individually by some 750,000 civil servants, the Ministry of the Interior and Safety said Wednesday.
The fire broke out in the server room on the fifth floor of the center, damaging 96 information systems designated as critical to central government operations, including the G-Drive platform. The G-Drive has been in use since 2018, requiring government officials to store all work documents in the cloud instead of on personal computers. It provided around 30 gigabytes of storage per person.
However, due to the system’s large-capacity, low-performance storage structure, no external backups were maintained — meaning all data has been permanently lost.
The scale of damage varies by agency. The Ministry of Personnel Management, which had mandated that all documents be stored exclusively on G-Drive, was hit hardest. The Office for Government Policy Coordination, which used the platform less extensively, suffered comparatively less damage.
The Interior Ministry explained that while most systems at the Daejeon data center are backed up daily to separate equipment within the same center and to a physically remote backup facility, the G-Drive’s structure did not allow for external backups. This vulnerability ultimately left it unprotected.
Criticism continues to build regarding the government’s data management protocols.
Tomi Engdahl says:
Linux has the lineage to out-evolve the deadliest of cyber threats, given the right push
Darwin would understand microkernels. We need microkernels that understand Darwin.
iconRupert Goodwins
Mon 22 Sep 2025 // 10:00 UTC
Opinion The IT industry is not only full of sharks, it has shark nature itself. It must keep moving forward to survive. Not all sharks are obligate ram ventilators, and not all IT changes all the time, but without innovation the sector would curdle and die
https://www.theregister.com/2025/09/22/linux_has_the_lineage_to/
Tomi Engdahl says:
Japan days away from running out of Asahi Super Dry due to cyber attack – reports
The attack forced the company to halt production at most of its 30 factories nationwide, including those producing its signature beer
https://www.theguardian.com/world/2025/oct/03/asahi-super-dry-days-away-from-running-out-in-japan-due-to-cyber-attack
Tomi Engdahl says:
Signal Protocol and Post-Quantum Ratchets
https://signal.org/blog/spqr/?fbclid=IwT01FWANMLqVleHRuA2FlbQIxMAABHsE29nXwgpVy0F9qam91uymB9zOO7Iym9We8VJ-V0z9yixT5jkolIzv9ptMG_aem_8hXJgqBDriFIGbxxGaRQ3w
Tomi Engdahl says:
Pwning a $60,000 Lighting Console in a Few Minutes
https://parzival.sh/blog/pwning-a-lighting-console-in-a-few-minutes?fbclid=Iwb21leANKaQJjbGNrA0po-WV4dG4DYWVtAjExAAEecVjsDaNElH1F9_QFgod5fcbbLimysiYiQYnBcOdTA5UhQyNAreszKzQ4pZI_aem_aOIfoEeuWJJIHf-4V6OfYw
Tomi Engdahl says:
https://abc7.com/post/thieves-targeting-copper-are-damaging-fiber-cables-leading-outages/17883287/
Tomi Engdahl says:
Tietokoneen hiiri voi paljastaa mitä huoneessa puhutaan
https://dawn.fi/uutiset/2025/10/06/hiiri-salakuuntelu
Tutkijat ovat havainneet, että aivan tavallinen tietokoneen hiirikin voi muuttua hyvin yllättäväksi vakoiluvälineeksi.
Kalifornian yliopiston tutkijat nimittäin ovat kehittäneet Mic-E-Mouse -nimisen konseptin (PDF), jossa optisen hiiren sensori saatiin muutettua salakuuntelun apuvälineeksi.
pienikin värähtely on luettavissa. Ja modernit pelihiiret rekisteröivät äärimmäisen pieniäkin liikkeitä, jopa 20 000 dpi:n tarkkuudella.
Tutkijat havaitsivat, että kun hiiren keräämää liikedataa kerättiin isompi määrä talteen, siitä pystyttiin tekoälyn avulla purkamaan myös ääniaaltoja, jotka sitten pystyttiin eristämään samassa tilassa käydyiksi keskusteluiksi.
Aiheesta uutisoineen Tom’s Hardwaren mukaan äänentunnistuksen tarkkuus Mic-E-Mousea käyttämällä on 42 ja 61 prosentin välimaastossa, eli se toimii varsin hyvin salakuuntelun välineenä.
Ongelmana on lähinnä se, että tietokoneen, johon hiiri on kytketty, täytyy kerätä hiiren liikedataa jatkuvasti ja tallettaa se johonkin myöhempää analysointia varten.
https://youtu.be/CY7Z37Ul8aQ?si=AdgRWINAyYn5A9No
Tomi Engdahl says:
A hacker claims to have stolen Huawei’s internal source code and sold it on an underground cybercriminal forum.
Read more: https://cnews.link/huawei-source-code-data-breach/
Tomi Engdahl says:
https://etn.fi/index.php/13-news/18001-suomalaisten-luotto-digiturvaan-on-romahtanut
Tomi Engdahl says:
LLM-enabled MalTerminal Malware Leverages GPT-4 to Generate Ransomware Code
https://cybersecuritynews.com/llm-enabled-malterminal-malware-gpt-4/
Cybersecurity researchers have identified what is believed to be the earliest known instance of malware that leverages a Large Language Model (LLM) to generate malicious code at runtime.
Dubbed ‘MalTerminal’ by SentinelLABS, the malware uses OpenAI’s GPT-4 to dynamically create ransomware code and reverse shells, presenting a new and formidable challenge for detection and threat analysis.
The discovery highlights a significant shift in adversary tradecraft, where the malicious logic is not hardcoded into the malware itself but is generated on-the-fly by an external AI model.
Tomi Engdahl says:
Microsoft just dropped fixes for 183 security flaws.
3 are already being exploited — including one buried in every Windows PC since XP.
…and at the same time, it is ending Windows 10 support (unless you pay).
Details + patch info ↓ https://thehackernews.com/2025/10/two-new-windows-zero-days-exploited-in.html
Tomi Engdahl says:
Hackers Roast Trump Over Airport Loudspeakers In Epic Breach
Hackers played anti-Trump messages at airports around the country.
https://polinews.org/hackers-roast-trump-over-airport-loudspeakers-in-epic-breach/
Airports are increasingly becoming a battleground between pro- and anti-Trump forces. Homeland Security Secretary Kristi Noem has been featured in videos, broadcast in airports, that blame Democrats for the ongoing government shutdown, which some airports have refused to show.
“Major airports across the country — including in New York City, Chicago and Atlanta — are refusing to play a video featuring Department of Homeland Security Secretary Kristi Noem blaming Democrats for the impacts of the government shutdown,” ABC News reported.
Then, this week, hackers managed to play anti-Trump messages in several other airports.
Per CNN, “unauthorized pro-Palestinian political messages praising Hamas and attacking President Donald Trump and Israel’s prime minister were broadcast through public address systems in terminals at four airports in North America on Tuesday.”
“Turkish Hacker Cyber Islam” can be heard on the message, which was denounced by Homeland Security Secretary Sean Duffy.
The messages, which appeared to have been broadcast via hacking of the public-address systems at the airports, were heard at Harrisburg International Airport in Pennsylvania, as well as multiple airports in Canada, including Kelowna International Airport and Victoria International Airport in British Columbia and Windsor International Airport in Ontario.
It’s not clear if the hacker was actually Turkish, or really representing a group called “Cyber Islam.”
Per Fox 43 in Pennsylvania, “the airport stated that it was a ‘political message,’ but did not contain any threats towards airlines, passengers, airport employees or the airport itself, according to HIA.” In Harrisburg, the PA system was shut off following the hack.
Apparent hackers take over PA systems at 4 North American airports
https://www.cnn.com/2025/10/15/us/airport-cyber-breach-pennsylvania-canada-hnk
Unauthorized pro-Palestinian political messages praising Hamas and attacking President Donald Trump and Israel’s prime minister were broadcast through public address systems in terminals at four airports in North America on Tuesday, disrupting operations and sparking investigations into the apparent hacks.
Videos posted by passengers on social media show the unauthorized recordings played at Harrisburg International Airport in Pennsylvania.
Incidents were also reported at Kelowna International Airport and Victoria International Airport in British Columbia along with Windsor International Airport in Ontario, according to Transport Canada, which regulates airports in the country.
“This is absolutely unacceptable and understandably scared travelers,” US Transportation Secretary Sean Duffy said on social media, adding the FAA is working with the Harrisburg airport “to help get to the bottom of this hack.”
The breaches come as the air travel industry has been dealing with an onslaught of cyberattacks that have caused disruptions for customers and ground some of the world’s largest airports to a halt. In June, a notorious cybercriminal group breached the computer networks of multiple airlines in the US and Canada, according to the FBI. And last month, hackers knocked out a passenger check-in system, causing long delays, cancellations and chaos at airports across Europe.
During the incident, one flight was in the process of boarding, Miller said.
“Out of an abundance of caution, the aircraft was searched. No security issues were found, and the flight departed safely,” the statement added.
Around the same time, more than 2,000 miles away, Kelowna International Airport reported a similar incident.
“The airport staff was about as in the dark as we were,” one passenger who was waiting for a flight said. “They even had to resort to using megaphones to give people boarding information because the intercom was down.”
In a statement shared with CNN, the airport said a third party accessed both its flight information display screens and public address system.
Transport Canada tells CNN it is “working closely with federal security partners, including law enforcement, to ensure there were no impacts on the safety and security of airport operations, and to mitigate disruption from similar incidents in the future.”
Tomi Engdahl says:
https://m.youtube.com/shorts/okOhbs45GcA?fbclid=IwVERDUANeuDBleHRuA2FlbQIxMAABHkjJQGaJFL0QR4j55pfPbK6964fa1dKS5SqSe9Yoynxk_jKs3yAbgQFRC7xe_aem_mIyQj11QcDUYnInR1j9iYA
Hacker hijacks airport speakers, blasts anti-Trump and other political messages
Tomi Engdahl says:
https://blog.google/technology/safety-security/how-google-protects-against-scams-2025/
Tomi Engdahl says:
https://www.dailymail.co.uk/news/article-15205213/Russians-hack-files-EIGHT-MoD-bases-dark-web.html
Tomi Engdahl says:
Verisureen tehty tietomurto – 35 000 asiakkaan tietoihin kajottu
Yrjö Kokkonen
17.10. 14:37
•
Päivitetty 17.10. 17:35
Kuuntele juttu 1:08
Hälytysjärjestelmiä myyvän Verisure-yhtiön pääkonttoriin on tehty tietomurto, kertoo Ruotsin yleisradio SVT.
https://yle.fi/a/74-20188978
Tomi Engdahl says:
“Really shows how easy it would be for Bezos and Ellison to just turn off the internet if they wanted to, for any reason.” https://trib.al/0CuA6nE
Tomi Engdahl says:
Cloudy Day
Amazon’s AWS Goes Down, Takes Out “Half of the Internet”
“Really shows how easy it would be for Bezos and Ellison to just turn off the internet if they wanted to, for any reason.”
https://futurism.com/future-society/amazon-aws-internet-down?fbclid=IwdGRjcANjfU5jbGNrA2N9O2V4dG4DYWVtAjExAAEeA9Y1un1hwF-oNgvIdNAy72ebhDdvE6Mmg86l5pfcXs8mCoEX2a7bT_6SbFY_aem_H608HuqtnpvMBc8W_XN4SQ
Tomi Engdahl says:
Police Break Up Lego Theft Ring, Recovering Hundreds of Beheaded Figurines
Officials said they had discovered tens of thousands of Lego pieces at a California home and arrested a man who trafficked in the stolen collectibles.
https://www.nytimes.com/2025/10/18/us/lego-theft-california-arrest.html
When detectives from the Santa Rosa Police Department arrived at a house in Lake County, Calif., on Monday, they discovered what looked like a Lego crime scene.
Plastic figurines were everywhere, their heads removed from their bodies and organized in neat rows by facial expression.
Tubs and bins brimmed with loose pieces — tens of thousands of them, according to the police — and were scattered across desks in the living room.
Unopened sets lined the hallway floors.
An investigation that began last month culminated in the arrest of Robert Lopez, 39. The police said in a statement on Wednesday that Mr. Lopez had stolen more than $6,000 worth of the popular toys.
Tomi Engdahl says:
AWS outage crashes Amazon, Prime Video, Fortnite, Perplexity and more
https://www.bleepingcomputer.com/news/technology/aws-outage-crashes-amazon-prime-video-fortnite-perplexity-and-more/
AWS outage has taken down millions of websites, including Amazon.com, Prime Video, Perplexity AI, Canva and more.
The outage started approx 30 minutes ago and it’s affecting consumers in all regions, including the United States and Europe.
According to AWS Health page, Amazon is aware of major disruption affecting multiple services.
Tomi Engdahl says:
Hackers are actively exploiting Windows SMB component vulnerability, which enables them to gain SYSTEM privileges over a network.
#hack #Windows #cybersecurity
More: https://cnews.link/hackers-exploit-windows-smb-flaw-cisa/
(CVE-2025-33073)
RedTeam Pentesting researchers independently reproduced this vulnerability on Windows 10, 11 as well as Server 2019 through 2025.
Tomi Engdahl says:
AWS outage on Monday doesn’t seem to have been caused by a cyberattack. Full story in the comments
#AWS #Amazon #cyberattack
Learn more: https://cnews.link/aws-outage-amazon-layoffs-engineers/
This outage should be a wakeup call that everyone is too dependent on AWS. It’s time to diversify.
Bit of a worry. Suggests audits aren’t identifying risks. Or they are not addressing risks identified. High availability?
Nowadays 75% of AWS production code is AI written.
Ask AI to fix it…
Tomi Engdahl says:
Hackers Dox Hundreds of DHS, ICE, FBI, and DOJ Officials
Joseph Cox
Joseph Cox
·
Oct 16, 2025 at 10:34 PM
Scattered LAPSUS$ Hunters—one of the latest amalgamations of typically young, reckless, and English-speaking hackers—posted the apparent phone numbers and addresses of hundreds of government officials, including nearly 700 from DHS.
https://www.404media.co/hackers-dox-hundreds-of-dhs-ice-fbi-and-doj-officials/?fbclid=IwdGRjcANkoTBjbGNrA2ShF2V4dG4DYWVtAjExAAEecIpcma3IGmQRffE-MhB69n4nlmwhC8RD9yR-1BSG5uu_MNOU2KGAkrYd4O0_aem_k9TU6qFEgNcKoX7tgK2Ohg
Tomi Engdahl says:
AWS outage sparks internet memes
https://cybernews.com/entertainment/aws-outage-sparks-internet-memes/
Tomi Engdahl says:
https://thehackernews.com/2025/10/hackers-target-ictbroadcast-servers-via.html
Tomi Engdahl says:
https://thehackernews.com/2025/10/how-attackers-bypass-synced-passkeys.html
Tomi Engdahl says:
https://tietosuoja.fi/-/tietosuojavaltuutetun-toimisto-valtionhallinnon-pilvipalveluiden-on-taytettava-tietosuojavaatimukset
Tomi Engdahl says:
https://thehackernews.com/2025/10/microsoft-locks-down-ie-mode-after.html
Tomi Engdahl says:
Critical GitHub Copilot Vulnerability Let Attackers Exfiltrate Source Code From Private Repos
https://cybersecuritynews.com/github-copilot-vulnerability/#google_vignette
Tomi Engdahl says:
https://cybersecuritynews.com/hackers-attacking-rdp-services/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/from-infostealer-to-full-rat-dissecting-the-purerat-attack-chain/
Tomi Engdahl says:
https://cybersecuritynews.com/microsoft-defender-authentication-bypass/
Tomi Engdahl says:
https://cybersecuritynews.com/windows-remote-desktop-client-vulnerability/
Tomi Engdahl says:
Maltrail: Open-source malicious traffic detection system
Maltrail is an open-source network traffic detection system designed to spot malicious or suspicious activity. It works by checking traffic against publicly available blacklists, as well as static lists compiled from antivirus reports and user-defined sources. These “trails” can include domain names, URLs, IP addresses, or even HTTP User-Agent values. On top of that, Maltrail can use optional heuristic methods to identify new or unknown threats, such as emerging malware.
https://www.helpnetsecurity.com/2025/10/15/maltrail-open-source-malicious-traffic-detection-system/
Tomi Engdahl says:
https://github.com/stamparm/maltrail
Tomi Engdahl says:
https://thehackernews.com/2025/10/rmpocalypse-single-8-byte-write.html
Tomi Engdahl says:
https://thehackernews.com/2025/10/npm-pypi-and-rubygems-packages-found.html
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-october-2025-patch-tuesday-fixes-6-zero-days-172-flaws/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-nearly-200-000-linux-framework-sytems/
Tomi Engdahl says:
https://cybersecuritynews.com/lenovo-code-execution-vulnerability-poc/