Cyber Briefing: 2025.10.16

Fake password apps, Fortinet & Ivanti patches, VSCode crypto theft, F5 hack, YouTube down, Mango breach, Capita fined, $14B crypto scam, hacker jailed.

Oct 16, 2025

👉 What’s happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Fake Password Manager Hijack PCs

Phishing emails are impersonating LastPass and Bitwarden, claiming the password managers were hacked. The messages urge users to download a fake “more secure” app, which actually installs remote monitoring software, giving attackers access to their devices.

2. Fortinet And Ivanti Patch Severe Flaws

Fortinet and Ivanti issued critical October 2025 Patch Tuesday updates, collectively fixing dozens of vulnerabilities, many of which are high-severity and impact key products like FortiOS, FortiDLP, and Ivanti EPMM. These patches address risks ranging from authentication bypass and privilege escalation to arbitrary code execution, and both vendors urge immediate deployment despite no current evidence of in-the-wild exploitation.

3. Malicious VSCode Extensions Steal Crypto

Threat actor TigerJack is using malicious extensions on Microsoft’s Visual Code (VSCode) marketplace and the OpenVSX registry to steal cryptocurrency and plant backdoors. The group’s campaign, which has distributed at least 11 extensions this year, was discovered by Koi Security.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. F5 Reports Hackers Stole Source Code

State-sponsored hackers recently breached F5, a security and application delivery company, stealing sensitive information including source code and vulnerability data from systems related to its flagship BIG-IP platform. Although some customer data was exposed, F5 says there’s no evidence of critical vulnerabilities being exploited or modifications to its software supply chain.

5. YouTube Down Globally With Playback Errors

YouTube is experienced a global outage with users reporting issues watching videos on both the website and mobile apps. The outage, which began about 30 minutes ago, is affecting regions including the U.S., Europe, India, Japan, and Australia, and the cause is still unknown.

6. Spanish Retailer Mango Discloses Breach

MANGO, a global fashion brand with a significant international presence, has disclosed a data breach that affected customer personal information. The company, headquartered in Barcelona and founded in 1984, operates over 2,850 stores across 120 countries and employs 16,400 people. With 2024 revenues of €3.3 billion, MANGO has established itself as a major player in the fashion industry, with key markets including Spain, France, and the United States, and online sales accounting for about one-third of its total revenue.

For more incidents, click here!

📢 Cyber News

7. Capita Fined 14 Million Pounds For Breach

The UK’s data watchdog, the Information Commissioner’s Office (ICO), has fined business services provider Capita £14 million after a 2023 data breach exposed the personal data of 6.6 million individuals, including hundreds of pension plan members. The fine was reduced from an initial £45 million because the company admitted fault and implemented significant security upgrades.

8. US Charges Executive In Crypto Scam

The U.S. government has seized over $14 billion in bitcoin and charged Cambodian conglomerate founder Chen Zhi in a massive cryptocurrency scam, accusing him and co-conspirators of using forced labor to defraud investors. The proceeds were allegedly used to purchase luxury goods, including yachts, jets, and a Picasso painting.

9. PowerSchool Hacker Sentenced To Four Years

A Massachusetts college student, Matthew D. Lane, has been sentenced to four years in prison for hacking and extorting two companies, including PowerSchool, out of millions of dollars. Lane was also ordered to pay $14 million in restitution and a $25,000 fine.

For more news click here

Check Events

📈Cyber Stocks

On Thursday, 16th October, cybersecurity stocks traded largely flat as investors paused after a volatile week in the broader tech market. Sentiment remained cautious amid concerns over high valuations and mixed earnings guidance, though steady enterprise demand and geopolitical cyber risks helped cushion deeper losses. The market’s tone reflected consolidation, with modest moves across major pureplay names.

CrowdStrike closed at $489.02, unchanged, as investors took a breather after recent gains, awaiting fresh catalysts for its AI-driven growth story.
Zscaler ended at $302.35, up 0.18%, supported by consistent demand for its zero-trust solutions and optimism around enterprise cloud adoption.
Palo Alto Networks finished at $206.70, down 0.4%, weighed by investor caution over margin pressures and execution risks from ongoing acquisitions.
Okta settled at $88.35, down 0.8%, as valuation concerns and competitive challenges in identity management limited upside momentum.
Fortinet closed at $83.58, up 0.6%, with demand for network security buoyed by heightened geopolitical tensions and cyberattack concerns.

💡 Cyber Tip

Fake Password Manager Alerts Hijack PCs

Hackers are impersonating LastPass and Bitwarden in a phishing campaign that tricks users into downloading fake “secure” apps. The emails claim the password managers were hacked and urge recipients to install a new desktop version. In reality, the download installs remote monitoring tools such as Syncro and ScreenConnect, giving attackers full access to the victim’s computer. Both companies have confirmed that they have not suffered any breaches and warned users to delete these messages immediately.

🔐 What You Should Do

Do not click on links or download files from unsolicited password manager emails.
Verify any alerts or updates by visiting the official LastPass or Bitwarden websites directly.
Check email sender domains carefully. Legitimate alerts will not come from domains like lastpasspulse.blog or bitwardenbroadcast.blog.
If you downloaded a suspicious file, disconnect from the internet immediately and run a full antivirus or EDR scan.
Enable multi-factor authentication for your password manager and monitor for unusual logins.

⚠️ Why This Matters

This campaign exploits users’ trust in password managers and their fear of breaches. Once installed, the fake software gives attackers full control of a computer, allowing theft of credentials, data, and personal files. Staying cautious with email links and verifying security alerts through official sources are key to avoiding compromise.