![Cybersecurity News | Daily Recap [03 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [03 Nov 2025]")
Daily Recap, Ransomware actors are exploiting the Linux kernel CVE-2024-1086 to deploy malware and escalate incidents while a new BOF tool bypasses Microsoft Teams cookie encryption to steal user chats. Chrome vulnerability rewards and a Windows Task Manager bug are also noted in the weekβs security updates.
#CVE-2024-1086 #LinuxKernel #TeamsBOF #ChromeRewards #KB5067036
#CVE-2024-1086 #LinuxKernel #TeamsBOF #ChromeRewards #KB5067036
Vulnerabilities & Bugs
- Ransomware actors are actively exploiting the CVE-2024-1086 flaw in the Linux kernel to deploy malware and escalate incidents β Linux CVE
- A new BOF tool can bypass Microsoft Teams cookie encryption to steal user chats, raising secure-messaging concerns β Teams BOF
- Google awarded security researchers $100,000 for two Chrome vulnerabilities as part of its bug bounty program β Chrome Rewards
- Some users report that Windows Task Manager wonβt close after installing update KB5067036, indicating a problematic patch rollout β Task Manager Bug
APTs & State-backed Campaigns
- Operation SkyCloak and related campaigns have targeted Russian/Belarusian military assets using LNK exploits and an OpenSSH-over-Tor backdoor to maintain stealthy access β SkyCloak, Belarus Backdoor, UNC6384 PlugX
- North Korean APTs upgraded tooling: Kimsuky leverages stealthy HttpTroy while Lazarus fields a new BLINDINGCAN RAT in targeted operations β NK APTs
Critical Infrastructure & Logistics
- PNP is hardening cybersecurity defenses ahead of potential DDoS threats to protect public services and communications β DDoS Prep
- Reports show hackers are targeting Britainβs drinking water suppliers and regulators are tracking incidents affecting water-sector security β UK Water
- Cybercriminals are exploiting remote monitoring and management tools to infiltrate logistics and freight networks, increasing supply-chain disruption risk β Logistics RMM
Data Breaches & Privacy
- Conduentβs January 2025 incident exposed records affecting over 10M+ people in a large-scale data breach disclosure β Conduent Breach
- A hacker claims to have stolen some 1.2 million donor records from the University of Pennsylvania, raising concerns about donor-data protection β Penn Leak
- Sling TV agreed to pay a $530,000 settlement for violating California privacy law after regulatory action β Sling Settlement
Supply Chain & Software Security
- Open VSX rotated compromised access tokens after a supply-chain malware incident, highlighting risks in package ecosystems and token management β Open VSX
AI Risks & Governance
- Professor Zico Kolter was named to lead an OpenAI safety panel with authority to halt unsafe model releases, shaping AI governance oversight β Zico Kolter
- Researchers warn that Claude AI APIs can be abused for data exfiltration, demonstrating emergent risks in generative-AI platforms β Claude Exfil
- The cybersecurity community is debating whether CISO burnout is an epidemic, endemic, or inevitable as stress and attrition rates rise across security teams β CISO Burnout
Research & SOC Operations
- Continuous Exposure Management is being promoted as a core approach to transform SOC workflows and reduce detection-to-remediation time β SOC Evolution
- Weekly threat research summaries and recaps continue to track emerging campaigns and indicators for SOC/TI teams to consume β Threat Recap