TEE.Fail Attack, Qilin Ransomware, CISA Alerts & BlueNoroff – 10/28/2025

Secure Your Business Now

Today’s threat landscape is highlighted by the disclosure of TEE.Fail, a severe side-channel attack capable of compromising secure enclaves in modern CPUs from Intel, AMD, and NVIDIA. CISA has also issued an urgent warning, adding two actively exploited Dassault Systèmes vulnerabilities to its KEV catalog. Meanwhile, threat actors continue to innovate, with the Qilin ransomware gang now using WSL for evasive attacks and the BlueNoroff APT deploying new multi-platform malware.

Top 5 Critical Security Alerts

  • CISA Adds Two Actively Exploited Dassault Vulnerabilities to KEV Catalog: CISA warns that two vulnerabilities in Dassault Systèmes’ DELMIA Apriso (CVE-2025-6204 & CVE-2025-6205) are being actively exploited, requiring immediate patching by federal agencies. Read more
  • TEE.Fail Attack Breaks Confidential Computing on Intel, AMD, NVIDIA CPUs: Researchers have developed a new side-channel attack named TEE.Fail, capable of extracting secrets from the Trusted Execution Environment (TEE) in modern CPUs from major vendors. Read more
  • Qilin Ransomware Abuses WSL to Run Linux Encryptors in Windows: The Qilin ransomware group is leveraging the Windows Subsystem for Linux (WSL) to execute its Linux-based encryptors on Windows systems, a novel technique designed to evade detection. Read more
  • BlueNoroff APT Unveils New Malware Campaigns Targeting macOS and Windows: The North Korean APT group BlueNoroff is behind the ‘GhostCall’ and ‘GhostHire’ campaigns, using sophisticated, multi-stage malware to target cryptocurrency and Web3 sectors. Read more
  • New ‘Herodotus’ Android Malware Mimics Human Typing to Evade Detection: A new Android banking trojan, Herodotus, uses randomized delays to mimic human input, allowing it to bypass behavioral biometric security and perform device takeover attacks. Read more

Threat Intelligence

  • Researchers Warn of Prolific Qilin Ransomware Gang: The Qilin ransomware group has intensified its attacks, adding over 185 victims to its leak site in October alone and targeting major organizations across various sectors. Read more
  • ‘BiDi Swap’ Phishing Trick Makes Fake URLs Look Authentic: Attackers are reviving a decade-old browser flaw using bidirectional text to create deceptive URLs for phishing campaigns, making it difficult for users to spot malicious links. Read more
  • New Atroposia MaaS Platform Includes Local Vulnerability Scanner: A new Malware-as-a-Service (MaaS) named Atroposia offers a remote access trojan (RAT) equipped with data theft capabilities and a built-in local vulnerability scanner to find additional exploits. Read more

Security Breaches & Incidents

  • Advertising Giant Dentsu Reports Data Breach at Subsidiary Merkle: Dentsu has disclosed a cybersecurity incident at its US subsidiary Merkle, which resulted in the exposure of both employee and client data. Read more

Security Tools & Best Practices

  • Keys to the Kingdom: A Defender’s Guide to Privileged Account Monitoring: A comprehensive guide from Google Cloud’s threat intelligence team details strategies for preventing, detecting, and responding to intrusions that target privileged accounts. Read more
  • Windows 11 Update Rolls Out New ‘Administrator Protection’ Feature: Microsoft’s latest preview update for Windows 11 (KB5067036) introduces Administrator Protection, a new feature designed to enhance system security against unauthorized changes. Read more
  • Google Chrome to Warn Users Before Opening Insecure HTTP Sites: Starting in October 2026 with version 154, Google Chrome will require user permission before connecting to insecure HTTP websites, aiming to further push the web towards HTTPS. Read more
  • CyDeploy Offers ‘Digital Twin’ System for Secure Update Testing: Startup CyDeploy is developing a platform that uses machine learning to create a replica of a company’s system, allowing for safe testing of patches and updates before deployment. Read more

Security Standards & Frameworks

  • CISA Releases Three Industrial Control Systems (ICS) Advisories: CISA has published advisories for vulnerabilities in Schneider Electric EcoStruxure and Vertikal Systems Hospital Manager, urging critical infrastructure operators to apply mitigations. Read more

Emerging Security Technologies

  • Microsoft Sued in Australia Over Deceptive Copilot Subscriptions: The ACCC is suing Microsoft for allegedly misleading 2.7 million Australians into paying for Copilot AI subscriptions within the Microsoft 365 service. Read more
  • OpenAI Restructures, Microsoft Increases Stake to 27 Percent: OpenAI has completed a major corporate restructuring under a new foundation, with Microsoft solidifying its partnership by taking a nearly one-third stake in the AI company. Read more
Contact Us for a FREE Security Consultation!
Picture of Chris Armour

Chris Armour

Director of Software Engineering at Grab The Axe, leads the development of secure, scalable software solutions that drive growth and innovation. With expertise in network security, coding, and AI, he aligns technology strategies with business goals while mentoring high-performing teams. He holds a Bachelor of Science degree in Network Security from the University of Advancing Technology and is dedicated to advancing digital security and software innovation.

YOU MIGHT ALSO LIKE

Animal Rescue Security

Enhancing Animal Rescue Security: A Comprehensive Case Study

Social Media Security

Strengthening Social Media Security: A Comprehensive Case Study

Financial Services Security

Enhancing Financial Services Security: A Comprehensive Case Study