A coordinated botnet campaign involving over 100,000 IP addresses from more than 100 countries has been targeting Microsoft Remote Desktop Protocol (RDP) services in the United States. The campaign began on October 8, 2025.

Fortinet FortiGuard Labs researchers spotted Stealit malware campaign abusing Node.js Single Executable Application (SEA) and sometimes Electron to spread via fake game and VPN installers on Mediafire and Discord.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical directory traversal vulnerability in Grafana, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog.

A new ransomware alliance has emerged between DragonForce, LockBit, and Qilin, signaling a major evolution in the cyber threat landscape. This coalition aims to enhance attack effectiveness by sharing tools and infrastructure.

CISA has added five critical vulnerabilities to its KE) catalog, mandating federal agencies to remediate them by October 23, 2025. These include flaws in GNU Bash, Juniper ScreenOS, Jenkins, Smartbedded Meteobridge, and Samsung mobile devices.

A novel Command and Control (C2) technique has emerged that leverages AWS X-Ray, Amazon’s distributed tracing service, as a covert bidirectional C2 channel. This method exploits legitimate cloud infrastructure to evade traditional network defenses.

CVE-2025-43300 is a 0-day vulnerability in Apple’s ImageIO framework that enables memory corruption via malicious image files. The vulnerability was initially patched in August 2025. The issue was addressed by implementing improved bounds checking.

A data breach has compromised the personal information of millions of customers from luxury fashion brands Gucci, Balenciaga, and Alexander McQueen. The breach was attributed to the cybercriminal group Shiny Hunters

Vietnam’s National Credit Information Center suffered a cyberattack by the ShinyHunters group, exploiting an n-day vulnerability in unsupported software. The attackers accessed and leaked personal data, which was listed for sale on the dark web.

The FBI has issued a FLASH alert warning organizations of ongoing malicious campaigns by cybercriminal groups UNC6040 and UNC6395. These groups are actively targeting Salesforce platforms to conduct data theft and extortion operations.