Cybersecurity News | Daily Recap [30 Oct 2025]

hendryadrian.com

hendryadrian.com

Breaches & Privacy

• Australian regulator rules retailer failed to protect customer data after a security lapse – Vinomofo Ruling
• More than 10 million people impacted in a government-contractor breach as reports consolidate and alarms grow over exposed records – Conduent Breach, Conduent Report
• False claims of a Gmail breach spread online, causing widespread alarm despite no confirmed mass compromise – Gmail Hoax
• The ICO fines a sole trader for allegedly sending 1M spam texts, underscoring enforcement on mass messaging abuses – ICO Fine
• A WordPress security plugin flaw exposed private data to site subscribers, highlighting risks in third‑party site tooling – WP Plugin Leak

NPM & Credential Theft

• An attack campaign flooded the registry with credential‑stealing packages (including PhantomRaven), with researchers finding malicious and typosquatted modules delivering cross‑platform infostealers in the ecosystem (126 npm packages observed) – PhantomRaven NPM, NPM Flood, Typosquat NPM

Credential Theft Tools

• The infostealer builder Logins.zip leverages a Chromium zero‑day and claims up to 99% credential theft in under 12 seconds, enabling rapid credential harvesting campaigns – Logins.zip

Vulnerabilities & Patching

• Multiple disclosures and patching concerns: CVE-2025-30189 in Dovecot allows auth-cache access to wrong accounts, a totaljs flaw lets password changes skip current-password checks, and experts warn of visibility gaps in remediation workflows – Dovecot CVE, TotalJS Bug, Patching Gaps

Microsoft Services & Fixes

• Microsoft expands Copilot to more Microsoft 365 companion apps for enterprise customers while addressing service issues including an Azure/Microsoft 365 DNS outage, a Media Creation Tool fix, and a patch for update failures (0x800F081F) – Copilot Expansion, DNS Outage, Media Tool Fix, Update Fix

Botnets & IoT

• Researchers report a sharp increase in automated botnet attacks against PHP servers and IoT devices, driven by botnets such as Mirai, Gafgyt, and Mozi, stressing the need for patching and hardening – PHP/IoT Attacks, Automated Botnets

AI Misuse & Threats

• Adversaries weaponize AI and content systems: BlueNoroff runs AI-driven executive-targeting campaigns, attackers use an AI‑targeted cloaking trick to get crawlers to cite fabricated facts, and researchers warn of malicious SEO/AI tactics in the wild alongside a multi‑issue ThreatsDay roundup – BlueNoroff AI, AI Cloaking, Malicious SEO, ThreatsDay

Nation‑State & Insider Crimes

• Former defense- and security-company executives admitted or pleaded guilty to selling exploits and stealing trade secrets for buyers in Russia, while reports show sanctions weakening some nation‑state cyber ecosystems – Exploits Sold, Trenchant Guilty, Trade Secrets, Sanctions Impact

Critical Infrastructure & Impact

• Authorities warn hacktivists tampered with Canadian industrial systems and breached water and energy facilities, raising operational safety concerns – Canada ICS, Canada Facilities
• A rival retailer says a cyberattack on M&S boosted its profits, illustrating direct economic effects of incidents on market outcomes – M&S Impact

Industry Moves & Research

• Security firms attract funding and launch offerings as Reflectiz raises $22 million for website security and Spektrum Labs exits stealth to help companies prove resilience – Reflectiz Funding, Spektrum Labs

Mobile Threats

• Mobile app protection gaps widen as researchers show Herodotus Android malware mimics human typing to evade detection and experts warn that “secure login” alone is insufficient for app security – Herodotus Malware, Mobile Security

Cybersecurity News | Daily Recap – hendryadrian.com