Cybersecurity News | Daily Recap [31 Oct 2025]

hendryadrian.com

hendryadrian.com

Ransomware & Data Breaches

• Ransomware gang claims a breach and BPO giant Conduent confirms a data incident impacting 10.5 million people, raising extortion and data-exfiltration concerns – Conduent Breach, Conduent Impact
• Law enforcement and attribution developments: a Ukrainian was extradited from Ireland on Conti charges, Russian gangs are weaponizing open-source AdaptixC2, and a defense contractor pleaded guilty to selling cyber exploits to a Russian broker – Conti Extradition, AdaptixC2, Exploits Sale

APT & State-linked Attacks

• Multiple China-linked APTs exploited an unpatched Windows flaw and a VMware zero-day in active intrusions, prompting CISA alerts and wider concern – Chinese APTs, VMware Zero-day
• BRONZE BUTLER exploited a Lanscope zero-day for SYSTEM control while CISA ordered federal patching of a VMware Tools flaw exploited since Oct 2024 – BRONZE BUTLER, VMware Tools
• Russian-linked APTs used living-off-the-land techniques and a Sandworm-linked webshell in Ukraine, and a major telecom services provider Ribbon was breached by state hackers – Russian APTs, Ribbon Breach
• Diplomatic entities in Belgium and Hungary were hacked in a China-linked espionage campaign, expanding the remit of recent state-linked intrusions – Diplomatic Hacks

Vulnerabilities & Guidance

• CISA added exploited XWiki and VMware flaws to its KEV catalog and, together with NSA, issued urgent guidance to secure WSUS and Microsoft Exchange, while new Exchange best-practice guidance was released – KEV Update, WSUS/Exchange, Exchange Guidance
• Critical product flaws and advisories: Docker Compose CVE-2025-62725 allows host-level writes (upgrade to 2.40.2) and Docker fixed a Windows DLL hijack, Jenkins published advisory AV25-707, and Full Disclosure exposed the zero-click iMessage “Glass Cage” (CVE-2025-24085 / 24201) – Docker Compose, Jenkins AV25-707, Glass Cage

ICS & OT Attacks

• Hacktivists have been abusing internet-accessible industrial control systems across Canada, disrupting water, energy and farms and triggering AL25-016 advisories and media coverage – ICS Advisory, Canadian ICS, Hacktivist ICS

Malware & Infostealers

• Russian authorities detained developers behind the Meduza infostealer in a major cybercrime crackdown – Meduza Bust
• About 150 Australian devices were found implanted with BadCandy, indicating targeted post-compromise tooling in the region – BadCandy
• There is a massive surge of NFC relay malware stealing Europeans’ credit cards, signaling growing physical-digital payment fraud – NFC Malware

Market, Industry & Defenses

• India‘s cybersecurity market hit $20 billion powered by 400+ startups, and the Middle East cybersecurity market is forecast to double by 2030 – India Cyber, Middle East Market
• Jamf will go private after a $2.2 billion acquisition by Francisco Partners – Jamf Acquisition
• Google‘s built-in AI defenses on Android now block about 10 billion scam messages per month, reflecting AI-driven anti-fraud scaling – Google AI
• A new security layer for macOS is designed to intercept admin errors before attackers can exploit them, adding defense-in-depth for endpoint admins – macOS Layer

Privacy & Exploits

• The new “Brash” exploit can crash Chromium browsers instantly with a single malicious URL, posing widespread browsing availability risks – Brash Exploit
• Research shows a single photo could enable AI to clone your voice, threatening voice-based authentication and deepfake risks – Face-to-Voice

Supply Chain & Tokens

• The Eclipse Foundation revoked leaked Open VSX tokens after a discovery by Wiz, closing a potential supply-chain token exposure – Open VSX Tokens

Cybersecurity News | Daily Recap – hendryadrian.com