Today’s security landscape is dominated by Microsoft’s October Patch Tuesday, which addresses a massive 172 flaws, including six zero-days under active exploitation. This release coincides with the final security update for Windows 10, officially marking its end-of-life. We are also tracking a novel ‘Pixnapping’ attack against Android devices capable of stealing MFA codes, a silent Oracle zero-day patch, and CISA’s addition of five new actively exploited vulnerabilities to its KEV catalog. Here is the critical intelligence you need to stay ahead of today’s threats.
Top 5 Critical Security Alerts
- Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws; Microsoft’s massive October Patch Tuesday addresses 172 vulnerabilities, including six zero-days that are already being actively exploited in the wild. Read more
- CISA Adds Five Known Exploited Vulnerabilities to Catalog: CISA has added five new vulnerabilities to its KEV catalog, including flaws in Microsoft Windows, requiring federal agencies to patch them immediately due to active exploitation. Read more
- New Android Pixnapping attack steals MFA codes pixel-by-pixel: A novel side-channel attack on Android, named Pixnapping, allows malicious apps without any special permissions to steal sensitive data like MFA codes by reconstructing screen pixels. Read more
- Oracle silently fixes zero-day exploit leaked by ShinyHunters: Oracle has quietly patched a zero-day vulnerability in its E-Business Suite that was actively exploited after the ShinyHunters extortion group publicly leaked a proof-of-concept. Read more
- Chinese hackers abuse geo-mapping tool for year-long persistence: Chinese state-sponsored hackers (Flax Typhoon) maintained undetected access to a target’s network for over a year by turning a component of the ArcGIS geo-mapping tool into a persistent web shell. Read more
Threat Intelligence (APT, malware, ransomware)
- US seizes $15 billion in crypto from ‘pig butchering’ kingpin: The US Department of Justice has seized a staggering $15 billion in bitcoin from the leader of the Prince Group, a criminal organization behind widespread ‘pig butchering’ crypto scams. Read more
- Taiwan reports surge in Chinese cyber activity and disinformation efforts: Taiwan’s National Security Bureau reports a significant increase in network intrusions and influence operations from China this year, with a strong focus on critical infrastructure. Read more
- Malicious crypto-stealing VSCode extensions resurface on OpenVSX: A threat actor is persistently targeting developers by publishing malicious Visual Studio Code extensions on multiple marketplaces to steal cryptocurrency and install backdoors. Read more
- Signal in the noise: what hashtags reveal about hacktivism in 2025: Kaspersky researchers analyzed over 11,000 hacktivist posts to identify trends in how campaigns are organized and targeted, using hashtag data from the surface and dark web. Read more
Security Breaches & Incidents
- Indiana city confirms ransomware hackers behind September incident: Officials in Michigan City, Indiana, have confirmed that a damaging cyber incident in September that crippled government systems was a ransomware attack. Read more
- Feds sanction Cambodian conglomerate over cyber scams, seize $15 billion from chairman: The U.S. Treasury Department has sanctioned the Prince Group and its chairman, seizing $15 billion in assets for its role in large-scale cyber scam operations. Read more
Security Tools & Best Practices
- Final Windows 10 Patch Tuesday update rolls out as support ends: Microsoft has released the final free cumulative security update for Windows 10, marking the official end of its support lifecycle and urging users to upgrade. Read more
- The king is dead, long live the king! Windows 10 EOL and Windows 11 forensic artifacts: With Windows 10 support ending, security experts are detailing the new and changed forensic artifacts in Windows 11 that will be critical for future incident response investigations. Read more
- Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops: A significant vulnerability was discovered in nearly 200,000 Framework laptops running Linux, where signed UEFI components could be exploited to bypass Secure Boot protections. Read more
Cloud & Network Security
- Satellites found exposing unencrypted data, including phone calls and some military comms: Researchers have discovered satellites exposing large volumes of unencrypted data, including sensitive phone calls and military communications from providers like T-Mobile and AT&T. Read more
Security Standards & Frameworks
- California passes first U.S. law regulating AI companion chatbots: California has enacted the first law in the United States requiring safety measures for AI companion chatbots, prompted by tragic events involving young users. Read more
Emerging Security Technologies
- When AI Agents Join the Teams: The Hidden Security Shifts No One Expects: The increasing use of autonomous AI agents in IT operations is creating a ‘Shadow AI’ problem, introducing new security risks that require governing these agents as powerful identities. Read more
