Cybersecurity news: breaches, phishing, ransomware, AI risks, and more

Vaultless Tokenization vs. Encryption: The Next Evolution in Data Security... Why forward-thinking organizations are moving beyond encryption and embracing tokenization. Still using encryption in 2025? That’s cute. Bad actors don’t need your passwords — they just steal your keys. Vaultless tokenization says: “No keys, no problem.” No vault. No lookup. No data left to steal. That’s not security…that’s next-level domination. Read the full post: https://lnkd.in/eA46hmTh #CyberSecurityAwareness #DataProtection #VaultlessTokenization #Encryption #CyberWarrior #GoliathCyber

🚨 The website went dark. Clients panicked. Phones lit up. That’s how most DDoS attacks start: suddenly, violently, and without warning. Within minutes, your digital front door is buried under millions of fake requests from compromised machines across the world. The goal? Overwhelm, disrupt, and damage trust. ⸻ 🎯 Step 1: Contain the chaos The first move isn’t technical, it’s strategic. You isolate the incident. Divert traffic through a content delivery network (CDN) or scrubbing service to separate legitimate users from hostile ones. Preserve forensic artefacts: logs, headers, timestamps, every byte of evidence matters later. ⸻ 🧠 Step 2: Trace the flood A good forensic investigator doesn’t just block IPs, we profile them. 🧨 Where did the traffic originate? 🧨 Which ports, payloads, or botnets were used? 🧨 Was it a smokescreen for a deeper intrusion or data theft? Using flow analysis, threat intelligence, and deep packet inspection, patterns emerge. Behind every wave of data, there’s intent, sometimes criminal, sometimes competitive. ⸻ 🔍 Step 3: Build the evidential chain Every investigation needs to stand up in court or before regulators. That means: 🧾 Preserving metadata and log integrity 🧾 Documenting response timelines 🧾 Correlating events across servers, ISPs, and firewalls 🧾 Linking IPs and signatures to known threat actors or infrastructure This is where forensic precision meets legal defensibility. ⸻ 🔧 Step 4: Fortify and recover Once identified and neutralised, remediation begins. ⚠️ Patch exposed vulnerabilities. ⚠️ Harden perimeter defences. ⚠️ Implement rate limiting, geo-blocking, and traffic anomaly detection. ⚠️ Test resilience with simulated stress attacks. Because the real question isn’t “Did you survive the DDoS?” It’s “Did you learn enough to prevent the next one?” ⸻ 🧩 Step 5: Report, advise, and prosecute (if required) For law firms and general counsel, DDoS attacks raise questions of liability, negligence, and reputational harm. A robust forensic investigation bridges that gap between the technical and the legal, turning raw data into admissible evidence and ultimately, accountability. ⸻ 💬 At UHY Crossleys Forensics Limited, we’ve helped clients trace, contain, and prosecute DDoS attacks across jurisdictions, combining cyber forensics, OSINT, and legal-grade evidence handling. 🛡️ Because in a world where downtime costs millions, speed, accuracy, and resilience win every time. ⸻ #DigitalForensics #CyberResilience #IncidentResponse #DDoSAttack #UHYCrossleysForensics Cyber Security Centre for the Isle of Man (CSC)

AI CyberXM News Update: Cyberxm.com.au 17 October 2025 (Australia/Sydney) Title: 🛑 F5 Major Breach Exposes Enterprise Security Core Summary: F5 disclosed a national security-level breach with confirmed system compromise and critical vulnerabilities[2]. Impact: Digital blueprints for BIG-IP products stolen; widespread patching required across Australian infra. Region: Global (major AU impact) Source link: https://lnkd.in/gT6xpHSF [2] Title: 🔒 Australian Clinical Labs Hit with $5.8M Privacy Fine Summary: ACL fined under amended Privacy Act for failing to protect 223,000+ customer records[3]. Impact: Sets precedent for proactive compliance as regulator issues first civil penalty under new law. Region: Australia Source link: https://lnkd.in/gbZm_NQV [3] Title: 🌏 ASD Publishes Annual Cyber Threat Report Summary: ASD released its 2024–2025 Annual Cyber Threat Report covering trends and incident data[7]. Impact: Documents persistent threats to Aussie individuals, business, and government. Region: Australia Source link: https://lnkd.in/gcvQY7sw [7] Title: 🔑 97% of Attacks Now Identity-Based, Says Microsoft Summary: Microsoft reports over 97% of identity attacks are password-based, with infostealer malware surging[9]. Impact: Bulk credential attacks dominate; phishing-resistant MFA remains essential defence. Region: Global Source link: https://lnkd.in/gKzmX8Hw [9] Title: 🚨 Mango Warns Customers After Third-Party Breach Summary: Mango alerts customers to exposed personal details via a third-party breach[6]. Impact: Personal data at risk, but financial info reported secure. Region: Australia Source link: https://lnkd.in/gVaAzrkN [6] Title: 🏦 AI/ML in Detection: SOC Automation Surges Summary: No new local breach, but AU threat reports confirm rising SOC automation adoption. Impact: AI-driven detection scales response but faces supply chain and model risks. Region: Australia Source link: https://lnkd.in/gcvQY7sw [7] Title: 🌏 AU Sends Cyber Relief to Vietnam Post-Typhoon Summary: Australia commits $3M in aid, including tech for disaster response in Vietnam after typhoons[1]. Impact: Highlights role of tech in humanitarian crisis, with cyber resilience implications. Region: Australia, Vietnam Source link: https://lnkd.in/gWkEaMRA [1] *(No AI-specific Australian breaches or novel AI attac

Dark Web chatter is heating up! In just a few days, threat actors have listed: > 1.5M Stansberry Research records for sale > An Oracle E-Business 0-day exploit > Salesforce data leaks tied to LAPSUS$-style groups > And even SSH access to a Brazilian telecom. These incidents highlight how data brokers, exploit sellers, and leak groups are increasingly intersecting, blurring the lines between cybercrime operations. For #CISOs and #SOC teams, visibility into these underground exchanges isn’t optional anymore, it’s your early-warning system. Read SOCRadar® Extended Threat Intelligence’s full breakdown: https://lnkd.in/dQmmEbBv #CyberThreatIntel #DarkWeb #CISO #SOC #Cybersecurity #weeklyupdates

🚨 Threat group Crimson Collective has claimed access to 28,000+ private Red Hat repos, exfiltrating 570 GB of #data including sensitive Customer Engagement Reports (CERs). 🔍 What’s allegedly exposed: 🔹 Infrastructure configs, #OpenShift blueprints 🔹 #VPN & CI/CD pipeline details 🔹 Secrets, auth tokens, and database URIs 🔹 Impacted 800+ clients, including #IBM, #NSA, #Citi, govt agencies 💬 Red Hat confirmed a security incident but says core services remain unaffected. 🛡️ Monitor brand mentions, data leaks & threat actor chatter with SOCRadar’s #DarkWebMonitoring. Identify exposed assets early via #AttackSurfaceManagement. 🔗 Read more: https://lnkd.in/dHb7wbzr #CyberSecurity #RedHat #DataLeak #DarkWeb #ThreatIntel #CrimsonCollective

The latest Microsoft Digital Defense Report (MDDR) 2025 is out! This year’s report delivers powerful insights into the global cybersecurity landscape—from nation-state threats and cybercrime trends to identity-based attacks and the evolving role of AI in adversarial tactics. From a defender’s lens, a few things are hard to ignore: High level: • Identity‑first intrusions remain the most reliable path to impact. • Cloud abuse at scale (trial/student subs, disposable infra) is raising the bar for attribution and takedown. • Nation‑state tradecraft is steady, patient, and data‑hungry—long dwell and operational access over smash‑and‑grab. • AI is a force multiplier on both sides: better social engineering for attackers; faster triage/detection for defenders. IR notes: Shift-left on identity triage. Treat every suspicious sign‑in as potential token/session theft, not just password spray. Make phishing‑resistant MFA (FIDO2/Passkeys) the default for admins; revoke refresh tokens on containment, and use step‑up auth for sensitive apps. Contain in the control plane first. Rapidly block legacy auth, flip Conditional Access to fail‑secure for targeted users/groups, and quarantine risky workload identities. Device isolation matters, but identity/session kill‑switches often buy you minutes you can’t get back later. Hunt disposable cloud C2. Build detections for short‑lived Azure resources and anomalous outbound to new cloud IP ranges; instrument for unusual egress from service principals and ephemeral compute. Assume long dwell in BEC/espionage cases. Pull on quiet artefacts: hidden inbox rules, OAuth consents, mailbox audit anomalies, long‑tail exfil to “trusted” SaaS, and slow‑burn access to OT/IoT/operational data stores. Lean on AI for triage, not judgement. Use it to cluster lookalike phishing kits, correlate weak signals, and compress log review—but keep human adjudication for containment decisions. Exercise the playbooks you’ll actually use. Run tabletops around identity reset at scale, cloud artefact capture (Entra/Defender/Sentinel), and out‑of‑band comms. Time to revoke, re‑issue, and restore is your true MTTR. Log for the investigation you want. Ensure high‑fidelity sign‑in/audit coverage (workload + human identities), mailbox auditing, and XDR telemetry are retained and searchable—before you need them. Full report: https://lnkd.in/esQ9XWK2 #MDDR2025 #IncidentResponse #DFIR #ThreatIntel #BlueTeam #CyberResilience

These types of attacks are only going to become more common as GenAI tools used to enable deepfakes become better, cheaper and more widespread. Really important that organisations education their people on what's possible and mitigate the risks with controls such as Multi Factor Authentication, as Karl says.

🔐 𝐁𝐥𝐮𝐞𝐩𝐫𝐢𝐧𝐭𝐬 𝐟𝐨𝐫 𝐁𝐫𝐞𝐚𝐜𝐡: 𝐈𝐧𝐬𝐢𝐝𝐞 𝐭𝐡𝐞 𝐅5 𝐒𝐨𝐮𝐫𝐜𝐞 𝐂𝐨𝐝𝐞 𝐇𝐞𝐢𝐬𝐭 𝐚𝐧𝐝 𝐭𝐡𝐞 𝐂𝐲𝐛𝐞𝐫 𝐀𝐫𝐦𝐬 𝐑𝐚𝐜𝐞 𝐈𝐭 𝐈𝐠𝐧𝐢𝐭𝐞𝐝 🕵️♂️ A sophisticated nation-state adversary quietly infiltrated 𝑭5, one of the world’s most trusted providers of cybersecurity and application delivery technologies, and maintained access for nearly a year. The attackers exfiltrated critical assets including 𝘉𝘐𝘎-𝘐𝘗 𝘴𝘰𝘶𝘳𝘤𝘦 𝘤𝘰𝘥𝘦, 𝘶𝘯𝘥𝘪𝘴𝘤𝘭𝘰𝘴𝘦𝘥 𝘷𝘶𝘭𝘯𝘦𝘳𝘢𝘣𝘪𝘭𝘪𝘵𝘪𝘦𝘴, and 𝘴𝘦𝘯𝘴𝘪𝘵𝘪𝘷𝘦 𝘤𝘶𝘴𝘵𝘰𝘮𝘦𝘳 𝘤𝘰𝘯𝘧𝘪𝘨𝘶𝘳𝘢𝘵𝘪𝘰𝘯 𝘥𝘢𝘵𝘢. This wasn’t just unauthorized access; it was a calculated move to gain long-term technical superiority. While defenders focused on patching visible issues, the adversary was already blueprinting the next generation of attacks. ⚠️ The stolen assets provided deep insights into F5’s architecture, enabling adversaries to develop highly targeted exploits, bypass traditional controls, and pivot across interconnected systems. Although no exploitation has been confirmed to date, the strategic risk is significant. The response was swift: the 𝘜.𝘚. 𝘊𝘺𝘣𝘦𝘳𝘴𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘢𝘯𝘥 𝘐𝘯𝘧𝘳𝘢𝘴𝘵𝘳𝘶𝘤𝘵𝘶𝘳𝘦 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘈𝘨𝘦𝘯𝘤𝘺 (𝘊𝘐𝘚𝘈) issued 𝘌𝘮𝘦𝘳𝘨𝘦𝘯𝘤𝘺 𝘋𝘪𝘳𝘦𝘤𝘵𝘪𝘷𝘦 26-01, mandating rapid patching, inventory checks, and interface hardening across federal systems. The 𝘜𝘒’𝘴 𝘕𝘢𝘵𝘪𝘰𝘯𝘢𝘭 𝘊𝘺𝘣𝘦𝘳 𝘚𝘦𝘤𝘶𝘳𝘪𝘵𝘺 𝘊𝘦𝘯𝘵𝘳𝘦 (𝘕𝘊𝘚𝘊) followed with aligned guidance. This breach reinforces the hard truth that even the most trusted platforms can become silent liabilities when threat actors operate with patience and precision. 🧩 The implications reach far beyond one company. 𝐒𝐨𝐮𝐫𝐜𝐞 𝐜𝐨𝐝𝐞 𝐭𝐡𝐞𝐟𝐭 𝐠𝐢𝐯𝐞𝐬 𝐚𝐭𝐭𝐚𝐜𝐤𝐞𝐫𝐬 𝐚 𝐝𝐞𝐜𝐢𝐬𝐢𝐯𝐞 𝐚𝐝𝐯𝐚𝐧𝐭𝐚𝐠𝐞, 𝐚𝐥𝐥𝐨𝐰𝐢𝐧𝐠 𝐬𝐭𝐚𝐭𝐢𝐜 𝐚𝐧𝐝 𝐝𝐲𝐧𝐚𝐦𝐢𝐜 𝐚𝐧𝐚𝐥𝐲𝐬𝐢𝐬, 𝐝𝐢𝐬𝐜𝐨𝐯𝐞𝐫𝐲 𝐨𝐟 𝐥𝐨𝐠𝐢𝐜 𝐟𝐥𝐚𝐰𝐬, 𝐚𝐧𝐝 𝐝𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭 𝐨𝐟 𝐬𝐭𝐞𝐚𝐥𝐭𝐡𝐲 𝐞𝐱𝐩𝐥𝐨𝐢𝐭𝐬. Security teams must now treat vendors as extensions of the attack surface. This requires strict isolation of management interfaces, rigorous enforcement of least privilege, adoption of zero trust models, and deeper integration of detection and telemetry into infrastructure. Supply chain assurance must evolve from periodic assessments into continuous, adaptive monitoring. In an era where backdoors like BRICKSTORM can remain undetected for hundreds of days, reactive defense is no longer sufficient. Architectural resilience and proactive visibility must become the new standard. 💬 What strategies are you employing to detect and defend against long-dwell adversaries within your digital supply chain? How are you validating the integrity of the platforms and vendors that support your mission-critical services? [𝘴𝘰𝘶𝘳𝘤𝘦 𝘪𝘯 𝘵𝘩𝘦 𝘤𝘰𝘮𝘮𝘦𝘯𝘵] #supplychainsecurity #zerotrustarchitecture #threatintelligence #cybersecurity #cyberriskmanagement

Hello cyber practitioners! The team at Opalsec is here with your daily cyber news rundown for **Saturday, October 4, 2025**. The past 24 hours have seen a significant focus on widespread data breaches, sophisticated extortion attempts, evolving malware threats, and critical discussions around privacy and national security. Here's a snapshot of the key incidents and developments: * ⚠️ Scattered Lapsus$ Hunters extort 39 companies after Salesforce breaches, with a larger leak from Salesloft Drift expected. * 🛡️ Red Hat confirmed 'Crimson Collective' accessed and copied data from its consulting GitLab, impacting 28,000 repositories. * 🚨 Japanese giant Asahi Group Holdings confirmed a ransomware attack causing IT disruptions and potential data theft. * 🚗 Renault and Dacia UK customers were notified of a third-party data breach, exposing personal details but no financial info. * 💸 Oracle E-Business Suite customers receive Clop-linked extortion emails, exploiting vulnerabilities or configuration abuse. * 🏛️ U.S. Federal Judiciary faces criticism for slow MFA implementation on PACER after a major breach and transparency issues. * 🐺 'Cavalry Werewolf' targets Russian state agencies and critical infrastructure via phishing, deploying custom FoalShell and StallionRAT malware. * 📈 Rhadamanthys info stealer evolved to v0.9.2, adding device fingerprinting, steganography, and advanced evasion techniques. * 📧 'CometJacking' exploits Perplexity's Comet AI browser via prompt injection to exfiltrate sensitive data without credentials. * 🇮🇱 Citizen Lab uncovered 'PRISONBREAK,' an Israeli-backed AI disinformation campaign using deepfakes to foment revolt in Iran. * 🔒 Flock Safety's new 'Raven' gunshot detection product raises privacy concerns amidst ongoing controversies over ALPR data misuse. * 🇬🇧 UK government clarified non-compulsory digital ID plans to streamline services, despite public petitions and privacy warnings. * ✉️ Gmail enterprise users now have end-to-end encryption for sending emails to anyone, enhancing data security and compliance. * 📶 Signal introduced Sparse Post-Quantum Ratchet (SPQR) for hybrid post-quantum cryptographic defence against future quantum threats. For more in-depth analysis and discussion, listen to the latest episode of the stdout Podcast: https://lnkd.in/g-78X79D Read the detailed summary on Mastodon: https://lnkd.in/gfGUe-4e #CyberSecurity #ThreatIntelligence #Ransomware #DataBreach #Malware #SupplyChainAttack #Privacy #Disinformation #AI #InfoSec

As data breaches surge and ransomware evolves, cybersecurity moves to the forefront. Experts stress zero‑trust models, stricter compliance, and AI‑driven defenses to safeguard digital assets across sectors. The post Cybersecurity in Focus: Safeguarding Digital Data appeared first on Codaily.