October is the Cybersecurity Awareness Month! Check our highlights from the cybersecurity world in the latest month!
1. 81% of Routers Exposed to Hackers Due to Default Password Use
The Broadband Genie’s fourth major router security survey revealed that 81% of broadband users had never changed their router's default administrative password, exposing them to malware risks. Many users set up routers with minimal configuration, leaving them vulnerable to attacks exploiting default credentials easily found on the open web.
Attackers can gain access to these routers for surveillance, DNS tampering, and malware installation, turning compromised routers into platforms for botnets, phishing campaigns and data theft.
The architectural vulnerabilities have enabled a new wave of malware to automate penetration campaigns targeting poorly configured home routers worldwide. Automated attacks utilise credential stuffing to exploit known admin usernames and passwords, allowing threat actors to manipulate device settings and maintain persistent access, even after reboots.
2. MS Paint and Notepad Used by Infamous Qilin Ransomware to Find Sensitive Data
Qilin ransomware has rapidly become a significant threat in late 2025, with over 40 victim disclosures monthly. This ransomware-as-a-service platform employs a dual-extortion model, combining encrypting files and public disclosure to pressure victims into paying. The manufacturing sector is the most affected at 23%, followed by professional services at 18%, predominantly in the United States.
Attackers typically exploit compromised VPN credentials from dark web leaks and a lack of multi-factor authentication to gain network access. They conduct detailed reconnaissance using legitimate Windows utilities (mspaint.exe and notepad.exe), manually inspecting high-value data before deploying encryption.
The ransomware uses a dual-encryptor strategy: one variant spreads across systems using PsExec with hardcoded administrator privileges, while the other encrypts multiple network shares from a single end. This combination of manual data targeting and sophisticated deployment tactics demands robust detection and response capabilities from organisations globally.
3. Microsoft WSUS Vulnerability Exploited in the Wild
Hackers are exploiting a critical vulnerability (CVE-2025-59287) in Microsoft’s Windows Server Update Services (WSUS), allowing remote code execution on unpatched servers. As of October 27, 2025, over 2,800 WSUS instances were identified as exposed. The flaw, a deserialization issue in the update approval process, has a high CVSS score of 9.8 and can be easily exploited without authentication.
Despite a security bulletin urging patching, only 40% of instances have been mitigated. Organisations, particularly in hybrid cloud environments, are at increased risk, especially from ransomware groups. Microsoft recommends applying updates and restricting WSUS port access through firewalls.
4. Warning by Google: Cybercriminals Use Job Postings to Hack Users
Google warns that cybercriminals are using social engineering to exploit job seekers on legitimate job platforms. They create fake company profiles and job listings to lure candidates into submitting their resumes, building unwitting trust. This information can be reused for future scams or sold to other criminals.
The focus is on individuals with access to valuable corporate advertising and social media accounts, which can be hacked or sold. The attack methods include sending password-protected ZIP files with trojans disguised as application materials and phishing links to fake interview sites. The phishing approach is sophisticated, targeting corporate email credentials and bypassing multi-factor authentication. Additionally, the attackers utilise legitimate CRM platforms, such as Salesforce, for initial communications.
5. ChatGPT Atlas Browser Stores Unencrypted OAuth Tokens, Raising Concerns
A vulnerability in OpenAI's ChatGPT Atlas browser has been discovered, revealing that unencrypted OAuth tokens are stored in an SQLite database with overly permissive file settings on macOS. This issue raises privacy concerns, as the tokens could be easily accessed and misused.
Unlike other browsers that encrypt tokens, Atlas does not use macOS Keychain for this purpose. The exposure allows potential attackers to impersonate users and access linked services, highlighting risks on shared or compromised systems. Experts recommend immediate updates, monitoring permissions, enabling two-factor authentication, and avoiding sensitive tasks in Atlas until the issue is addressed. OpenAI has not provided specific comments on the matter.
6. Major AWS Outage Affected Over 100 Services for a Day
Amazon Web Services (AWS) experienced a significant outage on October 20, 2025. The incident affected over 100 AWS services and impacted major platforms like Amazon, Snapchat, Prime Video, Canva, Fortnite, Roblox, Coinbase and more, preventing users from accessing crucial features.
The root cause was identified as DNS resolution problems with the DynamoDB NoSQL database service in the US-EAST-1 region. After implementing the first fixes by 2:24 AM PDT, recovery progressed throughout the day, with most services showing improvements by 12:28 PM PDT. Full restoration of normal operations occurred by 3:01 PM PDT.
AWS advised users to check the AWS Health Dashboard for updates. A comprehensive summary of the incident is available on their site.
7. Windows 11 October Update Causing a Flood of Issues
Microsoft's security update KB5066835, released on October 14, 2025, has caused a flood of issues, including localhost connection failures, installation attempts crashing, sluggish system performance, and USB keyboards and mice being inoperable in the Windows Recovery Environment (WinRE) for Windows 11 versions 24H2 and 25H2, as well as Windows Server 2025. Users reported an inability to navigate recovery options, leading to significant troubleshooting challenges.
Microsoft acknowledged these problems on October 17, 2025, and is working on fixes, advising users to avoid WinRE. Users can temporarily uninstall the update for relief, but may expose themselves to security vulnerabilities. The update's effects are widespread, impacting both individual developers and enterprise users. Fresh installations of Windows 11 appear unaffected, suggesting that the issues arise from interactions with existing setups. Developers are encouraged to pause updates and monitor for official resolutions.
8. Microsoft October 2025 Patch Tuesday
Microsoft's October 2025 Patch Tuesday addresses 172 vulnerabilities, including four zero-day vulnerabilities, two of them actively exploited. The security update covers a wide range of software products, including Office apps, core Windows operating systems and Azure cloud services. Users are urged to update their software immediately, especially considering the number of vulnerabilities addressed.
9. Windows 10 Support Ending Marks the Close of a Decade-long Era for One of the Most Popular OS in History
Microsoft has officially ended support for Windows 10, meaning no more free security updates, feature enhancements, or technical assistance for millions of users. This affects about 43% of global Windows devices, presenting challenges for those who haven't migrated.
Microsoft recommends upgrading to Windows 11 or enrolling in the Extended Security Updates (ESU) program, which is now offered free for EEA users for the first year. Despite risks, surveys show that around 25% of users plan to continue using Windows 10, which could heighten the global level of cybersecurity threats. Nevertheless, experts anticipate an increase in upgrade requests and ESU enrolments following the end of support.
10. Remote Desktop Protocol Services Attacked in a Major Botnet Campaign
A major botnet campaign is targeting Remote Desktop Protocol (RDP) services in the United States, with over 100,000 unique IP addresses involved from more than 100 countries. The campaign was identified by security firm GreyNoise, which noted a spike in traffic from Brazilian IPs, leading to the discovery of similar activity from various countries.
Analysts believe a single botnet is behind the attacks, utilising two methods: an RD Web Access timing attack to differentiate valid usernames and an RDP web client login enumeration to guess credentials. Organisations using RDP are advised to strengthen their security practices, including enforcing strong passwords and using multi-factor authentication, to defend against these threats.
11. Cybercriminals Are Impersonating HR Departments to Steal Job Seekers' Gmail Credentials
A sophisticated phishing campaign is targeting active job seekers by exploiting legitimate Zoom document-sharing features to harvest Gmail credentials.
Attackers impersonate HR departments and use authentic Zoom notifications to gain trust. Victims receive emails that appear legitimate and pass standard email authentication protocols. Upon clicking the document link, they are redirected to a malicious site, starting with a fake “bot protection” gate. After bypassing this gate, users encounter a convincing phishing page that mimics Google’s login interface. The attackers use real-time credential harvesting through WebSocket connections, allowing immediate validation of stolen credentials and faster data transmission, reducing detection risk.
So, if you're looking for a job, stay alert!
12. Serious Discord Data Breach: 1.5 TB of Data Stolen via Their Partner Zendesk
Discord is experiencing an extortion attempt due to a serious data breach at its third-party customer service provider, Zendesk.
Threat actors claim to have stolen 1.5 terabytes of data, including over 2.1 million government-issued ID photos for age verification, affecting 5.5 million users. While Discord confirms the breach, it disputes the scale, stating that only about 70,000 users were affected, with their photos exposed.
The breach targeted customer support systems and exposed user data such as names, usernames, email addresses, and partial billing details. Discord will not pay the ransom and has terminated its partnership with the compromised vendor.
The incident underscores the risks of supply chain attacks. The situation is ongoing, and the full impact remains to be seen.
Stay tuned and keep your system safe! If you need help, contact us for expert advice!