Orion by Kagi pairs Safari-class performance with verifiable zero telemetry, native tracker blocking, and full Chrome/Firefox extension support—funded by users, not ads. My review covers the benefits, limitations, and who should switch. If you want speed, battery life, and control on macOS/iOS, start here.
Extortion and ransomware drive over half of cyberattacks - Microsoft On the Issues
Microsoft’s 2025 Digital Defense Report reveals that 80% of investigated cyber incidents involved data theft, with over half driven by financial motives such as extortion or ransomware, while only 4% focused on espionage. The report highlights the growing accessibility of cybercrime tools, AI-powered attacks, and the surge in identity-based breaches—97% of which stem from password attacks. Critical infrastructure sectors remain prime targets due to their limited defences, while nation-state actors, particularly from China, Russia, Iran, and North Korea, continue expanding operations for espionage and financial gain. Microsoft stresses that cybersecurity must now be treated as a strategic, shared responsibility across governments and industries, requiring AI-enabled defences, collaboration, and widespread adoption of phishing-resistant multifactor authentication.
Extortion and ransomware drive over half of cyberattacks - Microsoft On the Issues
Microsoft’s 2025 Digital Defense Report reveals that 80% of investigated cyber incidents involved data theft, with over half driven by financial motives such as extortion or ransomware, while only 4% focused on espionage. The report highlights the growing accessibility of cybercrime tools, AI-powered attacks, and the surge in identity-based breaches—97% of which stem from password attacks. Critical infrastructure sectors remain prime targets due to their limited defences, while nation-state actors, particularly from China, Russia, Iran, and North Korea, continue expanding operations for espionage and financial gain. Microsoft stresses that cybersecurity must now be treated as a strategic, shared responsibility across governments and industries, requiring AI-enabled defences, collaboration, and widespread adoption of phishing-resistant multifactor authentication.
Microsoft revokes 200 certs used to sign malicious Teams installers - Help Net Security
Microsoft revoked 200 software-signing certificates used by the ransomware group Vanilla Tempest to sign malicious Microsoft Teams installers. The group used fraudulent signatures from Trusted Signing, SSL.com, DigiCert, and GlobalSign to disguise their malware as legitimate Teams installers.
Prosper data breach puts 17 million people at risk of identity theft | Malwarebytes
A data breach at peer-to-peer lending marketplace Prosper on September 2, 2025, exposed the personal information of 17.6 million people, including Social Security numbers and other sensitive data. While Prosper assures no unauthorized account access, the stolen data poses a risk of identity theft and phishing attacks. The company is offering free credit monitoring and advises affected individuals to take precautions like changing passwords and enabling two-factor authentication.
‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability - SecurityWeek
Microsoft addressed a critical-severity vulnerability (CVE-2025-55315) in the ASP.NET Core framework with a CVSS score of 9.9. The HTTP request smuggling bug in Kestrel, ASP.NET Core’s web server, could allow attackers to bypass security controls, hijack credentials, and cause denial-of-service conditions. Microsoft released updates for Visual Studio and ASP.NET Core to mitigate the vulnerability.
Hackers Steal Sensitive Data From Auction House Sotheby’s - SecurityWeek
Sotheby’s disclosed a data breach involving the theft of sensitive personal information, including names, SSNs, and financial account data. The breach, discovered on July 24, affected a small number of individuals, with two impacted in Maine and ten in Massachusetts.
Email Bombs Exploit Lax Authentication in Zendesk – Krebs on Security
Cybercriminals are exploiting Zendesk’s lack of authentication to flood inboxes with messages from various Zendesk customers. The abuse involves sending ticket creation notifications from customer accounts configured to allow anonymous submissions, enabling the use of any subject line and sender’s email address. Zendesk is investigating additional preventive measures and advising customers to configure authenticated ticket creation workflows.
Machine learning meets malware: how AI-powered ransomware could destroy your business www.theregister.com/2025/10/1…
How to avoid your business being felled by an AI-powered ransomware attack that costs less than a laptop. AI-powered password attacks are already here. The rise of ransomware attacks poses a significant threat to businesses of all sizes. The question isn’t whether your organization will face them, but whether you’ll be prepared. The threat of AI password cracking is growing, and tools like PassGAN are prime examples.
KNP Logistics, a company that survived 158 years of challenges, was destroyed in seconds by an AI system costing less than a laptop. Traditional security approaches are obsolete against adversaries that learn continuously and attack at machine speed.
Microsoft disrupts ransomware attacks targeting Teams users www.bleepingcomputer.com/news/micr…
Microsoft has disrupted a wave of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign malicious Teams installers.
These attacks were part of a late September malvertising campaign that used search engine ads and SEO poisoning to push fake Microsoft Teams installers that backdoored Windows devices with Oyster malware (also known as Broomstick and CleanUpLoader).
The ads and the domains led to websites that impersonated the Microsoft Teams download site. Clicking the prominently displayed download link downloads a file named “MSTeamsSetup.exe,” the same filename used by the official Teams installer.
Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate www.resecurity.com/blog/arti…
The following Resecurity report will explore the Qilin ransomware-as-a-service (RaaS) operation’s reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin is one of the most prolific and formidable threat groups extorting organizations today. Most notably, they recently claimed responsibility for the September ransomware attack that crippled operations and manufacturing functions at Japanese brewing conglomerate, Asahi Group Holdings, for nearly two weeks.
Qilin Ransomware and the Ghost Bulletproof Hosting Conglomerate www.resecurity.com/blog/arti…
The following Resecurity report will explore the Qilin ransomware-as-a-service (RaaS) operation’s reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin is one of the most prolific and formidable threat groups extorting organizations today. Most notably, they recently claimed responsibility for the September ransomware attack that crippled operations and manufacturing functions at Japanese brewing conglomerate, Asahi Group Holdings, for nearly two weeks.
North Korean hackers seen using blockchain to hide crypto-stealing malware therecord.media/north-kor…
North Korean state-linked hackers have begun using public blockchains to deliver malware and steal cryptocurrency, in what researchers say is the first known case of a nation-state adopting the technique.
Google security researchers said on Thursday that they observed a Pyongyang-backed hacking group, tracked as UNC5342, deploying a method known as EtherHiding — a way of embedding malicious code inside smart contracts on decentralized networks such as Ethereum and BNB Smart Chain.
Gladinet fixes actively exploited zero-day in file-sharing software www.bleepingcomputer.com/news/secu…
Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September.
The local file inclusion (LFI) vulnerability enabled attackers to read the Web.config file on fully patched CentreStack deployments, extract the machine key, and then use it to exploit CVE-2025-30406.
When Huntress alerted of the zero-day attacks Gladinet provided mitigations for customers and was in the process of developing a patch.
The security update that addresses CVE-2025-11371 is now available in CentreStack version 16.10.10408.56683 and administrators are strongly recommended to install it.
Researchers report rare intrusion by suspected Chinese hackers into Russian tech firm therecord.media/rare-chin…
Chinese state-linked hackers have reportedly breached a Russian IT service provider in what appears to be an espionage campaign — a rare case of Chinese threat actors targeting a purported ally, researchers said.
According to a new report by cybersecurity firm Symantec, the hackers gained access to the Russian company’s software build and code-repository systems between January and May 2025 — suggesting the breach may have been an attempted software supply-chain attack aimed at the firm’s customers.
Shifts in the Underground: The Impact of Water Kurita’s (Lumma Stealer) Doxxing www.trendmicro.com/en_us/res…
In September 2025, we noted a striking decline in new command and control infrastructure activity associated with Lummastealer (which Trend Micro tracks as Water Kurita), as well as a significant reduction in the number of endpoints targeted by this notorious malware. This sudden drop appears to align with a targeted underground exposure campaign that has put the spotlight on individuals allegedly linked to the Lummastealer operation. Allegedly driven by competitors, this campaign has unveiled personal and operational details of several supposed core members, leading to significant changes in Lummastealer’s infrastructure and communications.
Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits www.trendmicro.com/en_us/res…
Trend™ Research has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices. The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE).
The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
yIKEs (WatchGuard Fireware OS IKEv2 Out-of-Bounds Write CVE-2025-9242) labs.watchtowr.com/yikes-wat…
Today, we’re diving into CVE-2025-9242 - a vulnerability centered around a modern-day (ha ha) primitive inside WatchGuard’s Fireware OS, the operating system powering WatchGuard’s bright-red Firebox network security appliances. Or, put differently, an Out-of-bounds Write vulnerability in the WatchGuard Fireware OS (in WatchGuard’s own words) in 2025.
WatchGuard appliances running Fireware OS aren’t just firewalls; they’re VPN concentrators, policy enforcement engines, intrusion prevention systems, and in many cases, the first and last line of defense for an entire organization. This blog post will walk readers through our analysis and reproduction of CVE-2025-9242 in Fireware OS. For those curious, the official WatchGuard advisory can be found here.
Misconfigured NetcoreCloud Server Exposed 40B Records in 13.4TB of Data
A misconfigured NetcoreCloud server exposed 40 billion records and 13.4TB of data, including sensitive emails and internal details from global clients. The exposed data, which included mail logs and marketing data, was quickly secured after being discovered by cybersecurity researcher Jeremiah Fowler. The incident highlights the importance of safeguarding sensitive systems and conducting regular audits of data handling and storage.
Key to Qilin’s Ransomware Success: Bulletproof Hosting
The ransomware group Qilin has been successful due to its affiliation with bulletproof hosting providers in Russia and Hong Kong, which help it evade law enforcement. Qilin has targeted various victims, including Volkswagen Group France, Spain’s tax agency, and Asahi Breweries, and offers high commissions to affiliates.
Helium Browser is a privacy-centred, open-source Chromium browser that removes Google services, telemetry and ads while delivering fast performance and strong default protections. Designed for users who value security and simplicity, it blocks trackers, enforces HTTPS and offers a clean, telemetry-free browsing experience across Windows, macOS and Linux.
Cisco Routers Hacked for Rootkit Deployment - SecurityWeek
A new campaign, Operation ZeroDisco, is exploiting a zero-day vulnerability (CVE-2025-20352) in older Cisco devices to deploy a rootkit. The rootkit, which sets a universal password, allows attackers to evade detection and gain control over compromised devices. Trend Micro recommends contacting Cisco TAC for assistance if a compromise is suspected.
What do hacktivist campaigns look like in 2025? To answer this question, we analyzed more than 11,000 posts produced by over 120 hacktivist groups circulating across both the surface web and the dark web, with a particular focus on groups targeting MENA countries. The primary goal of our research is to highlight patterns in hacktivist operations, including attack methods, public warnings, and stated intent. The analysis is undertaken exclusively from a cybersecurity perspective and anchored in the principle of neutrality.
Hacktivists are politically motivated threat actors who typically value visibility over sophistication. Their tactics are designed for maximum visibility, reach, and ease of execution, rather than stealth or technical complexity. The term “hacktivist” may refer to either the administrator of a community who initiates the attack or an ordinary subscriber who simply participates in the campaign.
Fortra investigated CVE-2025-10035, a critical deserialization vulnerability in GoAnywhere Managed File Transfer, exploited since September 11, 2025. The vulnerability, allowing command injection without authentication, was patched on September 12, with full releases on September 15. While the vulnerability is limited to exposed admin consoles, unauthorized activity has been reported.
Qilin Ransomware announced new victims
The Qilin ransomware group has announced new victims, including Volkswagen Group France and Texas San Bernard Electric Cooperative, and is demanding $10 million USD for stolen Asahi Group Holdings data. This group relies on bulletproof hosting infrastructures and has targeted organizations across various industries and countries.