IT Security Weekend Catch Up – October 24, 2025

Comments
close searching

24.10.2025 | 15:31

IT Security Weekend Catch Up – October 24, 2025
avatar

badcyber

comments

IT Security Weekend Catch Up – October 24, 2025

Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Google pulls the plug on Privacy Sandbox, leaving cookies in place
  2. Evilginx’s creator reckons with the dark side of red-team tools
  3. Cybercrime-as-a-service takedown: 7 arrested
  4. Half of 2025 ransomware attacks hit critical sectors as manufacturing, healthcare, and energy top global targets
  5. JFL lost up to $800,000 weekly after cyberattack, CEO says no patient or staff data was compromised
  6. NSO permanently barred from targeting WhatsApp users with Pegasus spyware

For the more technical

  1. Pwn2Own Ireland 2025: Day One Results, Day Two Results, Day Three and Master of Pwn
  2. apis.google.com - Insecure redirect via __lu parameter (exploited in the wild)
  3. TARmageddon (CVE-2025-62518): RCE vulnerability highlights the challenges of open source abandonware
  4. Key IOCs for Pegasus and Predator spyware cleaned with iOS 26 update
  5. The security paradox of local LLMs
  6. Malicious activity surrounding Perplexity’s Comet browser launch
  7. Attack technique: Abuse of the UWP lifecycle and Windows job objects
  8. Beyond credentials: weaponizing OAuth applications for persistent cloud access
  9. Tykit analysis: New phishing kit stealing hundreds of Microsoft accounts in finance
  10. Fast, broad, and elusive: How Vidar Stealer 2.0 upgrades infostealer capabilities
  11. GlassWorm: First self-propagating worm using invisible code hits OpenVSX marketplace
  12. Dissecting YouTube’s malware distribution network
  13. Operation MotorBeacon : Threat actor targets Russian automotive sector using .NET implant
  14. To be (a robot) or not to be: New malware attributed to Russia state-sponsored COLDRIVER
  15. Dark Covenant 3.0: Controlled impunity and Russia’s cybercriminals
  16. PhantomCaptcha: Multi-stage WebSocket RAT targets Ukraine in single-day spearphishing operation
  17. New group on the block: UNC5142 leverages EtherHiding to distribute malware
  18. TOLLBOOTH: What's yours, IIS mine
  19. Gotta fly: Lazarus targets the UAV sector
  20. Help wanted: Vietnamese actors using fake job posting campaigns to deliver malware and steal credentials

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.


Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy! For the less technical Google pulls the plug on Privacy Sandbox, leaving cookies in place Evilginx’s creator reckon 2025-10-24T15:31:59+02:00

Comments