A new cryptocurrency scam uses fake 0-day exploit emails to trick users into running malicious JavaScript code, leading them to believe they can achieve massive profits. The attackers manipulate the user’s browser to display inflated payouts and hijack transactions, directing funds to their own crypto wallets.
Federally Qualified Health Center Reports Ransomware Breach
The Central Jersey Medical Center, a federally qualified health center, has reported a ransomware attack that occurred on August 25th, potentially compromising sensitive patient information including names, dates of birth, social security numbers, and health records. The center is working with cybersecurity experts to investigate and enhance its security measures, though it has not disclosed if data was exfiltrated or the number of individuals affected.
Comprehensive analysis of leading AI models in 2025: strengths, weaknesses and standout capabilities
The artificial-intelligence landscape in 2025 has evolved into a highly competitive arena where numerous models offer distinct advantages for specific use cases. This article examines publicly available AI models shaping the industry, summarizing where each excels and where limitations remain.
Amazon and Perplexity have kicked off the great AI web browser fight | The Verge
Amazon has requested that Perplexity stop its AI browser, Comet, from purchasing products on its site, accusing the AI startup of providing a degraded shopping experience. Perplexity, in turn, has accused Amazon of bullying and stated that the e-commerce giant is more interested in serving ads and sponsored results than facilitating easier shopping, despite Amazon’s CEO expecting future partnerships with AI shopping agents.
Lithium Batteries at 35,000 Feet: What Really Changed in the Past Year
Airlines have lived with lithium batteries for years. They power every phone, laptop and tablet on board. But when they fail, they overheat and burn in ways that are difficult to control in a confined cabin. Recent data and a string of high-profile incidents show this is no longer a theoretical risk.
The portable devices travellers carry onto planes every day have become an unexpected safety hazard in commercial aviation. Lithium-ion battery incidents have reached record levels, prompting airlines worldwide to implement unprecedented restrictions and forcing travellers to reconsider how they pack and use their electronic devices.
Internet Speed Tests: Four Tools That Matter and When to Use Them
Understanding how your Internet service performs day to day can help explain streaming hiccups, choppy video calls or sluggish cloud activity. Speedtest by Ookla, FAST.com, Cloudflare Speed Test and OpenSpeedTest each measure different aspects of real-world performance and use different test paths. Running more than one can offer a clearer, more complete picture of your connection.
According to Geoffrey Hinton, tech giants cannot profit from their AI investments without replacing human labor. He believes that the massive capital expenditures by companies like Microsoft, Meta, and Alphabet are predicated on the idea of widespread job displacement by AI, though he acknowledges AI’s potential for good in fields like healthcare and education.
Police across Canada warn parents after morphine, staples, needles found in candy | Globalnews.ca
Police across Canada are warning parents to carefully inspect Halloween candy after reports of morphine, needles, and staples found in treats in Ontario, B.C., and Saskatchewan. Authorities advise checking wrappers for tampering and reporting any suspicious items to the police.
China-linked hackers exploited Lanscope flaw
China-linked hackers exploited Lanscope flaw as a zero-day in attacks www.bleepingcomputer.com/news/secu…
China-linked cyber-espionage actors tracked as ‘Bronze Butler’ (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware.
The discovery of this activity comes from Sophos researchers, who observed the threat actors exploiting the vulnerability in mid-2025 before it was patched to steal confidential information.
The flaw exploited in these attacks is CVE-2025-61932, a critical request origin verification flaw impacting Motex Lanscope Endpoint Manager versions 9.4.7.2 and earlier. It enables unauthenticated attackers to execute arbitrary code on the target with SYSTEM privileges via specially crafted packets.
CISA warns ransomware gangs exploit CVE-2024-1086
CISA warns ransomware gangs exploit CVE-2024-1086, a Linux kernel flaw in netfilter: nf_tables, introduced in 2014 and patched in Jan 2024. securityaffairs.com/184076/se…
CISA warned that ransomware gangs are exploiting CVE-2024-1086, a high-severity Linux kernel flaw introduced in 2014 and patched in January 2024.
CISA didn’t provide details about the ransomware attacks exploiting the flaw or name the groups responsible for targeting it.
The vulnerability CVE-2024-1086 is a Linux kernel use-after-free issue that resides in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation.
Australia warns of BadCandy infections
Australia warns of BadCandy infections on unpatched Cisco devices www.bleepingcomputer.com/news/secu…
The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell.
The vulnerability exploited in these attacks is CVE-2023-20198, a max-severity flaw that allows remote unauthenticated threat actors to create a local admin user via the web user interface and take over the devices.
Cisco fixed the flaw in October 2023, which was then marked as an actively exploited issue. A public exploit became available two weeks later, fueling mass exploitation for backdoor planting on internet-exposed devices.
The Australian authorities have warned that variants of the same Lua-based BadCandy web shells are still used in attacks throughout 2024 and 2025, indicating that many Cisco devices remain unpatched.
Cloud Abuse at Scale
Cloud Abuse at Scale www.fortinet.com/blog/thre…
Identity compromise remains one of the most pressing threats to cloud infrastructure today. When attackers gain access to valid credentials, they can often bypass the traditional security controls designed to protect those environments. In AWS, this type of compromise frequently manifests through abuse of the Simple Email Service (SES), one of the most common tactics observed in real-world intrusions. SES offers adversaries a convenient and scalable way to conduct illicit email operations once they’ve obtained valid AWS access keys.
In recent activity, we identified a campaign in which adversaries used stolen credentials to target SES. As part of this campaign, we uncovered a large-scale attack infrastructure—dubbed TruffleNet—built around the open-source tool TruffleHog, which is used to systematically test compromised credentials and perform reconnaissance across AWS environments. Beyond credential testing, we also observed adversaries leveraging compromised cloud accounts to facilitate downstream Business Email Compromise (BEC) campaigns.
When AI Agents Go Rogue
When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems unit42.paloaltonetworks.com/agent-ses…
We discovered a new attack technique, which we call agent session smuggling. This technique allows a malicious AI agent to exploit an established cross-agent communication session to send covert instructions to a victim agent.
Here, we discuss the issues that can arise in a communication session using the Agent2Agent (A2A) protocol, which is a popular option for managing the connections between agents. The A2A protocol’s stateful behavior lets agents remember recent interactions and maintain coherent conversations. This attack exploits this property to inject malicious instructions into a conversation, hiding them among otherwise benign client requests and server responses.
Is NordVPN a trustworthy VPN? Independent audits and real-world use
NordVPN is one of the most widely recognized virtual private network (VPN) services. Its no-logs claims have been independently verified five times, most recently by Deloitte Audit Lithuania in late 2024. The service operates on RAM-only servers and uses high-capacity ports across its network. NordVPN is part of Nord Security, valued at roughly US$3 billion as of September 2023. For people looking for a privacy-focused VPN with modern infrastructure, NordVPN warrants serious consideration.
A concise roundup of notable incidents and high-risk exposures (at 08h22 ET on 2025-10-31).
#Cyber #ThreatIntel #Incidents #Malware #DataLeak #Breach #Hack
Is Surfshark a Trustworthy VPN? Independent Audits and Key Features
Surfshark is a VPN provider whose no-logs policy has been independently verified by Deloitte. Its infrastructure uses RAM-only servers and supports 10 Gbps ports, with recently announced deployment of 100 Gbps servers in Amsterdam. The company is part of the Nord Security group, valued at US $3 billion as of September 2023. For users seeking an audited no-logs VPN with modern architecture, Surfshark merits serious consideration.
Top attacks and breaches - 2025-10-29
A concise roundup of notable incidents and high-risk exposures.
Cloud Discovery With AzureHound
This article details AzureHound, a data collection tool used by threat actors for cloud discovery in Azure environments, mapping its usage to MITRE ATT&CK techniques. It explains how AzureHound enumerates identities, permissions, and resources to identify attack paths and provides guidance for defenders on detecting and mitigating its misuse.
Scammers are using a creative phishing campaign targeting LastPass users, posing as the company and sending emails with the subject line “Legacy Request Opened (URGENT IF YOU ARE NOT DECEASED)” to trick victims into clicking a malicious link and revealing their master passwords. The attackers, linked to the CryptoChameleon group, aim to steal credentials and potentially drain cryptocurrency wallets, with LastPass warning users that it never asks for master passwords and advising the use of MFA to combat such threats.
OpenAI Atlas Omnibox Is Vulnerable to Jailbreaks - SecurityWeek
The OpenAI Atlas omnibox is vulnerable to jailbreaks, allowing attackers to disguise prompts as URLs. This vulnerability enables attackers to hijack the agent’s behavior, potentially leading to credential phishing or destructive actions.