Notices by Catalin Cimpanu (campuscodi@mastodon.social)

Socket Security has spotted 10 malicious npm packages.

The thing that stands out about them is the use of a CAPTCHA challenge in the npm CLI as they're being installed, most likely as a fake-out to convince victims they're installing a legitimate and actively maintained package.

https://socket.dev/blog/10-npm-typosquatted-packages-deploy-credential-harvester

lol

https://www.linkedin.com/feed/update/urn🇱🇮activity:7386770853973147648/

Fifteen individuals are expected to plead guilty this month in Italy to a complex hacking and extortion scheme.

The individuals worked for Equalize, an Italian company that hacked government databases to create dossiers on the country's elite

https://www.politico.eu/article/italy-milan-hackers-carmine-gallo-enrico-pazzali-samuele-calamucci-equalize-mercury-advisors/

A ransomware attack against Transport for London at the start of September has cost the organization £39 million

Two teens were arraigned in court last Friday for it

https://www.bbc.com/news/articles/cj97ekz07ezo

Ransomware payment rates have dropped below 25% for the first time in history.

Coveware says cyber defenders, law enforcement, and legal specialists should take this as a validation of their efforts.

https://www.coveware.com/blog/2025/10/24/insider-threats-loom-while-ransom-payment-rates-plummet

A new Microsoft Teams feature will let organizations track employees based on nearby WiFi networks.

According to privacy experts, the new feature will allow companies to crack down on workers who dodge return-to-office mandates.

https://www.microsoft.com/en-us/microsoft-365/roadmap?searchterms=488800

The European Union will support digital drivers' licenses for bloc members.

The new digital license can be stored on a phone and will eventually replace physical documents. It is set to roll out by 2030.

https://www.europarl.europa.eu/news/en/press-room/20251016IPR30947/modernising-eu-driving-rules-to-increase-road-safety

The breach at American tech company F5 began in late 2023, far earlier than previously thought.

The hackers breached the company after exploiting its own products.

F5 staff allegedly failed to follow the cybersecurity guides it passed to customers.

https://www.bloomberg.com/news/articles/2025-10-18/hackers-had-been-lurking-in-cyber-firm-f5-systems-since-2023

The Tor Browser will remove all of the Firefox AI features that Mozilla has been recently adding

https://blog.torproject.org/new-alpha-release-tor-browser-150a4/

Do you remember where you were during the Great YouTube Outage of 2025?

Azure outage on the way?

https://azure.status.microsoft/en-gb/status?_=07:40%20UTC%20on%2009%20Oct%202025

RediShell security flaw in Redis:

-remotely exploitable
-CVSSv3 10/10
-impacts all versions released over the past 13 years
-impacts 75% of cloud instances

https://www.wiz.io/blog/wiz-research-redis-rce-cve-2025-49844

https://redis.io/blog/security-advisory-cve-2025-49844/

-Oracle customers are getting extorted
-Most EU cyberattacks were DDoS attacks
-SBI Crypto hacked for $21m
-Sen. Cruz blocks privacy protection law
-Accenture to cut 11,000
-NIST releases portable storage guidance
-Profiles on Keymous+, Lunar Spide, UAT-8099
-New Android spyware in the UAE
-Cavalry Werewolf APT ops
-CISA KEV gets an update
-DrayTek patches Vigor routers
-Battering RAM, WireTap attacks

-Scam compound operators sentenced to death in China
-Red Hat got hacked and extorted
-UK makes new request for Apple user data
-Signal threatens to leave EU
-APT35 has another leak
-Microsoft launches a Security Store
-Outlook blocks inline SVGs
-Chrome 141 is out with security goodness
-Google Drive gets ransomware protection
-Cyberattack recovery is hard for UK schools
-EU MPs angry over spyware funding

Newsletter: https://news.risky.biz/risky-bulletin-scam-compound-operators-sentenced-to-death-in-china/
Podcast: https://risky.biz/RBNEWS486/

Looks like some Linux eBPF vulnerabilities presented at this year's Black Hat are made-up AI slop

https://www.openwall.com/lists/oss-security/2025/09/25/1

Dutch police detain two 17yo for walking with WiFi sniffer past Europol, Eurojust, and Canadian embassy.

The two were allegedly recruited by Russia through Telegram

https://nltimes.nl/2025/09/26/two-dutch-teens-arrested-rare-russian-espionage-case

More than 10,600 Ollama LLM-hosting servers are exposed on the internet: https://censys.com/blog/ollama-drama-investigating-the-prevalence-of-ollama-open-instances-with-censys

Almost 4,800 Firebase databases exposed on the internet and leaking their data: https://ice0.blog/docs/openfirebase

Eight orgs involved in FOSS and package repos have asked for more support for package repos because of the skyrocketing costs for hosting everyone's code

"In effect, public registries have become free global CDNs for commercial vendors."

https://openssf.org/blog/2025/09/23/open-infrastructure-is-not-free-a-joint-statement-on-sustainable-stewardship/

A love story:

-17yo Romanian teens sends bomb threats to hundreds of US schools
-US charges him
-Romania refuses extradition
-Teen sends mass-shooting threats to hundreds of Romanian schools

https://hotnews.ro/cine-este-tanarul-suspectat-ca-a-trimis-mesajele-de-amenintare-catre-sute-de-scoli-si-spitale-din-romania-fbi-l-a-acuzat-ca-a-trimis-sute-de-amenintari-cu-bomba-si-unor-institutii-din-sua-de-ce-a-2072288

Poland has threatened to hack back any country that cripple its critical infrastructure.

Minister of Digital Affairs Krzysztof Gawkowski says the country has the possibilities to respond.

https://www.portalsamorzadowy.pl/polityka-i-spoleczenstwo/minister-cyfryzacji-polska-nie-padla-ofiara-sobotniego-cyberataku-ale-mamy-zdolnosci-skutecznego-ich-odpierania,630395.html