{"id":20678,"date":"2025-10-13T10:32:04","date_gmt":"2025-10-13T08:32:04","guid":{"rendered":"https:\/\/kordon.app\/?p=20678"},"modified":"2025-10-13T10:32:05","modified_gmt":"2025-10-13T08:32:05","slug":"cybersecurity-news-worth-your-attention-this-week-2025-10-06","status":"publish","type":"post","link":"https:\/\/kordon.app\/et\/cybersecurity-news-worth-your-attention-this-week-2025-10-06\/","title":{"rendered":"Cybersecurity News Worth Your Attention This Week &#8211; 2025-10-06"},"content":{"rendered":"<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>This week we have an announcement from 3 ransomware groups that they are now a cartel. Good for them, working together to level up their performance I guess? <\/p>\n\n\n\n<p>Also, a reason to talk to your payroll people, they are being directly targeted in a new campaign.<\/p>\n\n\n\n<p>And yes, another week and new ways AI coding assistants are exploited &#8230;<\/p>\n\n\n\n<p>P.S. If you get value out of this summary, make sure to\u00a0<strong>subscribe<\/strong>\u00a0to it via e-mail (scroll to the end) or we also publish it on our\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/kordon-app\">LinkedIn<\/a>\u00a0every Monday.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">1. ClayRat Android Spyware Self-Propagates via SMS and Telegram<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>A new Android spyware campaign called ClayRat<\/strong> has spread rapidly beyond its Russian origin by <strong>tricking users into sideloading fake TikTok, YouTube and Google Photos apps<\/strong> via phishing sites and Telegram channels. <strong>Once granted SMS-handler privileges, it steals messages, call logs, contacts and front-camera photos, then blasts malicious links to every contact to turn each victim into a distribution hub. <\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Zimperium: <strong>Over 600 ClayRat samples and 50 dropper variants<\/strong> in three months.<\/li>\n\n\n\n<li><strong>Delivered via phishing websites posing as popular apps <\/strong>and via Telegram \u201cupdate\u201d channels.<\/li>\n\n\n\n<li><strong>Abuses Android\u2019s default SMS handler role <\/strong>to bypass permission prompts and intercept\/send texts.<\/li>\n\n\n\n<li><strong>Exfiltrates<\/strong> <strong>SMS, contacts, call logs, notifications and can take front-camera photos.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Block all APK sideloading via Android Enterprise policies.<\/li>\n\n\n\n<li>Deploy mobile threat defense integrated with MDM for real-time detection.<\/li>\n\n\n\n<li>Educate users to avoid installing apps from unverified links or channels.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4070281\/clayrat-spyware-turns-phones-into-distribution-hubs-via-sms-and-telegram.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2. California Requires One-Click Browser Opt-Out for Personal Data Sales<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>California\u2019s governor has signed a law mandating that web browsers provide a clear, one-button mechanism for residents to opt out of third-party sales of their personal data under the CCPA. <\/strong>The measure shifts compliance effort from individual site visits to browser settings, reducing user friction and raising expectations for data-tracking controls. <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The new requirement implements CCPA opt-out \u201csignal\u201d via an easy-to-find browser toggle.<\/li>\n\n\n\n<li>It\u2019s the first U.S. law forcing universal browser-level data-sale opt-outs; similar mobile OS bill was vetoed last year.<\/li>\n\n\n\n<li><strong>Companion laws now require social platforms to delete all user data on account cancellation and expand data broker registration disclosures.<\/strong><\/li>\n\n\n\n<li><strong>AB 566 is scheduled to enter into force 1 Jan. 2027 <\/strong>and authorizes the California Privacy Protection Agency &#8220;to adopt regulations as necessary to implement and administer those provisions.&#8221;<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/therecord.media\/california-signs-law-opt-out-browsers\">The Record<\/a>, <a href=\"https:\/\/iapp.org\/news\/a\/california-governor-signs-new-law-requiring-in-browser-opt-out-preference-signal?utm_source=chatgpt.com'\" title=\"\">IAPP<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3. High-DPI Computer Mice Can Secretly Record Nearby Conversations<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Researchers at UC Irvine demonstrate \u201cMic-E-Mouse,\u201d a side-channel attack that uses high-resolution optical mouse sensors to detect desk vibrations from speech and reconstruct private conversations <\/strong>without elevated privileges. Although accuracy falls under real-world noise and hardware constraints, the proof-of-concept highlights a new eavesdropping risk for security-conscious environments. <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Attack leverages mice with \u226520,000 DPI and high polling rates (kHz range).<\/li>\n\n\n\n<li>Depending on the environment, <strong>accuracy today is around 40%-60%<\/strong><\/li>\n\n\n\n<li><strong>Vibrations travel through desks \u22643 cm thick;<\/strong> mouse must remain mostly stationary.<\/li>\n\n\n\n<li>Signal enhancement via Wiener filtering and neural networks boosts intelligibility.<\/li>\n\n\n\n<li><strong>No kernel-level privileges required but additional application needs to be installed. Browsers don&#8217;t report such high frequency data even if the mouse supports it. <\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Place rubber pads or mouse mats under high-DPI mice.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4069723\/computer-mice-can-eavesdrop-on-private-conversations-researchers-discover.html\">CSO Online<\/a>, <a href=\"https:\/\/arxiv.org\/html\/2509.13581v1\">arXiv<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Google DeepMind Debuts CodeMender AI Agent for Automated Vulnerability Patching<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Google DeepMind\u2019s new CodeMender AI agent has automatically discovered and fixed 72 security flaws in open-source projects,<\/strong> some exceeding 4.5 million lines, by combining Gemini Deep Think reasoning with advanced static and dynamic analysis. <strong>It both reacts to newly found bugs and proactively hardens existing code<\/strong> (for example, adding \u2013fbounds-safety to libwebp to neutralize CVE-2023-4863), significantly reducing developer effort, while human researchers still vet every patch to maintain quality.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Utilizes static analysis, fuzzing, SMT solvers, differential testing and an LLM-based critique tool to verify fixes.<\/li>\n\n\n\n<li><strong>Submitted patches have already been upstreamed to several critical open-source libraries.<\/strong><\/li>\n\n\n\n<li>Employs multi-agent workflows to isolate, debug and validate root causes without introducing regressions.<\/li>\n\n\n\n<li>Proactive annotations in libwebp would have rendered the zero-click iOS exploit (CVE-2023-4863) unexploitable.<\/li>\n\n\n\n<li><strong>The tool is not yet available publicly<\/strong><\/li>\n\n\n\n<li><strong>DeepMind is starting pilots <\/strong>with maintainers of critical open-source libraries.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4068774\/google-deepmind-launches-an-ai-agent-to-fix-code-vulnerabilities-automatically.html\">CSO Online<\/a>, <a href=\"https:\/\/deepmind.google\/discover\/blog\/introducing-codemender-an-ai-agent-for-code-security\/\" title=\"\">Google Deepmind<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Microsoft Warns of \u2018Payroll Pirate\u2019 Attacks Hijacking HR SaaS Accounts to Divert Salaries<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>A financially motivated group dubbed Storm-2657 is using adversary-in-the-middle phishing to steal MFA codes, take over HR SaaS accounts like Workday, and redirect employee salary payments to attacker-controlled banks. <\/strong>Microsoft observed compromises at U.S. universities exploiting missing phishing-resistant MFA and hiding alert emails via inbox rules. Security teams should treat any system storing payroll or bank data as a high-risk target.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Since March 2025, 11 accounts at three U.S. universities were hijacked <\/strong>and used to send phishing to ~6,000 addresses across 25 institutions.<\/li>\n\n\n\n<li>Attackers leveraged AitM phishing links to capture credentials and one-time MFA codes for Exchange Online and SSO into Workday.<\/li>\n\n\n\n<li><strong>Inbox rules were auto-created to delete Workday notification emails, concealing unauthorized \u201cManage Payment Elections\u201d changes.<\/strong><\/li>\n\n\n\n<li>Persistent access achieved by enrolling attacker phone numbers as MFA devices in victim profiles.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deploy phishing-resistant MFA (e.g., FIDO2 security keys).<\/li>\n\n\n\n<li>Audit HR SaaS accounts for unknown MFA devices and inbox rules.<\/li>\n\n\n\n<li>Enforce manual approval for payroll and bank-account changes.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2025\/10\/09\/investigating-targeted-payroll-pirate-attacks-affecting-us-universities\/\">Microsoft Security Blog<\/a>, <a href=\"https:\/\/thehackernews.com\/2025\/10\/microsoft-warns-of-payroll-pirates.html\">The Hacker News<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6. China-Based Storm-2603 Abuses Velociraptor DFIR Tool in Multi-Ransomware Campaign<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Cisco Talos researchers discovered that the China-based group Storm-2603 deployed an outdated Velociraptor agent (v0.73.4.0) with a known privilege-escalation flaw (CVE-2025-6264) to maintain stealthy persistence and orchestrate Warlock, LockBit, and Babuk ransomware against VMware ESXi hosts and Windows servers.<\/strong> <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Attack first spotted August 2025 during a multi-vector ransomware response by Cisco Talos.<\/li>\n\n\n\n<li><strong>Storm-2603 used Velociraptor to launch commands post-isolation, <\/strong>disable Defender via GPO changes, and drop three ransomware strains.<\/li>\n\n\n\n<li>Overlap in TTPs: SharePoint exploitation, scheduled tasks, cmd.exe misuse, supports moderate-confidence attribution to Storm-2603.<\/li>\n\n\n\n<li><strong>Previous abuse of Velociraptor noted by Sophos CTU in August, including VS Code tunneling for C2 communications.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Inventory all Velociraptor agents <\/strong>and confirm upgrade to \u2265 v0.73.5.<\/li>\n\n\n\n<li>Audit endpoint logs for unexpected \u201cvelociraptor.exe\u201d services and scheduled tasks.<\/li>\n\n\n\n<li><strong>Implement application allowlisting to block unauthorized Velociraptor binaries.<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4070854\/open-source-dfir-velociraptor-was-abused-in-expanding-ransomware-efforts.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Prompt Injection Flaw in GitHub Copilot Chat Leaks AWS Keys from Private Repositories<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Security researchers uncovered a prompt injection vulnerability in GitHub Copilot Chat that used hidden comments in pull requests to trick the AI into leaking AWS keys and other secrets from private repos. <\/strong><br>The exploit chained a Content Security Policy bypass through GitHub\u2019s own image proxy (Camo) with remote prompt injection to exfiltrate data one character at a time. <br>GitHub has since patched the issue by disabling image rendering in Copilot Chat.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Attackers hide malicious prompts in Markdown comments within pull request descriptions, which Copilot still processes.<\/strong><\/li>\n\n\n\n<li>Exfiltration leveraged pre-generated signed Camo URLs for every letter to load invisible 1\u00d71 images, revealing secrets by request order.<\/li>\n\n\n\n<li><strong>Vulnerability rated 9.6 CVSS; <\/strong>fixed in August by disabling all external image rendering in Copilot Chat.<\/li>\n\n\n\n<li>Technique could also expose private tickets or issue content containing vulnerability disclosures.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Audit AI-assistant features for external resource rendering.<\/li>\n\n\n\n<li>Scan pull requests for hidden Markdown comments before analysis.<\/li>\n\n\n\n<li>Consider restricting Copilot Chat access to sensitive or private repositories.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4069887\/github-copilot-prompt-injection-flaw-leaked-sensitive-data-from-private-repos.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Crime groups LockBit, DragonForce and Qilin Form Ransomware Cartel to Coordinate Attacks<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Three leading RaaS groups\u2014LockBit, DragonForce and Qilin announced a cartel to share resources, techniques and market intelligence as law enforcement disrupts major operations.<\/strong> <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DragonForce proposed the coalition on dark web forums following <\/strong>LockBit\u2019s LockBit 5.0 release<\/li>\n\n\n\n<li>Cartel rules prohibit infighting and aim to \u201cdictate market conditions\u201d for affiliates<\/li>\n\n\n\n<li>LockBit now authorizes attacks on nuclear, thermal and hydroelectric power plants<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4070290\/lockbit-dragonforce-and-qilin-form-a-cartel-to-dictate-ransomware-market-conditions.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">9. 1Password Launches Secure Agentic Autofill to Protect AI Browser Agent Credentials<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>1Password teamed with Browserbase to introduce Secure Agentic Autofill, enabling AI browser agents to authenticate without exposing plaintext credentials.<\/strong> The feature uses end-to-end encryption, human approval prompts, and just-in-time credential injection to plug authentication blind spots as enterprises adopt agentic browsers. <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Agents often store unencrypted credentials in session storage or cookies<\/li>\n\n\n\n<li>Human-in-the-loop approval via 1Password extension before credential release<\/li>\n\n\n\n<li>Just-in-time delivery injects passwords and TOTP codes at runtime<\/li>\n\n\n\n<li>Detailed audit logs track when and how agents use credentials<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/1password.com\/solutions\/agentic-ai\" title=\"\">1Password<\/a><a href=\"https:\/\/www.darkreading.com\/identity-access-management-security\/1password-addresses-critical-ai-browser-agent-security-gap\">, Dark Reading<\/a>, <a href=\"https:\/\/siliconangle.com\/2025\/10\/08\/1password-tackles-ai-credential-risks-new-agentic-autofill-integration-browserbase\/\">SiliconANGLE<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">10. OpenAI Disrupts Chinese State-Linked Hackers Using ChatGPT for Malware and Phishing<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>OpenAI has banned dozens of ChatGPT accounts tied to Chinese government-affiliated hackers who leveraged the models to refine malware tooling and generate multilingual phishing campaigns. <\/strong>Since February 2024, the company has shut down over 40 networks abusing its AI, highlighting that these actors use ChatGPT to speed up existing operations, such as debugging GOVERSHELL-style code and crafting targeted lures, rather than inventing new attack methods.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The \u201cCyber Operation Phish and Scripts\u201d cluster used ChatGPT for code snippets linked to GOVERSHELL and HealthKick malware.<\/li>\n\n\n\n<li>Phishing templates were generated in Chinese, English and Japanese, targeting Taiwan\u2019s semiconductor industry, U.S. academia and PRC critics.<\/li>\n\n\n\n<li>Additional banned users drafted proposals for a \u201cHigh-Risk Uyghur-Related Inflow Warning Model\u201d and social-media monitoring tools for extremist content.<\/li>\n\n\n\n<li>OpenAI shared indicators of compromise with partners and continues investing in detection and disruption efforts.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/cybersecuritynews.com\/openai-banned-chatgpt-chinese-accounts\/\">Cybersecurity News<\/a>, <a href=\"https:\/\/cdn.openai.com\/threat-intelligence-reports\/7d662b68-952f-4dfd-a2f2-fe55b041cc4a\/disrupting-malicious-uses-of-ai-october-2025.pdf\">OpenAI October 2025 Report<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Discord Third-Party Breach Exposes Up to 70,000 ID Photos, Hackers Claim 2.1M<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Discord confirms a breach at its Zendesk customer-support vendor exposed up to 70,000 government ID photos and related user data, while extortionists claim they stole 1.5 TB, including 2.1 million ID images. <\/strong>Attackers compromised a support-agent account for 58 hours, highlighting the supply-chain risk of outsourced customer service. Discord has revoked vendor access, launched a forensic investigation, notified affected users, and refused to pay the ransom.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Breach occurred Sept 20 \u2013 22 via compromised BPO agent on Zendesk.<\/li>\n\n\n\n<li>Exposed data: names, emails, IPs, support chats, partial billing and ID photos.<\/li>\n\n\n\n<li>Hackers (Scattered Lapsus$ Hunters) demand ransom; Discord disputes 2.1M ID figure.<\/li>\n\n\n\n<li>Discord engaged a forensics firm, law enforcement, and ended partnership with the vendor.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/cybersecuritynews.com\/discord-data-breach-sensitive-data\/\">Cybersecurity News<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">12. SonicWall Confirms All MySonicWall Cloud Backup Users Impacted by Data Breach<\/h2>\n\n\n\n<pre class=\"wp-block-verse\">SonicWall has confirmed that t<strong>hreat actors accessed firewall configuration backup files for every customer using its MySonicWall cloud backup feature.<\/strong> Although these files remain AES-256 encrypted, they include detailed network and credential settings that raise the risk of targeted attacks, so administrators must review the portal\u2019s device list, prioritize internet-exposed firewalls, and apply SonicWall\u2019s remediation playbook immediately.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>An unauthorized party<strong> used a brute-force attack on the MySonicWall cloud backup API<\/strong> to steal .EXP files.<\/li>\n\n\n\n<li><strong>Exposed files contain AES-256-encrypted credentials plus configuration data<\/strong> (users, DNS, certificates, policies).<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Log into MySonicWall and open Product Management \u2192 Issue List.<\/li>\n\n\n\n<li>Prioritize remediation of Active \u2013 High Priority (internet-facing) firewalls.<\/li>\n\n\n\n<li>Follow the SonicWall playbook to reset all credentials and update affected keys.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4059008\/warning-brute-force-attacks-hitting-sonicwall-firewall-configuration-backups.html\">CSO Online<\/a>, <a href=\"https:\/\/www.sonicwall.com\/support\/knowledge-base\/mysonicwall-cloud-backup-file-incident\/250915160910330\">SonicWall<\/a>, <a href=\"https:\/\/arcticwolf.com\/resources\/blog\/sonicwall-concludes-investigation-incident-affecting-mysonicwall-configuration-backup-files\/\">Arctic Wolf<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Subscribe<\/h2>\n\n\n\n<p>Subscribe to receive weekly cybersecurity news summary to your inbox every Monday.<\/p>\n\n\n                <div class=\"ml-embedded\" data-form=\"pKq7EM\"><\/div>\n            \n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Weekly summary of latest cybersecurity news in October 2025.<\/p>","protected":false},"author":1,"featured_media":20721,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-20678","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/20678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/comments?post=20678"}],"version-history":[{"count":43,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/20678\/revisions"}],"predecessor-version":[{"id":20722,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/20678\/revisions\/20722"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media\/20721"}],"wp:attachment":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media?parent=20678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/categories?post=20678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/tags?post=20678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}