Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
The ransomware group known as Qilin (aka Agenda, Gold Feather, and Water Galura) has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June. The development comes as the ransomware-as-a-service (RaaS) operation has emerged as one of the most active ransomware groups, accounting for 84 victims each in the months of August and September 2025. Qilin is known to be active since around July 2022. According to data compiled by Cisco Talos, the U.S., Canada, the U.K., France, and Germany are some of the countries most impacted by Qilin. The attacks have primarily singled out manufacturing (23%), professional and scientific services (18%), and wholesale trade (10%) sectors.
Source: TheHackerNews

Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with a proof-of-concept (Poc) exploit publicly available and has come under active exploitation in the wild. The vulnerability in question is CVE-2025-59287 (CVSS score: 9.8), a remote code execution flaw in WSUS that was originally fixed by the tech giant as part of its Patch Tuesday update published last week. Three security researchers, MEOW, f7d8c52bec79e42795cf15888b85cbad, and Markus Wulftange with CODE WHITE GmbH, have been acknowledged for discovering and reporting the bug. The shortcoming concerns a case of deserialization of untrusted data in WSUS that allows an unauthorized attacker to execute code over a network. It’s worth noting that the vulnerability does not impact Windows servers that do not have the WSUS Server Role enabled.
Source: TheHackerNews

Hackers Launch Mass Attacks Exploiting Outdated WordPress Plugins
A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code execution (RCE). WordPress security firm Wordfence says that it blocked 8.7 million attack attempts against its customers in just two days, October 8 and 9. The campaign expoits three flaws, tracked as CVE-2024-9234, CVE-2024-9707, and CVE-2024-11972, all rated critical (CVSS 9.8). CVE-2024-9234 is an unauthenticated REST-endpoint flaw in the GutenKit plugin with 40,000 installs that allows installing arbitrary plugins without authentication.
Source: BleepingComputer

Hackers Steal Discord Accounts With RedTiger-based Infostealer
Attackers are using the open-source red-team tool RedTiger to build an infostealer that collects Discord account data and payment information. The malware can also steal credentials stored in the browser, cryptocurrency wallet data, and game accounts. RedTiger is a Python-based penetration testing suite for Windows and Linux that bundles options for scanning networks and cracking passwords, OSINT-related utilities, Discord-focused tools, and a malware builder. RedTiger’s info-stealer component offers the standard capabilities of snatching system info, browser cookies and passwords, crypto wallet files, game files, and Roblox and Discord data. It can also capture webcam snapshots and screenshots of the victim’s screen.
Source: BleepingComputer

Ransomware Payments Dropped in Q3 2025: Analysis
Ransomware payments dropped significantly in the third quarter of 2025, according to an analysis conducted by ransomware incident response firm Coveware. According to Coveware, ransomware payment rates dropped to a historical low of 23% in Q3 2025, indicating that “cyber extortion’s overall success rate is contracting”, which should be viewed as a success of the efforts of law enforcement, cyber defenders and legal specialists. Coveware reported that the average ransom payment in Q3 2025 was roughly $377,000, a 66% decrease compared to the previous quarter. The median ransom payment dropped by 65%, to $140,000. The company has largely attributed the drop in payment amounts to a couple of trends. The first is large enterprises increasingly refusing to pay ransoms after being targeted in a ransomware attack.
Source: SecurityWeek