CyberNews: 28/10/2025 Edition

Today’s roundup

Summary

Google has publicly refuted widespread claims of a massive data breach affecting 183 million Gmail accounts. The company issued a statement clarifying that these reports are false, aiming to counter sensationalized news stories that have circulated regarding a purported incident.

New data indicates a significant decline in ransomware payments, with only 23% of breached organizations now acceding to attackers' demands. This represents a new low in victim compliance, suggesting a shift in response strategies against ransomware operations.

QNAP has issued an urgent warning to customers regarding a critical ASP.NET Core vulnerability, identified as CVE-2025-59287, which also impacts its NetBak PC Agent software. This Windows utility, used for backing up data to QNAP NAS devices, requires immediate patching to mitigate the risk posed by this flaw.

The advanced persistent threat (APT) group SideWinder launched a new campaign in September 2025, deploying a novel PDF and ClickOnce-based infection chain. Targets include a European embassy in New Delhi and multiple organizations across Sri Lanka, Pakistan, and Bangladesh, indicating an evolution in the group's tactics, techniques, and procedures (TTPs).

Social media platform X is compelling users utilizing passkeys or hardware security keys for two-factor authentication (2FA) to re-enroll these keys by November 10, 2025. This mandatory action is a consequence of the platform's domain migration from twitter.com to x.com, not a security incident, and failure to comply will result in account lockout until re-enrollment is completed or an alternative 2FA method is configured.

Kaspersky researchers have linked a Chrome zero-day vulnerability (CVE-2025-2783), exploited in "Operation ForumTroll," to tools from Italian spyware vendor Memento Labs, the successor to the infamous Hacking Team. The sandbox escape flaw facilitated state-sponsored cyber-espionage targeting Russian and Belarusian media, research, and government entities, deploying sophisticated "Dante" and "LeetAgent" spyware using techniques like COM hijacking and WebGPU validation.

NeuralTrust researchers have uncovered a prompt injection vulnerability in OpenAI's ChatGPT Atlas web browser. Attackers can exploit this by crafting URL-like strings in the omnibox, which the browser misinterprets as trusted user commands, bypassing safety checks. This allows for malicious actions such as navigating to phishing sites or instructing the AI agent to delete files from a user's Google Drive.

The United States has opted not to sign the landmark UN Convention against Cybercrime, despite its endorsement by over 70 other nations in Hanoi this past weekend. This decision marks a significant development in ongoing international efforts to establish a global framework for countering digital crime.

Svenska kraftnät, Sweden's state-owned power grid operator, has confirmed it is investigating a data breach. A ransomware group previously claimed responsibility for the attack and threatened to leak hundreds of gigabytes of exfiltrated internal data, raising concerns about the security of critical national infrastructure.

Researchers at Synacktiv have detailed a technique to create "Two-Face" Rust binaries on Linux. These executables can run a benign program on most systems but deploy a hidden, malicious payload when executed on a specific target host. The method employs host-specific data for encryption key derivation and utilizes advanced in-memory execution techniques like `memfd_create`, `io_uring`, and `mmap` to evade detection and hinder forensic analysis.

Want to dig deeper?

Vulnerabilities

Cyber Groups

Malware Families