Opalsec’s Post

Hello LinkedIn community! The team at Opalsec is back with your daily cyber news rundown for Wednesday, October 1, 2025. The past 24 hours have been particularly eventful, featuring significant data breaches impacting major corporations, the emergence of new nation-state threat actors, and the global expansion of illicit schemes. We're also seeing novel phishing toolkits, critical vulnerabilities under active exploitation across various platforms, and important developments in AI security and regulatory enforcement. Here's a quick look at the top stories: * ✈️ Major corporations WestJet and Asahi faced cyberattacks, leading to customer data exposure and operational disruptions. * 🇨🇳 A new, stealthy Chinese espionage group, "Phantom Taurus," is targeting critical sectors globally using custom malware via exploited vulnerabilities. * 🇰🇵 North Korea's illicit IT worker scheme is expanding globally across diverse industries, using fake identities to fund its military. * 🎣 A new "MatrixPDF" toolkit is weaponising PDFs into interactive phishing and malware lures, bypassing traditional email security measures. * 🛡️ Google Drive for desktop now includes an AI tool to detect ransomware activity, automatically pausing syncing to mitigate damage. * 🤖 Anthropic's Claude Sonnet 4.5 introduces significant AI safety and security enhancements, including better prompt injection defence and cybersecurity task improvements. * 🚨 Thousands of Cisco ASA/FTD devices remain vulnerable to actively exploited RCE and VPN bypass flaws, despite urgent patching advisories. * 🐧 A critical privilege escalation vulnerability in Linux Sudo (CVE-2025-32463) is actively exploited, allowing local attackers to gain root access. * 📁 A critical deserialization vulnerability in Fortra GoAnywhere MFT (CVE-2025-10035) is under active exploitation, prompting urgent patching. * ☁️ Broadcom patched an actively exploited VMware zero-day used by Chinese state-sponsored actors, alongside NSA-reported NSX vulnerabilities. * 🧠 Google has patched "Gemini Trifecta" AI flaws that could lead to privacy risks and data theft through various prompt injection techniques. * 🧒 The FTC is suing the Sendit app for allegedly violating COPPA by illegally collecting children's data and using deceptive practices. * 🇬🇧 Imgur has blocked all UK users following a warning from the ICO regarding potential fines for failing to protect children's data. For all the details and in-depth analysis, listen to the latest episode of the stdout Podcast: https://lnkd.in/djDPnD6R You can also find a detailed summary on our Mastodon post: https://lnkd.in/gUZaCViA #CyberSecurity #CyberNews #ThreatIntelligence #Vulnerabilities #DataBreach #AI #Ransomware #Phishing #NationState #DataPrivacy

"A foundational, identity-aware, microsegmentation program is vital for limiting an attacker’s ability to exploit valid accounts and for reducing the opportunities for lateral movement within compromised networks", emphasizes Agnidipta Sarkar , our Chief Evangelist, on the recent warnings about identity security from the 2026 RSA ID IQ Report. Read more expert insights here: https://bit.ly/4qhwuWU Talk to us to learn how we’re redefining what’s possible in identity-based segmentation and breach readiness. #CybersecurityAwarenessMonth #BeBreachReady #Microsegmentation #Cybersecurity #ai #identitymanagement

While #AI is helping cyber attackers to scale their efforts it also has benefits for cyber defenders, including providing insights where it would be otherwise difficult to spot weakness in your organisation's security defences. In this piece BeyondTrust's Scott Hesford shares some of the ways AI can reinforce and extend an organisation's cyber capabilities. #cybersecurity KBI.Media

Identity security failures are growing, but AI could be the way out. The 2026 RSA Security ID IQ Report reveals that 69% of organizations faced identity-related breaches in the last three years, and most still rely on outdated tools. Experts, including James Maude & Fletcher Davis (BeyondTrust), Agnidipta Sarkar (ColorTokens Inc.), Elad Luz (Oasis Security), John Waters (iCOUNTER), Nicole Carignan (Darktrace), Diana Kelley (Noma Security), and Randolph Barr (Cequence Security), share powerful insights on what’s next for identity and AI in cybersecurity. 🔗 Read more: https://lnkd.in/gjfWgPX3 ✍ Kirsten Doyle #IdentitySecurity #AI #ISBNews

Autonomous AI agents with system privileges are executing code and accessing sensitive data, creating new attack vectors. This shift in the threat landscape demands a focus on identity management, as organizations without comprehensive identity visibility face significant risks. Organizations must prioritize identity security, ensuring robust governance and visibility over AI agent access to mitigate emerging threats and maximize ROI. 💥 #ai #cyberattack #cybersecurity https://lnkd.in/gkcCNF7Q

Explore how AI is transforming the way organizations detect, prevent, and respond to cyber threats with a new blog from eimagine VP of Technical Solutions, Andrew Corrington. Click the link to read! https://lnkd.in/gUrHsP9D

Data is money. Protect it with Zoffec Infotech Cybercrime in 2024 shattered records. According to reports, the average cost of a data breach hit $4.88 million a 10% jump from 2023. And projections warn cybercrime could cost the world $10.5 trillion by 2025, with AI making attacks faster, smarter, and harder to stop. Some of the biggest breaches last year: 🗂️ National Public Data – 2.9B records, 1.3B individuals exposed 🏥 Change Healthcare – 100M Americans’ health data compromised 🎟️ Ticketmaster – 560M customers impacted through Snowflake breach 📱 AT&T – Over 110M customers’ sensitive data stolen How AI gave hackers an edge: 🤖 Deepfake phishing and social engineering 🗣️ Voice cloning from just a 3-minute sample ⚡ Automated vulnerability scanning and exploitation 🦠 Malware that mutates to evade detection The message is clear: traditional defenses aren’t enough anymore. Businesses must move toward AI-driven, multi-layered cybersecurity to stay ahead of evolving threats. Take control of your digital safety today: ✅ Use strong, unique passwords and enable multi-factor authentication ✅ Keep your devices and apps updated to patch vulnerabilities ✅ Be cautious of suspicious emails, links, and messages—AI-powered phishing is real ✅ Backup important data regularly and securely ✅ Consider professional cybersecurity services to protect sensitive information 👉 At Zoffec Infotech, we help organizations protect what matters most with next-gen cybersecurity solutions. 📩 Connect with us today to strengthen your defenses before the next attack hits. 👉 Don’t wait for the next breach. Start building resilience today. 📩 Connect with us: info@zoffec.com www.zoffec.com +91 9819478648 #cybersecurity #databreach #ai #cybercrime #infosec #dataprotection #digitaltrust #zoffec

𝗥𝗲𝗮𝗹-𝘁𝗶𝗺𝗲 𝗱𝗲𝗲𝗽𝗳𝗮𝗸𝗲 𝘀𝗲𝗿𝘃𝗶𝗰𝗲𝘀 𝗮𝗿𝗲 𝗻𝗼𝘄 𝟰𝟬𝟬𝘅 𝗰𝗵𝗲𝗮𝗽𝗲𝗿 𝗼𝗻 𝘁𝗵𝗲 𝗱𝗮𝗿𝗸𝗻𝗲𝘁. I spoke about this growing threat, as highlighted by Kaspersky. The drastic drop in cost makes these tools widely accessible opening doors for fraud, impersonation and large-scale social engineering attacks. This is no longer a future risk it’s a present reality. Organizations need stronger identity verification and awareness training to stay ahead. 🔗 Full story: https://lnkd.in/eNjbtW43 #CyberSecurity #Deepfake #Darknet #DataPrivacy #SocialEngineering #FraudPrevention #CyberThreats #AIsecurity #InfoSec #DigitalTrust Kaspersky

A groundbreaking cybersecurity vulnerability has emerged that transforms Perplexity’s AI-powered Comet browser into an unintentional collaborator for data theft.  Security researchers at LayerX have discovered a sophisticated attack vector dubbed “CometJacking” that enables malicious actors to weaponize a single URL to extract sensitive user data without requiring any traditional credential theft or malicious webpage content. […] The post New CometJacking Attack Let Attackers Turn Perplexity Browser Against You in One Click appeared first on Cyber Security News .