Author | Lightnews

The Friday Wrap up @thefwu.com · 4h

Discover how AI revolutionizes Governance, Risk, and Compliance (GRC) by streamlining processes, enhancing decision-making, and improving efficiency. Learn practical tactics to stay ahead in the cybersecurity landscape. #AIinGRC

Discover Practical AI Tactics for GRC — Join the Free Expert Webinar

AI is revolutionizing GRC—automating audits, exposing hidden risks, and redefining compliance faster than regulators can react.

thehackernews.com

The Friday Wrap up @thefwu.com · 7h

Microsoft fixed an issue that stopped the Media Creation Tool from working on some Windows PCs, mainly due to system file problems causing update failures. #WindowsFix

Microsoft fixes Media Creation Tool broken on some Windows PCs

Microsoft has confirmed that the Windows 11 Media Creation Tool (MCT) is working again on Windows 10 22H2 and Windows 11 25H2 systems.

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 1d

Early threat detection in cybersecurity is crucial for minimizing damage and costs. By identifying threats early, organizations can protect data and maintain trust. Learn how proactive monitoring and updated defenses can mitigate risks. #CyberSecurityEssentials

Why Early Threat Detection Is a Must for Long-Term Business Growth

Early detection turns cyber risk into business advantage with ANY.RUN’s live threat intelligence and instant context.

thehackernews.com

The Friday Wrap up @thefwu.com · 1d

Microsoft Copilot now helps users build apps and automate tasks with natural language, making complex workflows easier for everyone—no coding needed. Perfect for boosting productivity. #MicrosoftCopilot

Microsoft: Copilot now lets you build apps, automate workflows

Microsoft announced today a new Microsoft 365 Copilot agent called App Builder that can help users create and deploy apps "in minutes."

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 2d

WSUS, key to Windows updates, faced exploits with significant risk. LockBit 3.0 ransomware updates to 5.0, growing in threat. New zero-day vulnerability trends demand attention. Learn about cybersecurity trends and protection. #CyberAware

⚡ Weekly Recap: WSUS Exploited, LockBit 5.0 Returns, Telegram Backdoor, F5 Breach Widens

Active WSUS exploits, LockBit 5.0’s comeback, a Telegram backdoor, and F5’s hidden breach — this week’s biggest cyber threats.

thehackernews.com

2

The Friday Wrap up @thefwu.com · 2d

QNAP warns users that its Windows backup tool is vulnerable due to a serious ASP.NET flaw, the same one affecting many apps using the open-source library. Quick patching is key to stay safe. #CybersecurityAlert

QNAP warns of critical ASP.NET flaw in its Windows backup software

QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device.

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 3d

APT36 is targeting Indian government agencies using malicious Android apps disguised as VPN tools to steal data. This highlights the risks of downloading apps from untrusted sources. #CyberSecurityThreats

APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign

Transparent Tribe and allied APTs expand cross-platform malware attacks across South and East Asia in 2025.

thehackernews.com

The Friday Wrap up @thefwu.com · 3d

Hackers are actively exploiting a serious flaw in Windows Server’s WSUS system, allowing them to run malicious code. This vulnerability could let attackers gain deep access to systems if left unpatched.
#WindowsSecurity

Critical WSUS flaw in Windows Server now exploited in attacks

Attackers are now exploiting a critical-severity Windows Server Update Service (WSUS) vulnerability, which already has publicly available proof-of-concept exploit code.

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 5d

This week in cybersecurity: £1.9B breach, AWS took down smart beds, Microsoft patches broke more than they fixed, and 40% of ransomware victims paid up but still lost data.
Your weekly reminder that nothing is truly secure. 🔥

Friday Wrap Up: 24 October 2025

Another week, another reminder that cybersecurity never takes a coffee break!

thefwu.com

The Friday Wrap up @thefwu.com · 6d

Balancing AI efficiency with robust security is crucial. New strategies focus on scalable, fast, and secure AI deployment. Discover these vital techniques to ensure AI safety and performance. #AICyberSecurity

Secure AI at Scale and Speed — Learn the Framework in this Free Webinar

99% of enterprise AI identities lack management—learn how to secure and accelerate AI adoption.

thehackernews.com

The Friday Wrap up @thefwu.com · 6d

Microsoft brings Clippy back as a new AI Copilot avatar, blending nostalgia with advanced productivity tools in Windows 11. This upgrade makes AI assistants more helpful and expressive across apps. #AICopilot

Meet the new Clippy: Microsoft unveils Copilot's "Mico" avatar

Today, Microsoft introduced Mico, a new and more personal avatar for the AI-powered Copilot digital assistant, which the company describes as human-centered.

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 7d

Chinese threat actors exploit ToolShell malware for cyber espionage. Awareness is crucial to boost defenses against such advanced threats targeting sensitive data and systems across various sectors. #CyberSecurityThreats

Chinese Threat Actors Exploit ToolShell SharePoint Flaw Weeks After Microsoft's July Patch

Chinese threat actors exploited a patched SharePoint flaw, CVE-2025-53770, in global espionage attacks.

thehackernews.com

The Friday Wrap up @thefwu.com · 7d

A critical flaw in an old Rust library called 'tar' could let hackers run malicious code remotely. Though no longer maintained, it's still used in many projects—making it a hidden risk in the software supply chain. #TarmageddonRisk

TARmageddon flaw in abandoned Rust library enables RCE attacks

A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software.

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 8d

AI's security is crucial for maximizing its benefits. Protecting AI involves addressing privacy issues, data integrity, and ethical use. Understanding these can enhance technology's potential. #AISecurity

Securing AI to Benefit from AI

SANS unveils AI security blueprint defining six control domains to secure models, data, and identities.

thehackernews.com

The Friday Wrap up @thefwu.com · 8d

Hackers at Pwn2Own Ireland cracked 34 zero-day vulnerabilities on day one, exposing serious software flaws in security and enterprise tools. These quick finds show just how fast skilled researchers can uncover hidden risks. #Pwn2Own2024

Hackers exploit 34 zero-days on first day of Pwn2Own Ireland

On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-days and collected $522,500 in cash awards.

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 9d

Recent cyber threats include F5 breaches and evolving Linux rootkits. Understanding current tactics helps safeguard against potential risks. Stay informed about these developments. #CyberSecurityUpdate

⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More

⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks...

thehackernews.com

The Friday Wrap up @thefwu.com · 9d

Over 75,000 WatchGuard firewalls are at risk due to a critical flaw allowing remote code execution. Many remain unpatched, putting networks in serious danger. #CyberSecurityThreat

Over 75,000 WatchGuard security devices vulnerable to critical RCE

Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code without...

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 10d

Microsoft has removed more update blocks on Windows 11, allowing more devices to upgrade smoothly. Fixes include compatibility with certain apps and drivers. Updates are rolling out gradually to ensure system stability.
#Windows11Update

Microsoft lifts more safeguard holds blocking Windows 11 updates

Microsoft has removed two more compatibility holds preventing customers from installing Windows 11 24H2 via Windows Update.

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 12d

Cybersecurity chaos: Nation-states breached F5, 6B records leaked, Harvard hacked via Oracle zero-day, YouTube crashed globally. Microsoft's highest-ever severity score dropped. AI guardrails bypassed. NK malware in job scams. 23 stories of digital mayhem 🔐

thefwu.com/p/friday-wra...

Friday Wrap Up: 17 October 2025

Another wild week in cybersecurity!

thefwu.com

The Friday Wrap up @thefwu.com · 13d

North Korean hackers are using malware called "BeaVerTail" with an exploit kit named "GoldDragon." This combo targets defense and energy sectors for data theft. Protecting sensitive info is crucial. #CyberDefense

North Korean Hackers Combine BeaverTail and OtterCookie into Advanced JS Malware

OtterCookie v5 merges BeaverTail features with new keylogging and blockchain-based C2 tactics.

thehackernews.com

The Friday Wrap up @thefwu.com · 13d

Understanding new security architectures helps businesses tackle evolving risks. Learn about adoption strategies to protect your organization from future threats. #CyberSecurityEssentials

Architectures, Risks, and Adoption: How to Assess and Choose the Right AI-SOC Platform

AI-SOC adoption soars as organizations battle 3,000 daily alerts; SACR 2025 outlines key models and risks.

thehackernews.com

The Friday Wrap up @thefwu.com · 13d

Microsoft stopped hackers from spreading ransomware through fake Teams chats by disabling accounts the attackers used. They also blocked tools that helped them get in. It’s a reminder that even trusted apps can be targets. #CyberSecurity

Microsoft disrupts ransomware attacks targeting Teams users

Microsoft has disrupted a wave of Rhysida ransomware attacks in early October by revoking over 200 certificates used to sign malicious Teams installers.

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 14d

Attackers found a way to bypass synced passkeys, posing significant risks to online accounts by exploiting synchronization flaws in cloud-based systems. This highlights the need for robust security measures. #CybersecurityUpdate

How Attackers Bypass Synced Passkeys

Synced passkeys expose enterprises to cloud takeover, browser hijacks, and downgrade attacks.

thehackernews.com

The Friday Wrap up @thefwu.com · 14d

September 2025 updates for Windows Server are causing problems in Active Directory, including replication and authentication failures. Microsoft is investigating and may provide workarounds soon. #ActiveDirectoryIssues

Microsoft: Sept Windows Server updates cause Active Directory issues

Microsoft has confirmed that the September 2025 security updates are causing Active Directory issues on Windows Server 2025 systems.

www.bleepingcomputer.com

The Friday Wrap up @thefwu.com · 15d

Cybersecurity needs more than just awareness; it's about taking robust, proactive actions to tackle threats effectively. Discover how organizations can step up their game in threat management. #CybersecurityEvolution

Moving Beyond Awareness: How Threat Hunting Builds Readiness

Proactive threat hunting turns cybersecurity awareness into readiness by closing gaps misconfigurations create.

thehackernews.com