Cyber Briefing: 2025.10.07

Hackers and threat actors continue to target major tech companies, exposing source code, stealing data, and exploiting vulnerabilities in platforms like Huawei, Red Hat, and Unity.

Oct 07, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1.XWorm 6.0 Returns With New Plugins

A versatile and evolving piece of malware, XWorm, has transformed into a modular toolkit for cybercriminals, enabling a wide range of malicious activities. Developed by the “EvilCoder” threat actor, it’s primarily spread through phishing emails and fake software installers, and its latest version, 6.0, includes over 35 specialized plugins for tasks like data theft, ransomware, and remote control.

2. Rhadamanthys Stealer Evolves Again

The cybercrime group behind Rhadamanthys, now rebranded as “RHAD security” and “Mythical Origin Labs,” is expanding its business by offering new tools and updating its flagship information stealer. The updated Rhadamanthys malware now includes advanced features like device and browser fingerprinting, and a unique method to evade detection by security researchers.

3. Steam And Microsoft Warn Of Unity Flaw

A vulnerability in the Unity game engine allows for code execution on Android and privilege escalation on Windows, prompting major game companies like Valve and Microsoft to issue warnings and recommend updates. This flaw, tracked as CVE-2025-59489, affects the engine’s runtime component and can be exploited by malicious applications to execute code with the same privileges as the vulnerable game.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Red Hat Data Breach Escalates Further

A hacker group called Crimson Collective claimed to have breached Red Hat’s internal GitLab instance, stealing approximately 570 GB of data, including customer engagement reports. The group is now collaborating with the ShinyHunters gang to extort Red Hat and has threatened to leak the stolen data publicly if a ransom is not paid.

5. Threat Actors Claim Huawei Breach

A threat actor is attempting to sell what they claim is Huawei’s internal source code and development tools on the dark web, following an alleged data breach. If confirmed, the breach could expose the company’s global infrastructure to new vulnerabilities and further damage its reputation..

6. FC Barcelona Instagram Hacked By Scam

The Spanish football club’s official Instagram page was hacked with a cryptocurrency scam that was left up for four hours.

For more incidents, click here!

Click to Report

📢 Cyber News

7. Security Firm Exposes Beijing Institute

Chinese cybersecurity firm BIETA and its subsidiary CIII are likely front organizations for China’s Ministry of State Security (MSS), the country’s main intelligence service. The two companies research and sell technology that supports intelligence, counterintelligence, and military operations.

8. Zeroday Cloud Hacking Contest Offers 4.5M

Wiz’s new hacking contest, Zeroday Cloud, will offer a $4.5 million prize pool for researchers who find exploits in open-source cloud and AI tools. The competition is partnered with major cloud providers and will take place in London this December.

9. LinkedIn Sues ProAPIs Over Fake Accounts

LinkedIn has sued ProAPIs Inc. and its founder, Rehmat Alam, for allegedly using over a million fake accounts to scrape data from the professional networking platform. LinkedIn is seeking a permanent injunction, the deletion of all scraped data, and monetary damages.

For more news click here

Check Events

📈Cyber Stocks

On Tuesday, 7th October, cybersecurity stocks traded mostly higher as investor optimism returned to the sector following recent weakness. Renewed focus on AI-driven defense innovation, continued enterprise cloud adoption, and rising global cyber tensions supported sentiment across most names. However, some investors remained cautious about valuations and integration risks following a wave of M&A activity in the space.

CrowdStrike closed near $493, edging higher as momentum from its Fal.Con 2025 announcements on AI and “agentic SOC” innovation fueled optimism about long-term growth.
Zscaler ended around $308, gaining modestly on continued demand for zero-trust security amid accelerating enterprise cloud transitions.
Palo Alto Networks finished near $210, supported by investor confidence in the integration of CyberArk and its broader AI-enhanced security stack.
Okta settled close to $95, rising on expectations of new contract wins and growing traction in AI-powered identity security.
Fortinet closed around $86, advancing slightly as heightened geopolitical tensions reinforced demand for robust network protection solutions.

💡 Cyber Tip

⚠️ Urgent Security Update for Unity-Based Games

A critical vulnerability in the Unity game engine has been discovered that could allow for malicious code execution on user devices. This issue affects a vast number of games and applications, and developers and players alike must take immediate action to protect their systems.

✅ What you should do

For Developers: Update your Unity editor to the newest version, then recompile and redeploy your applications. If this isn’t possible, replace the UnityPlayer.dll file in your existing builds with a patched version provided by Unity.
For Players: Check for new game updates from publishers. If an update isn’t available, consider uninstalling vulnerable games until a patched version is released. Platforms like Steam and Microsoft have already issued warnings and may have implemented their own fixes.

🔒 Why this matters

This vulnerability, tracked as CVE-2025-59489, could allow a malicious app to execute code on your device with the same privileges as the affected game. This could lead to a compromise of your system, potentially exposing confidential information or causing further damage.