Cybersecurity News | Daily Recap [15 Oct 2025]

Daily Recap, A wide range of breaches and vulnerabilities hit multiple sectors, from Mango and Qantas data exposures to major patch Tuesday updates addressing zero-days and high-severity flaws across vendors like Adobe, Fortinet, Ivanti, SAP, and Oracle. The report also notes ongoing malware threats such as VSCode crypto-stealers, pixnapping MFA attacks, SonicWall SSLVPN credential exploits, and passkey bypass techniques, with industry moves including LevelBlue acquiring Cybereason and HyperBunker advancing anti-ransomware solutions. #MANGO #Qantas #AsahiAttack #5CA #CapitaFine #NYFines #IndianaRansom #PatchTuesday #ZeroDays #BIG-IP #AdobeUpdate #F5Breach #OracleFix #ICS PatchTuesday #CVEDispute #VSCodeExtensions #Pixnapping #SonicWallAttacks #Passkeys #China #TaiwanSurge #ArcGISBackdoor #HyperBunker #Cybereason #NDR #RokuSuit #CaliforniaLaws #USDOJ

Clothing retailer MANGO discloses a customer data breach exposing personal information. – MANGO Breach
Qantas confirms cybercriminals publicly released stolen customer data following a breach. – Qantas Leak
Asahi Group’s cyberattack forces a delay in financial reporting as the incident is investigated. – Asahi Attack
Customer-service provider 5CA denies responsibility after a Discord data breach tied to leaked user info. – Discord Claim
Capita is hit with a record £14 million fine for security failings linked to a ransomware attack. – Capita Fine
New York secures $14 million in fines from eight auto insurers over post-breach pre-fill data practices. – NY Fines
An Indiana city confirms a September ransomware incident was caused by identified ransomware actors. – Indiana Ransom

October Patch Tuesday includes reports of zero-days under active attack and widespread fixes across Microsoft platforms; advisories and rollouts for Windows 11 and final Windows 10 updates accompany the month’s patching. – Patch Tuesday, Windows 11 KBs, Windows 10 Final
F5 reports that attackers stole undisclosed BIG-IP flaws and source code following a breach, raising supply-chain concerns. – F5 Breach
Multiple vendors publish urgent fixes: Adobe (Connect/Commerce/Creative Cloud), Fortinet and Ivanti patch high-severity flaws, and SAP issues critical fixes in NetWeaver, Print Service, and SRM. – Adobe Update, Fortinet & Ivanti, SAP Patches
Oracle quietly patches a zero-day that was publicly leaked by the ShinyHunters group. – Oracle Fix
Industrial control system vendors including Siemens, Schneider, Rockwell, ABB and Phoenix Contact release ICS-focused Patch Tuesday fixes. – ICS Patch Tuesday
Disputes arise among security firms over credit for overlapping CVE reports amid crowded vulnerability disclosures. – CVE Dispute

Malicious crypto‑stealing VSCode extensions resurface on OpenVSX, targeting developers and wallets. – VSCode Extensions
New Android “pixnapping” attack captures MFA codes pixel‑by‑pixel from the screen, threatening mobile authentication flows. – Pixnapping
Credential attacks are being detected against SonicWall SSLVPN devices, prompting urgings to investigate and patch exposed appliances. – SonicWall Attacks
Research details methods showing how attackers can bypass synced passkeys, undermining modern passwordless protections. – Passkeys Bypass

Researchers report a rare intrusion by suspected China-linked actors into a Russian tech firm, highlighting cross-border espionage. – China→Russia Intrusion
Taiwan warns of a surge in Chinese cyber operations and disinformation campaigns targeting the island. – Taiwan Surge
Chinese hackers exploited ArcGIS servers as a persistent backdoor for over a year, enabling long-term access to targeted environments. – ArcGIS Backdoor

HyperBunker raises seed funding to develop a next‑generation anti‑ransomware appliance aimed at improving endpoint resilience. – HyperBunker Fund
MSSP giant LevelBlue acquires endpoint vendor Cybereason, consolidating managed security services and EDR capabilities. – Cybereason Deal
Guidance on spotting dark‑web indicators inside networks using Network Detection and Response (NDR) tools is published to help defenders detect illicit access and data exfiltration. – Dark Web Detection

Florida sues Roku, accusing the streaming company of exploiting children’s data in a privacy lawsuit. – Roku Suit
California enacts new laws requiring age verification and regulating chatbots, expanding consumer protections and AI oversight. – California Laws

The U.S.Department of Justice seizes $15 billion in Bitcoin from the Prince Group, a syndicate tied to large‑scale “pig butchering” scams and money‑laundering. – $15B Seizure

SHARE THIS STORY