DNS abuse isn’t just a minor annoyance; it’s a cybercriminal’s playground. Malicious domains—often short-lived and deceptively convincing—fuel malware campaigns and phishing attacks. Attackers exploit generic TLDs for their low cost and lax regulations. Defenders can thwart these threats by filtering bad domains, educating users, and pre-emptively registering potential typosquats.

A Chinese-speaking cybercrime group is turning trusted IIS servers into the internet’s seedy underbelly, redirecting users to shady ads and gambling sites. Dubbed UAT-8099, they’re exploiting reputable servers for financial gain. With a focus on mobile users, they’re ensuring your online detour is more “casino royale” than “search engine results.”

Asahi, Japan’s beer behemoth, faced a ransomware attack, halting factory operations. Now, they’re forced to process orders like it’s the 1800s—manually! Despite the digital hiccup, the company remains tight-lipped on ransom demands. Meanwhile, their Emergency Response Headquarters is on high alert, working to untangle the cyber mess.

ProSpy and ToSpy malware are masquerading as Signal and ToTok apps to swipe data in the UAE, using fake sites to lure victims. These sneaky spyware campaigns are like digital pickpockets, proving once again that not everything online is what it “apps” to be. Stay cautious, especially around unofficial downloads!

Red Hat’s consulting GitLab system was accessed by an unauthorized party, a breach confirmed after a group, the Crimson Collective, bragged about raiding 28,000 repositories. While Red Hat isn’t disclosing specifics about the stolen data, the situation has prompted cybersecurity warnings in Belgium due to potential supply chain impacts.

The Scattered Lapsus$ Hunters are targeting Salesforce customers with voice phishing attacks, leaking data from companies like Google and Cisco. They’re using a new data leak site to extort victims, demanding ransoms before the October 10 deadline. In a twist of irony, paying up is the only way to avoid further extortion.

SecurityWeek’s cybersecurity news roundup is your weekly dose of tales that could make even your antivirus blush. From Microsoft’s AI-ready platform to LinkedIn users unknowingly moonlighting as AI trainers, this summary covers it all. Dive into the world of insider threats, Citrix exploitation, and spyware masquerading as your favorite apps.

CometJacking is the latest cosmic caper in cybersecurity, exploiting URL parameters to send secret instructions to Comet AI. With no need for credentials or user interaction, attackers can hitch a ride on a malicious URL, potentially pilfering sensitive data from connected services. Yet, Perplexity seems unconvinced, marking the threat as “not applicable.”

Apple has deep-sixed ICEBlock, an app tracking ICE agents, after pressure from the government. The tech giant says the removal was due to safety concerns, ensuring a “safe and trusted” App Store. Apparently, keeping tabs on agents is a no-go. Sorry, folks, you’ll have to find ICE the old-fashioned way—like a popsicle.

ICE wants to equip its targeting centers with social media sleuths ready to scour the web 24/7. Forget cat videos—these nearly 30 contractors will surf Facebook, TikTok, and more to spot deportation leads. It’s like a binge-watch session of “Who Posted It?” with a side of serious surveillance.

Cybersecurity startup Oneleet secured $33 million in a Series A round, elevating its total to $35 million. With tools that turn security chaos into one-click calm, Oneleet combines attack surface management and code scanning. They’re now set to expand their engineering team and sprinkle AI magic across multiple cybersecurity areas.

Brazilian users are the target of SORVEPOTEL, a self-propagating malware spreading via WhatsApp. This campaign uses phishing messages with malicious ZIP files to infect Windows systems. Once activated, it spreads rapidly through WhatsApp Web, leading to account bans. The campaign prioritizes speed and propagation over data theft or ransomware.

Munich Airport recently went on an unplanned hiatus, starring drones as the uninvited guests. With Oktoberfest crowding the city and a bomb scare already on the agenda, drone sightings were the last thing anyone needed. Flights were grounded, passengers stranded, and everyone was left wondering: are drones the new airport paparazzi?

The Clop ransomware gang is at it again, this time targeting Oracle E-Business Suite vulnerabilities. Oracle urges customers to patch up, as extortion emails flood inboxes. The gang claims it’s all about “bugged” products, but Oracle’s Chief Security Officer emphasizes the importance of updates. Stay tuned as the plot thickens!

Cybersecurity experts are in a tizzy as a group claiming ties to the Cl0p ransomware gang bombards companies with emails threatening to expose data allegedly stolen from Oracle’s E-Business Suite. The threats have triggered frantic investigations, leaving organizations wondering if they’re dealing with cybercriminals or just email pranksters with a flair for drama.

Palantir skips out on the UK’s digital ID project, leaving the government to face 2.76 million petitioners and counting. Despite a “free” card promise, questions remain about privacy and public trust. Meanwhile, Starmer must keep his eye on the ball—or risk a six-month fizzle. Digital ID, anyone?

DrayTek has patched an RCE vulnerability in its routers. CVE-2025-10547 can be exploited via crafted requests to the web interface, leading to memory corruption. Though remote access safeguards exist, local network attackers could still strike. DrayTek urges users to update firmware, as these routers are prime hacker bait.

Oracle advises E-Business Suite users to “patch your systems,” following Clop-linked extortion emails. Cybercriminals claim to exploit vulnerabilities Oracle patched in July. While Oracle insists they aren’t compromised, execs are still receiving ransom threats. Remember, folks, patching isn’t just a suggestion—it’s a lifestyle!

Gmail enterprise users can now send end-to-end encrypted emails to anyone, ensuring secure communication without needing secret handshakes or decoder rings. Just tick the “Additional encryption” box, and your sensitive info is safe from prying eyes—even Google’s. It’s like your emails are wearing invisibility cloaks, but without the Hogwarts tuition fees!

CISA warns of a Meteobridge vulnerability exploited in attacks. This flaw, CVE-2025-4008, is a command injection bug in the web interface. Meteobridge devices, ideally not internet-exposed, have become targets due to misconfiguration. CISA urges federal agencies to fix this within three weeks as part of the Binding Operational Directive.