Cyber Security News

Useful Material: Getting a Grip on Digital Identity Identity really is sort of the tip of the spear of watching for breaches, because there will be failures probing an identity that will give you indicators that something bad is going to happen before it happens. Once they have the authenticated identity, then it's really damaging. But if you can see the leading indicators, you can get in front of it, and I think this is where AI is going to really help Cyber_Security_Channel

State-Sponsored Hackers Stole SonicWall Cloud Backups in Recent Attack The attacks, the cybersecurity firm said, did not appear linked to the cloud backup incident. However, the sensitive information stored in the stolen files poses a high risk for the impacted organizations. Cyber_Security_Channel

Google Pays $100,000 in Rewards for Two Chrome Vulnerabilities Google says it paid $130,000 in total for the bugs fixed with the release of Chrome 142. While no bounties will be awarded for five issues, the company has yet to disclose the amounts to be handed out for two defects. Cyber_Security_Channel

Hacktivist Attacks on Critical Infrastructure Surge: Cyble Report Russia-aligned hacktivist groups INTEID, Dark Engine, Sector 16, and Z-Pentest were responsible for the majority of recent ICS attacks, primarily targeting Energy & Utilities, Manufacturing, and Agriculture sectors across Europe. Their campaigns focused on disrupting industrial and critical infrastructure in Ukraine, EU and NATO member states. Cyber_Security_Channel

Throwback №2: JLR Extends Production Halt After Cyber-Attack The cause of the disruption lies in the fact that modern automotive manufacturers operate a ‘just-in-time’ logistics and parts supply strategy. Rather than stockpiling parts, interconnected third party systems receive updates for stock deliveries for vehicles that are being manufactured at the JLR sites. Some small businesses within the wider JLR supply chain rely solely on JLR for contracts. Cyber_Security_Channel

OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks The danger with jailbreaks comes from them being a process methodology rather than an isolated bug. Once the process is discovered, the potential for abuse is limited only by the attacker’s imagination and skill. But there are three immediate implications: the successful process can override user intent, can trigger cross-domain actions, and can bypass safety layers. Cyber_Security_Channel

Throwback №1: Jaguar Land Rover production ‘severely disrupted’ by cyberattack A statement from the firm read: “JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems. Cyber_Security_Channel

$722.5 Billion in Sight for the UK as it Becomes the First Country in the World to Achieve Fitting a Quantum Computer into a Laptop London-based startup Quantum Motion has successfully developed the world’s first complete quantum computer using CMOS silicon semiconductor technology. This approach leverages the same manufacturing processes used for everyday electronic devices, including smartphones and laptops. The system operates using silicon qubits etched onto 300-millimeter wafers, identical to conventional chip production methods. Cyber_Security_Channel

🚨 FunkLocker, an AI-powered Ransomware Strain by the FunkSec APT Group, Linked to 120+ Attacks Against Orgs in North America and Asia Key takeaways from the analysis: 🔹 FunkSec strains use “AI snippet” coding patterns, making them easy to build but inconsistent in quality. 🔹 FunkLocker forcibly terminates processes and destabilizes systems to achieve full disruption. 🔹 Attackers leverage taskkill.exe, sc.exe, net.exe, and PowerShell to disable defenses and stage encryption. 🔹 Weak operational security, including reused BTC wallets and hardcoded keys, enabled public decryptors. Click on this link to read the full technical analysis and gather TTPs. For more insights on the latest malware and phishing attacks, follow @anyrun_app. ----- #ad #paidpromotion #sponsored @Cyber_Security_Channel

Microsoft: Russia, China Increasingly Using AI to Escalate Cyberattacks on the US Increasingly, these attackers are using AI to target governments, businesses and critical systems like hospitals and transportation networks, according to Amy Hogan-Burney, Microsoft’s vice president for customer security and trust, who oversaw the report. Many U.S. companies and organizations, meanwhile, are getting by with outdated cyber defenses, even as Americans expand their networks with new digital connections. Cyber_Security_Channel

Microsoft Patches 173 Vulnerabilities, Including Exploited Windows Flaws Microsoft’s October 2025 cumulative update for Windows systems removes the vulnerable ltmdm64.sys driver, which is also impacted by CVE-2025-24052, an elevation of privilege weakness for which a proof-of-concept (PoC) exploit exists. Cyber_Security_Channel

⚡️FBI and French Police Shutter BreachForums Domain Again This means the seizure will do little to stop the ongoing extortion of victims of the recent Salesforce campaign. Scattered Lapsus$ Hunters claims to have over one billion records in its possession, and provided an October 10 deadline to negotiate. Cyber_Security_Channel

TSA Solicits AI, Other Tech Solutions To Streamline Airport Screening The Transportation Security Administration (TSA) is seeking private sector solutions to modernize airport screening using artificial intelligence (AI), biometrics, and automation. The agency aims to enhance security effectiveness, reduce manual labor, and improve passenger experience. Key focus areas include AI-powered threat detection, biometric identity verification, automated screening lanes, and remote screening capabilities. 📸 Image Credit: Yahoo @Cyber_Security_Channel

Self-Propagating Malware Spreading Via WhatsApp, Targets Brazilian Users Trend's continued monitoring reveals a campaign that not only destabilizes individual users and companies but also offers a blueprint for similar attacks globally. This blog serves as an urgent call to elevate awareness, deploy modern defensive tactics, and proactively monitor heavily used communications channels. Cyber_Security_Channel

BlackSuit Ransomware Group Transitioning to ‘Chaos’ Amid Leak Site Seizure The BlackSuit ransomware gang targeted organizations across numerous industries, including education, government, healthcare, IT, manufacturing, and retail, stealing their data before encryption, to leverage it for extortion. Cyber_Security_Channel

Minnesota Activates National Guard in Response to Cyberattack “The Minnesota National Guard’s cyber forces will collaborate with city, state, and federal officials to resolve the situation and mitigate lasting impacts. Above all, we are committed to protecting the safety and security of the people of Saint Paul,” he continued. Cyber_Security_Channel

BlackSuit Ransomware: Law Enforcement Officials Seize Ransomware Website The seizure of BlackSuit's dark web infrastructure, including data leak blogs and negotiation sites, marks a significant setback for the ransomware group. This operation, dubbed "Operation Checkmate," was a collaborative effort involving law enforcement agencies from the US, UK, Ukraine, and others, with support from Romanian cybersecurity firm Bitdefender. The group's sites now display seizure notices, disrupting their ability to extort victims and leak stolen data. The BlackSuit ransomware gang, believed to be a rebranding of the Conti and Royal ransomware gangs, has targeted hundreds of organizations worldwide, demanding over $500 million in ransoms. However, researchers suggest that BlackSuit may have already rebranded as Chaos ransomware, sharing similar tactics and code patterns ². @Cyber_Security_Channel

New York Seeking Public Opinion on Water Systems Cyber Regulations DOH, DEC, and EFC worked together to align definitions and provisions within their requirements, and to ensure that the regulations are aligned with CISA and Environmental Protection Agency guidance on securing IT and OT environments. Cyber_Security_Channel

High-Severity Flaws Patched in Chrome, Firefox The first high-severity bug, CVE-2025-8027, impacts the browser’s JavaScript engine, which only writes partial return values to the stack. The second, CVE-2025-8028, impacts arm64 architectures, where numerous entries in a specific instruction leads to “truncation and incorrect computation of the branch address”. Cyber_Security_Channel

Microsoft’s New Security Store is Like an App Store for Cybersecurity The Microsoft Security Store is a storefront designed for security professionals to buy and deploy SaaS solutions and AI agents from Microsoft’s ecosystem partners. Darktrace, Illumio, Netskope, Perfomanta, and Tanium are all part of the new store, with solutions covering threat protection, identity and device management, and more. Cyber_Security_Channel