October 25, 2025

Hello all,

A popular axiom in computing circles is, “It’s always DNS.” On Monday it became painfully real for much of the internet as Amazon Web Services (AWS) US-East-1 zone fell victim to a Domain Name Service (DNS) issue and took much of the internet down with it. Admins and consumers woke to internet chaos due to the sheer mass of sites that are hosted or route through the affected AWS infrastructure. It took until quite late in the day before any semblance of normalcy resumed, costing organizations billions in lost revenue and mitigation actions. Thankfully, service was mostly normal again the next day. Now, on to the headline news.

Headline NEWS:

• Amazon’s DNS problem was discussed a moment ago. We’ve got several links in our Other News Events of Note and Interest that go into more detail about this massive AWS event from early in the week.
• Chrome V8 JavaScript Engine Vulnerability found again, necessitating another Google Chrome browser update. At this point, it looks like Chrome updates to fix defects will continue to be regular occurrences, happening several times per month. I’d advise restarting your chromium based browsers at least once per week to ensure yours is up to date.
• CISA added a large number of items to their KEV this week, including a Microsoft SMB defect that enables privilege escalation and that is under active attack. The latest October Patch Tuesday updates mitigate this flaw.
• Oracle October 2025 Patch Updates addresses 170 CVE’s. Some of these are critical and under active attack. E-Business Suite has another component that has a hole large enough for a truck to drive through, enabling full takeover. And Oracle Virtual Box has similar defects that need to be patched. Hopefully, you have a paid Oracle subscription if you’re using these products, because most are behind a paywall.
• Windows Software Update Server (WSUS) from Microsoft has a critical defect that allows remote code execution. It was patched via the October patch cycle, but proved ineffective necessitating an emergency patch that is now available. Aside from applying the patch, the only mitigation is to turn WSUS off.

In Ransomware, Malware, and Vulnerabilities News:

• China claims NSA hacked its national timing systems using 42 “special cyber weapons” The pot is calling the kettle black. I find it almost funny that the Middle Kingdom is acting with righteous indignation that the United States is spying on them. In another interesting twist, I can’t help but wonder if the “42 special cyber weapons” aren’t alluding to the question that Deep Thought was pondering in Hitchhiker’s guide to the Galaxy?

In Other News Events of Note and Interest:

• Over 50 Percent of the Internet is Now AI Slop is an article that caught my attention, not because of the percentage number, but because of the use of the word “slop”. I’m seeing this bandied about like some sort of new “in-thing” to say to appear hip. And I see pundits labeling something AI “slop” simply because an AI was used to contribute to the item being reviewed. That’s ignorant and myopic. If the content is valid and informative, then whether an AI contributed to it is immaterial. Rate content on its own merit, not on the authorship.

Musings:

Festivities and commemorations for Halloween, Harvest Festivals, All Hallows’ Eve, All Saint’s Day, and Reformation Day will be held at the end of this week. Expect there to be lots of treats, clowns, ghouls, goblins, pranks, prayers, and introspective reflection. And on the cybersecurity front, which feels like the aforementioned calendar items pretty much every day, you can also expect lots of treats, clowns, ghouls, goblins, pranks, prayers, and introspective reflection as well.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Amazon’s DNS problem knocked out half the web, likely costing billions
• Chrome V8 JavaScript Engine Vulnerability Let Attackers Execute Remote Code
• CISA: High-severity Windows SMB flaw now exploited in attacks
• Feds flag active exploitation of patched Windows SMB vuln
• Oracle October 2025 Critical Patch Update Addresses 170 CVEs
• Critical Vulnerability In Oracle E-Business Suite’s Marketing Product Allows Full Access To Attackers
• Multiple Oracle VM VirtualBox Vulnerabilities Enables Complete Takeover Of VirtualBox
• Windows Server emergency patches fix WSUS bug with PoC exploit 

Ransomware, Malware, and Vulnerabilities News

• Good News, Government News, and Interesting
• US Crypto Bust Offers Hope Against Cybercrime Groups
• Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide
• Massive SIM farm network powering 49 million fake accounts taken apart by Europol
• Russia Pivots, Cracks Down on Resident Hackers
• Google and Check Point nuke massive YouTube malware network
• SpaceX disables thousands of Starlink devices being used by Myanmar scam centers
• Meta, Microsoft join 60 nations in Global Cybercrime Pact
• Five New Exploited Bugs Land in CISA’s Catalog — Oracle and Microsoft Among Targets
• CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks
• Critical Lanscope Endpoint Manager Bug Exploited in Ongoing Cyberattacks
• Cyberattacks Cripple Small Businesses, Even When They Aren’t Hacked
• Vulnerabilities and Exploits
• Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities
• Critical Vulnerability in MCP Server Platform Exposes 3,000 Servers and Thousands of API Keys
• Hackers Can Access Microsoft Teams Chat and Emails by Retrieving Access Tokens
• Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data
• Microsoft fixes one of its “highest ever” rated security flaws
• TP-Link warns of critical command injection flaw in Omada gateways
• ZYXEL Authorization Bypass Vulnerability Let Attackers View and Download System Configuration
• SonicWall SMA 100 End of Support & Security Guidance
• Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks
• Hackers exploiting critical “SessionReaper” flaw in Adobe Magento
• TikTok videos continue to push infostealers in ClickFix attacks
• Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
• Salt Typhoon Using Zero-Day Exploits and DLL Sideloading Techniques to Attack Organizations
• Foreign hackers breached a US nuclear weapons plant via SharePoint flaws
• Sharepoint ToolShell attacks targeted orgs across four continents
• Chinese APT Group IT Service Provider Leveraging Microsoft Console Debugger to Exfiltrate Data
• Inside the attack chain: Threat activity targeting Azure Blob Storage
• Hackers Abuse ASP.NET Machine Keys To Compromise IIS Servers And Deploy Malicious Modules
• Email Bombs Exploit Lax Authentication in Zendesk
• Over 75,000 WatchGuard security devices vulnerable to critical RCE
• ‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability
• Revisiting Browser Cache Smuggling
• Jira Software Vulnerability Let Attacker Modify Any Filesystem Path Writable By JVM process
• TARmageddon Flaw in Async-Tar Rust Library Could Enable Remote Code Execution
• Hackers Attacking Remote Desktop Protocol Services With 30,000+ New IP Addresses Daily
• Hackers exploit 34 zero-days on first day of Pwn2Own Ireland
• Pwn2Own Day 2: Hackers exploit 56 zero-days for $790,000
• Hackers earn $1,024,750 for 73 zero-days at Pwn2Own Ireland
• Phishing, Malware, and similar
• Your phishing detection skills are no match for 2025’s biggest security threats
• Chinese gangs made over $1 billion targeting Americans with scam texts
• Google says hackers are turning public blockchains into unkillable malware safehouses
• Hackers Exploit OAuth Apps to Keep Cloud Access Even After Password Resets
• How a fake AI recruiter delivers five staged malware disguised as a dream job
• New DefenderWrite Tool Let Attackers Inject Malicious DLLs into AV Executable Folders
• DefenderWrite: Abusing Whitelisted Programs for Arbitrary Writes
• Xubuntu website downloads section gets malware
• Self-Spreading ‘GlassWorm’ Infects VS Code Extensions in Widespread Supply Chain Attack
• Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
• PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
• 131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
• Fast, Broad, and Elusive: How Vidar Stealer 2.0 Upgrades Infostealer Capabilities
• PoC Released for Linux-PAM Flaw Enabling Local Root Privilege Escalation
• Hackers Exploit Microsoft 365 Direct Send to Evade Filters and Steal Data
• Tykit SVG phishing kit tied to attacks targeting M365 credentials
• ‘Jingle Thief’ Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards
• Cavalry Werewolf APT Hackers Attacking Multiple Industries With FoalShell and StallionRAT
• SocGholish Malware Using Compromised Sites to Deliver Ransomware
• Help Wanted: Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials
• Breaches, Leaks, and Ransomware
• F5 hack highlights persistent supply chain security concerns
• Iranian hackers targeted over 100 govt orgs with Phoenix backdoor
• Ransomware Payouts Surge to $3.6m Amid Evolving Tactics
• 183 million email accounts just got compromised. Check if you’re affected
• Hackers compile personal data on 22,000 US officials using stolen Salesforce records
• American Airlines Subsidiary Envoy Air Hit by Oracle Hack
• China accuses US of cyberattack on national time center
• China claims NSA hacked its national timing systems using 42 “special cyber weapons”
• Collins Aerospace claimed by Everest ransomware
• Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases
• Medusa Ransomware Leaks 834 GB of Comcast Data After $1.2M Demand
• Toys “R” Us Canada warns customers’ info leaked in data breach
• Ransomware attacks: How ransomware gangs plan to use AI
• AI girlfriend apps leak millions of private chats in massive data breach
• Inside the breach that broke the internet: The untold story of Log4Shell
• Volkswagen Allegedly Hit by Ransomware Attack as 8Base Claims Sensitive Data Theft
• Exclusive: Aussie Fluid Power confirms security incident following ransomware claims
• Retail giant Muji halts online sales after ransomware attack on supplier
• Muji’s minimalist vibe wrecked amid supply chain attack
• Jaguar Land Rover looking at $2.5 billion price tag from crippling cyberattack 

Other News Events of Note and Interest

• Cool Tool: PeaZip 10.7 Open-Source Archive Manager Introduces an Image Viewer
• Cool Tools: 4 Free Tools I Keep on My USB Drive to Fix Any Windows PC
• Crayola and Sandisk partnered for some cute crayon flash drives
• “A first step in Europe” – Proton slams Switzerland’s new surveillance bill at the United Nations Forum
• Alaska Airlines grounds flights nationwide due to IT outage
• I stopped typing passwords thanks to this tiny gadget
• Mushrooms show promise as memory chips for future computers
• ‘No spacecraft would survive’: Europe simulates catastrophic solar storm to warn of real risks
• Meta is removing its Messenger apps for Windows and macOS
• Amazon cloud outage hits Zoom, YouTube and others in sign of internet’s fragility
• AWS admits more services broke as it recovered from outage
• AWS outage was not due to a cyberattack — but shows potential for ‘far worse’ damage
• AWS services recover after daylong outage hits major sites
• How the AWS outage happened: Amazon blames rare software bug and ‘faulty automation’ for massive glitch
• Amazon’s server outage left smart beds stuck in sweltering heat
• Amazon unveils AI-powered augmented reality glasses for delivery drivers
• Amazon Plans to Replace More Than Half a Million Jobs With Robots
• The Robots Fueling Amazon’s Automation
• Veeam acquires data security company Securiti AI for $1.7B
• Scamland Myanmar: how conflict and crime syndicates built a global fraud industry
• AI, LLM’s, and Skynet
• Over 50 Percent of the Internet Is Now AI Slop, New Data Finds
• Tor browser’s latest build cuts Mozilla’s AI features in the name of privacy
• AI chatbots fail at accurate news, major study reveals
• 1 in 5 US high school students use AI chatbots for romantic relationships
• WhatsApp changes its terms to bar general-purpose chatbots from its platform
• OpenAI’s AI-powered browser, ChatGPT Atlas, is here
• Do AIs think differently in different languages?
• Microsoft makes mind-blowing breakthrough that could revolutionize AI: ‘We needed to prove the technology’
• Microsoft
• Microsoft disables File Explorer preview for downloads to block attacks
• Microsoft warns of Windows smart card auth issues after October updates
• Microsoft puts Office Online Server on the chopping block
• Microsoft fixes Windows Server Active Directory sync issues
• Microsoft fixes bug preventing users from opening classic Outlook
• Microsoft: Recent Windows updates cause login issues on some PCs
• Windows 11 25H2 Update Bug Breaks Recovery Environment
• Microsoft to release emergency fix for recent Windows 11 update
• Windows 10’s final patch fixes a bewildering number of security flaws
• Final Windows 10 recovery updates KB5068164, KB5067017, and more released
• Still on Windows 10? Here’s what Microsoft Defender can and can’t do for you
• Microsoft shares full list of new Windows 11 25H2 settings for office PCs
• Meet Mico, Microsoft’s AI version of Clippy
• Microsoft Copilot gets 12 big updates for fall, including new AI assistant character Mico
• Meet Copilot Mode in Edge: Your AI browser – Microsoft Edge Blog
• Restyle in Paint begins rolling out to Windows Insiders