A massive network, active for over 14 years, is being used for illegal online gambling and malware distribution, doubling as a command and control (C2) and anonymity infrastructure.

CISA has added two new bugs to its KEV Catalog. The vulnerabilities include: 1. CVE-2025-48572: Android Framework Privilege Escalation Vulnerability 2. CVE-2025-48633: Android Framework Information Disclosure Vulnerability

The Aisuru botnet has launched over 1,300 DDoS attacks in just three months, with Cloudflare mitigating 2,867 attacks since the beginning of the year. The botnet's most significant attack peaked at 29.7 Tbps, setting a new record.

A new wave of cyberattacks is exploiting legitimate Remote Monitoring and Management (RMM) tools such as LogMeIn Resolve and PDQ Connect. Attackers trick users into installing these tools under false pretenses.

Sha1-Hulud has resurfaced with a new campaign targeting npm packages, affecting thousands of code repositories. This malware compromises development environments by trojaning npm packages.

A high-severity Windows LNK vulnerability, tracked as CVE-2025-9491, has been exploited by multiple state-backed and cybercrime groups in zero-day attacks. This flaw allows attackers to hide malicious commands within Windows LNK files.

Freedom Mobile, a leading Canadian wireless carrier, disclosed a data breach on October 23, the same day it was detected. The breach involved unauthorized access to customer data through a subcontractor's account.

The ClickFix attack, a sophisticated social engineering threat, has seen a 517% surge in usage. It involves fake ChatGPT Atlas browser installers that trick users into running password-stealing software.

The ValleyRAT campaign targets job seekers by disguising malicious files as legitimate job-related documents. It leverages Foxit PDF Reader for DLL side-loading, allowing threat actors to gain control of systems and steal sensitive data.

The Water Saci campaign in Brazil leverages AI-enhanced, multi-format attacks via WhatsApp, utilizing a layered infection chain with various file formats and scripting languages.