Daily Security Briefing 036

October 10, 2025 | Read Online

AI-driven autonomous hacking rises, massive U.S. ISP-targeted DDoS, npm packages weaponized for phishing and more…

Executive Summary

The cybersecurity landscape today is increasingly shaped by rapid advances in AI-driven threats and large-scale botnet attacks. Autonomous AI hackers have begun executing sophisticated cyberattacks with unprecedented speed and coordination, signaling a major shift in threat actor capabilities. Meanwhile, the largest botnet Aisuru launched record-breaking distributed denial-of-service (DDoS) floods primarily targeting U.S. internet service providers, raising concerns about collateral damage and defense complexity. Supply chain attacks continue with detection of numerous malicious npm packages used in credential phishing campaigns. Ransomware and backdoor malware are actively exploiting known vulnerabilities in enterprise devices, underscoring the persistent need for patching and zero trust adoption. Additionally, specialized threats targeting HR SaaS platforms and emerging extortion groups signal evolving targets for cybercriminals.

Top Articles

Autonomous AI Hacking and the Future of Cybersecurity
AI agents are rapidly advancing in their ability to autonomously execute complex cyberattacks at machine speed, chaining multiple stages of intrusion without human intervention. This development, now operationalized by criminals following industry validation, portends a fundamental change in the cybersecurity risk landscape and defensive strategies. The rapid adoption and escalation of AI hacking tools pose unprecedented challenges to detection and response.
Bruce Schneier

DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
Aisuru, currently the world’s largest and most disruptive botnet, drew the majority of its attack traffic from compromised IoT devices on major U.S. ISPs such as AT&T, Comcast, and Verizon. The botnet’s recent record-breaking traffic peaks complicate mitigation efforts and risk widespread collateral damage. Security experts warn that the concentration of vulnerable devices at U.S. providers requires coordinated and adaptive defense measures.
KrebsOnSecurity

175 Malicious npm Packages Targeting Tech and Energy Firms, 26,000 Downloads
Security researchers uncovered a large phishing campaign dubbed “Beamglea” that operates via 175 malicious npm packages, collectively downloaded over 26,000 times. These packages function as malicious infrastructure, redirecting developers and systems to credential harvesting sites. While random package names reduce accidental installs, the threat remains significant due to automated scans and dependency chains affecting teams in tech and energy sectors.
GBHackers

SonicWall SSL VPN Devices Targeted by Threat Actors to Deploy Akira Ransomware
Since July 2025, attackers exploiting CVE-2024-40766 have targeted SonicWall SSL VPN devices globally to deploy Akira ransomware across multiple industries. The threat actors use advanced credential theft and data exfiltration techniques that pose serious risks to enterprise networks still vulnerable to this known flaw. Organizations are urged to apply patches promptly and enhance monitoring of VPN endpoints.
CyberPress

Chaosbot Uses CiscoVPN and Active Directory Passwords to Execute Network Commands
The recently discovered Rust-based backdoor “ChaosBot” abuses compromised CiscoVPN credentials together with privileged Active Directory accounts to maintain stealthy control over impacted networks. This malware uses legitimate Microsoft Edge processes for DLL side-loading and leverages Discord for command-and-control communication, targeting financial environments with advanced evasion tactics.
CyberPress

Nanoprecise Partners with AccuKnox to Strengthen Zero Trust Cloud Security and Compliance Posture
Nanoprecise, an innovator in AI-driven predictive maintenance, has teamed with AccuKnox to enhance its cloud security governance and compliance through Zero Trust Cloud Native Application Protection. This partnership aims to solidify protections around IoT assets and critical infrastructure by adopting comprehensive Zero Trust frameworks suited to hybrid cloud environments.
GBHackers

Microsoft Warns of ‘Payroll Pirates’ Hijacking HR SaaS Accounts to Steal Employee Salaries
The threat group Storm-2657 is targeting U.S. organizations, particularly in higher education, by hijacking employee accounts on HR SaaS platforms like Workday. The goal of these “Payroll Pirates” is to redirect salary payments into attacker-controlled accounts, marking an alarming trend in financially motivated cloud service compromises.
The Hacker News

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers
Security analysts revealed that the Stealit malware campaign uses the Node.js Single Executable Application (SEA) feature, along with Electron framework components, to distribute malicious payloads embedded in game and VPN installers. This sophisticated method allows the malware to bypass certain security controls and infect Windows systems stealthily.
The Hacker News

Hackers Exploiting Zero-Day in Gladinet File Sharing Software
Attackers are actively exploiting a zero-day vulnerability (CVE-2025-11371) in Gladinet CentreStack and Triofox products that enables local unauthenticated file system access. This flaw poses a critical risk to organizations using these file sharing solutions and necessitates immediate attention and mitigation.
BleepingComputer

The Golden Scale: Bling Libra and the Evolving Extortion Economy
Cybercriminal alliance known as scattered Lapsus$ Hunters is targeting retail and hospitality sectors with increasingly sophisticated extortion campaigns. This emerging “Golden Scale” model illustrates the evolution of coordinated extortion activity that blends data breaches with public shaming and ransom demands. Organizations in targeted industries are advised to strengthen defenses and incident response plans.
Unit 42

Cybersecurity For Dummies, 3rd Edition eBook FREE for a Limited Time
As cyber threats escalate globally, the newly released third edition of “Cybersecurity For Dummies” is being offered for free for a limited period. This resource provides an accessible, up-to-date guide to protecting against ransomware, data breaches, and social engineering attacks for individuals and organizations alike.
BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.