2025
A concise roundup of notable incidents and high-risk exposures (at 08h22 ET on 2025-10-31). threatintel.cc/2025/10/3… #Cyber #ThreatIntel #Incidents #Malware #DataLeak #Breach #Hack
Is Surfshark a Trustworthy VPN? Independent Audits and Key Features
Surfshark is a VPN provider whose no-logs policy has been independently verified by Deloitte. Its infrastructure uses RAM-only servers and supports 10 Gbps ports, with recently announced deployment of 100 Gbps servers in Amsterdam. The company is part of the Nord Security group, valued at US $3 billion as of September 2023. For users seeking an audited no-logs VPN with modern architecture, Surfshark merits serious consideration.
Top attacks and breaches - 2025-10-29
A concise roundup of notable incidents and high-risk exposures.
Cloud Discovery With AzureHound This article details AzureHound, a data collection tool used by threat actors for cloud discovery in Azure environments, mapping its usage to MITRE ATT&CK techniques. It explains how AzureHound enumerates identities, permissions, and resources to identify attack paths and provides guidance for defenders on detecting and mitigating its misuse.
Scammers try to trick LastPass users into giving up credentials by telling them they’re dead | CSO Online Scammers are using a creative phishing campaign targeting LastPass users, posing as the company and sending emails with the subject line “Legacy Request Opened (URGENT IF YOU ARE NOT DECEASED)” to trick victims into clicking a malicious link and revealing their master passwords. The attackers, linked to the CryptoChameleon group, aim to steal credentials and potentially drain cryptocurrency wallets, with LastPass warning users that it never asks for master passwords and advising the use of MFA to combat such threats.
OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks - SecurityWeek The OpenAI Atlas omnibox is vulnerable to jailbreaks, allowing attackers to disguise prompts as URLs. This vulnerability enables attackers to hijack the agent’s behavior, potentially leading to credential phishing or destructive actions.
AWS Outage Exposes Cloud Dependency, Concentration Risks A recent AWS outage highlighted the risks of deep cloud dependencies and the challenges of achieving multi-region cloud resilience, as enterprises struggle with complex architectures and the cost of fault tolerance. The incident also raises concerns about cloud sovereignty for European countries, questioning the feasibility of independence from U.S.-based providers without hindering innovation.
Fortinet Accused of Securities Fraud Over Firewall Forecasts Two class action lawsuits accuse Fortinet of securities fraud for allegedly misleading investors about a firewall refresh cycle, claiming it would significantly boost revenue. The lawsuits allege that Fortinet executives knew the refresh involved older, less impactful products and that CEO Ken Xie and CTO Michael Xie engaged in suspicious insider stock sales before the company’s stock price dropped significantly.
Dissecting YouTube’s Malware Distribution Network - Check Point Research Check Point Research has uncovered a Ghost Network on YouTube that uses over 3,000 malicious videos to distribute malware, primarily infostealers like Lumma and Rhadamanthys. This network, active since 2021, saw a tripling of malicious videos in 2025, employing compromised accounts, fake engagement, and targeted content like game hacks and software cracks to deceive users into downloading malicious software.
Data breach in 42 Latvian municipalities: DVI imposes 300,000 euro fine on ZZ Dats - Baltic News Network The Data State Inspectorate (DVI) has fined SIA ZZ Dats 300,000 euros for a municipal data breach affecting 42 Latvian municipalities, a decision the company is appealing. This breach, which exposed personal data of employees and residents, occurred due to ZZ Dats failing to fulfill its obligations under the General Data Protection Regulation (GDPR).
Over 180 million email accounts have been leaked — check to see if yours is on the list | Tom’s Guide The Have I Been Pwned website has added over 180 million email accounts to its database, containing leaked login details. Users can check if their email addresses have been compromised and are advised to change passwords and enable two-factor authentication for safety.
Marlink: Over 40% of maritime systems remain on Windows 10 ahead of end-of-support, heightening cyber risk - Industrial Cyber A recent report indicates that over 40% of maritime systems are still running on Windows 10, which has reached its end-of-support, significantly increasing cyber risk. While Windows 11 adoption is higher, the continued reliance on unsupported Windows 10 poses a threat to IT and OT environments due to the cessation of critical security updates.
Cyber Risk is the Weak Link in Data Center Construction The rapid growth of data center construction presents significant cyber risks, including attacks on subcontractors, manipulation of design data, and vulnerabilities in building management systems. These threats can lead to costly downtime, project delays, and physical damage, making cyber resilience a strategic imperative.
Global Survey Finds Cyber Incidents Cost Organizations $3.7M on Average in the Past Year | INN A recent Red Canary report, based on a survey of 550 security leaders, reveals that cyber incidents cost organizations an average of $3.7 million in the past year, with 46% experiencing service disruptions. The report also highlights the increasing reliance on AI in cybersecurity, with 85% of leaders concerned about being overwhelmed by missed threats if automation isn’t adopted, though they also cite AI-generated attacks as a top concern.
Former L3Harris cyber director charged with selling secrets • The Register A former general manager of L3Harris’s cyber arm, Peter Williams, has been charged with selling seven trade secrets to an unidentified Russian buyer for $1.3 million. Prosecutors are seeking to forfeit Williams' lavish assets, including his home, multiple luxury watches, designer clothing, jewelry, and cryptocurrency.
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign The APT36 hacking group, also known as Transparent Tribe, is targeting Indian government entities with a Golang-based malware called DeskRAT. The campaign employs spear-phishing emails with malicious attachments or links, aiming to compromise BOSS Linux systems and exfiltrate data.
UN agreement on cybercrime criticized over risks to cybersecurity researchers | CSO Online Critics argue that the new UN Convention against Cybercrime, set for ratification, contains vague language that could criminalize cybersecurity researchers and hinder cyber defense efforts. While some experts acknowledge improvements in defining malicious intent, others advocate for the established Budapest Convention as a superior alternative that better protects human rights.
The Good, the Bad and the Ugly in Cybersecurity – Week 43 Europol dismantled the SIMCARTEL operation, a major cybercrime-as-a-service network that facilitated over 3,200 fraud cases and caused €4.5 million in damages using 1,200 SIM-box devices and 40,000 SIM cards. Separately, the Jingle Thief threat group targets cloud environments for large-scale gift card fraud by stealing Microsoft 365 credentials, while the PhantomCaptcha campaign used spearphishing to deploy a RAT targeting Ukrainian government and humanitarian organizations.
Shutdown Sparks 85% Increase in US Gov’t Cyberattacks The US government shutdown has led to an 85% increase in cyberattacks against federal employees, with threat actors exploiting financial anxieties. The Department of Veterans Affairs (VA) and the Department of Justice (DoJ) are the most targeted agencies, particularly among essential employees who continue to work despite the risks.
Everest Ransomware Claims AT&T Careers Breach with 576K Records – Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More The Everest ransomware group claims to have breached AT&T Careers, potentially exposing 576,686 personal records of applicants and employees. The data listing is password-protected, with a deadline for AT&T to respond before public release, and AT&T has not yet officially commented on this specific incident.