According to Geoffrey Hinton, tech giants cannot profit from their AI investments without replacing human labor. He believes that the massive capital expenditures by companies like Microsoft, Meta, and Alphabet are predicated on the idea of widespread job displacement by AI, though he acknowledges AI’s potential for good in fields like healthcare and education.
Police across Canada warn parents after morphine, staples, needles found in candy | Globalnews.ca
Police across Canada are warning parents to carefully inspect Halloween candy after reports of morphine, needles, and staples found in treats in Ontario, B.C., and Saskatchewan. Authorities advise checking wrappers for tampering and reporting any suspicious items to the police.
China-linked hackers exploited Lanscope flaw
China-linked hackers exploited Lanscope flaw as a zero-day in attacks www.bleepingcomputer.com/news/secu…
China-linked cyber-espionage actors tracked as ‘Bronze Butler’ (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware.
The discovery of this activity comes from Sophos researchers, who observed the threat actors exploiting the vulnerability in mid-2025 before it was patched to steal confidential information.
The flaw exploited in these attacks is CVE-2025-61932, a critical request origin verification flaw impacting Motex Lanscope Endpoint Manager versions 9.4.7.2 and earlier. It enables unauthenticated attackers to execute arbitrary code on the target with SYSTEM privileges via specially crafted packets.
CISA warns ransomware gangs exploit CVE-2024-1086
CISA warns ransomware gangs exploit CVE-2024-1086, a Linux kernel flaw in netfilter: nf_tables, introduced in 2014 and patched in Jan 2024. securityaffairs.com/184076/se…
CISA warned that ransomware gangs are exploiting CVE-2024-1086, a high-severity Linux kernel flaw introduced in 2014 and patched in January 2024.
CISA didn’t provide details about the ransomware attacks exploiting the flaw or name the groups responsible for targeting it.
The vulnerability CVE-2024-1086 is a Linux kernel use-after-free issue that resides in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
Australia warns of BadCandy infections
Australia warns of BadCandy infections on unpatched Cisco devices www.bleepingcomputer.com/news/secu…
The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell.
The vulnerability exploited in these attacks is CVE-2023-20198, a max-severity flaw that allows remote unauthenticated threat actors to create a local admin user via the web user interface and take over the devices.
Cisco fixed the flaw in October 2023, which was then marked as an actively exploited issue. A public exploit became available two weeks later, fueling mass exploitation for backdoor planting on internet-exposed devices.
The Australian authorities have warned that variants of the same Lua-based BadCandy web shells are still used in attacks throughout 2024 and 2025, indicating that many Cisco devices remain unpatched.
Cloud Abuse at Scale
Cloud Abuse at Scale www.fortinet.com/blog/thre…
Identity compromise remains one of the most pressing threats to cloud infrastructure today. When attackers gain access to valid credentials, they can often bypass the traditional security controls designed to protect those environments. In AWS, this type of compromise frequently manifests through abuse of the Simple Email Service (SES), one of the most common tactics observed in real-world intrusions. SES offers adversaries a convenient and scalable way to conduct illicit email operations once they’ve obtained valid AWS access keys.
In recent activity, we identified a campaign in which adversaries used stolen credentials to target SES. As part of this campaign, we uncovered a large-scale attack infrastructure—dubbed TruffleNet—built around the open-source tool TruffleHog, which is used to systematically test compromised credentials and perform reconnaissance across AWS environments. Beyond credential testing, we also observed adversaries leveraging compromised cloud accounts to facilitate downstream Business Email Compromise (BEC) campaigns.
When AI Agents Go Rogue
When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems unit42.paloaltonetworks.com/agent-ses…
We discovered a new attack technique, which we call agent session smuggling. This technique allows a malicious AI agent to exploit an established cross-agent communication session to send covert instructions to a victim agent.
Here, we discuss the issues that can arise in a communication session using the Agent2Agent (A2A) protocol, which is a popular option for managing the connections between agents. The A2A protocol’s stateful behavior lets agents remember recent interactions and maintain coherent conversations. This attack exploits this property to inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.
Is NordVPN a trustworthy VPN? Independent audits and real-world use
NordVPN is one of the most widely recognized virtual private network (VPN) services. Its no-logs claims have been independently verified five times, most recently by Deloitte Audit Lithuania in late 2024. The service operates on RAM-only servers and uses high-capacity ports across its network. NordVPN is part of Nord Security, valued at roughly US$3 billion as of September 2023. For people looking for a privacy-focused VPN with modern infrastructure, NordVPN warrants serious consideration.
A concise roundup of notable incidents and high-risk exposures (at 08h22 ET on 2025-10-31).
#Cyber #ThreatIntel #Incidents #Malware #DataLeak #Breach #Hack
Is Surfshark a Trustworthy VPN? Independent Audits and Key Features
Surfshark is a VPN provider whose no-logs policy has been independently verified by Deloitte. Its infrastructure uses RAM-only servers and supports 10 Gbps ports, with recently announced deployment of 100 Gbps servers in Amsterdam. The company is part of the Nord Security group, valued at US $3 billion as of September 2023. For users seeking an audited no-logs VPN with modern architecture, Surfshark merits serious consideration.
Top attacks and breaches - 2025-10-29
A concise roundup of notable incidents and high-risk exposures.
Cloud Discovery With AzureHound
This article details AzureHound, a data collection tool used by threat actors for cloud discovery in Azure environments, mapping its usage to MITRE ATT&CK techniques. It explains how AzureHound enumerates identities, permissions, and resources to identify attack paths and provides guidance for defenders on detecting and mitigating its misuse.
Scammers are using a creative phishing campaign targeting LastPass users, posing as the company and sending emails with the subject line “Legacy Request Opened (URGENT IF YOU ARE NOT DECEASED)” to trick victims into clicking a malicious link and revealing their master passwords. The attackers, linked to the CryptoChameleon group, aim to steal credentials and potentially drain cryptocurrency wallets, with LastPass warning users that it never asks for master passwords and advising the use of MFA to combat such threats.
OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks - SecurityWeek
The OpenAI Atlas omnibox is vulnerable to jailbreaks, allowing attackers to disguise prompts as URLs. This vulnerability enables attackers to hijack the agent’s behavior, potentially leading to credential phishing or destructive actions.
AWS Outage Exposes Cloud Dependency, Concentration Risks
A recent AWS outage highlighted the risks of deep cloud dependencies and the challenges of achieving multi-region cloud resilience, as enterprises struggle with complex architectures and the cost of fault tolerance. The incident also raises concerns about cloud sovereignty for European countries, questioning the feasibility of independence from U.S.-based providers without hindering innovation.
Fortinet Accused of Securities Fraud Over Firewall Forecasts
Two class action lawsuits accuse Fortinet of securities fraud for allegedly misleading investors about a firewall refresh cycle, claiming it would significantly boost revenue. The lawsuits allege that Fortinet executives knew the refresh involved older, less impactful products and that CEO Ken Xie and CTO Michael Xie engaged in suspicious insider stock sales before the company’s stock price dropped significantly.
Dissecting YouTube’s Malware Distribution Network - Check Point Research
Check Point Research has uncovered a Ghost Network on YouTube that uses over 3,000 malicious videos to distribute malware, primarily infostealers like Lumma and Rhadamanthys. This network, active since 2021, saw a tripling of malicious videos in 2025, employing compromised accounts, fake engagement, and targeted content like game hacks and software cracks to deceive users into downloading malicious software.
The Data State Inspectorate (DVI) has fined SIA ZZ Dats 300,000 euros for a municipal data breach affecting 42 Latvian municipalities, a decision the company is appealing. This breach, which exposed personal data of employees and residents, occurred due to ZZ Dats failing to fulfill its obligations under the General Data Protection Regulation (GDPR).
The Have I Been Pwned website has added over 180 million email accounts to its database, containing leaked login details. Users can check if their email addresses have been compromised and are advised to change passwords and enable two-factor authentication for safety.
A recent report indicates that over 40% of maritime systems are still running on Windows 10, which has reached its end-of-support, significantly increasing cyber risk. While Windows 11 adoption is higher, the continued reliance on unsupported Windows 10 poses a threat to IT and OT environments due to the cessation of critical security updates.