TAAUS Top Ten - October 2025

There is never a dull moment in the managed information technology and cybersecurity space. Here is our TAAUS Top Ten of cybersecurity-related articles that came across the inbox for October 2025 – as always, be vigilant!

Gmail Passwords Confirmed Within 183 Million Account Infostealer Leak

- Forbes

Adding the details of website URLs, email addresses and passwords to the Have I Been Pwned database, owner Troy Hunt said the data consisted of both “stealer logs and credential stuffing lists” including confirmed Gmail login credentials.

Researchers expose large-scale YouTube malware distribution network

- Help Net Security

Check Point researchers have uncovered, mapped and helped set back a stealthy, large-scale malware distribution operation on YouTube they dubbed the “YouTube Ghost Network.”

LastPass Warns Of Hack Threat, Says ‘Do Not Change Master Password’

- Forbes

The hugely popular LastPass password manager has not been hacked. This is official and confirmed by LastPass itself, which has issued a warning to users after a hacking campaign using emails stating the precise opposite and urging users to download a malicious update in order to steal master passwords.

SonicWall VPNs face a breach of their own after the September cloud-backup fallout

- CSO

A fresh wave of credential-driven campaigns has impacted over 100 SSLVPN accounts across more than a dozen organizations.

Salesforce says social engineering to blame for breaches leading to ransom demands

- Martech

Salesforce said its platform wasn’t compromised, but that’s little consolation to the companies and consumers potentially impacted.

Zimbra Zero-Day Exploited to Target Brazilian Military via Malicious ICS Files

- The Hacker News

A now patched security vulnerability in Zimbra Collaboration was exploited as a zero-day earlier this year in cyber attacks targeting the Brazilian military.

Microsoft Releases Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability, CVE-2025-59287

- CISA

Microsoft released an update to address a critical remote code execution vulnerability impacting Windows Server Update Service (WSUS) in Windows Server (2012, 2016, 2019, 2022, and 2025), CVE-2025-59287, that a prior update did not fully mitigate.

CISA and NSA share tips on securing Microsoft Exchange servers

- Bleeping Computer

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have released guidance to help IT administrators harden Microsoft Exchange servers on their networks against attacks.

US Stands Out in Refusal to Sign UN Cybercrime Treaty

- Dark Reading

The agreement aims to help law enforcement prosecute cross-border cybercrime, but the final treaty could allow unchecked surveillance and human-rights abuses, critics say; and, it includes no protection for pen testers.

WordPress security plugin exposes private data to site subscribers

- Bleeping Computer

The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information.

Stay Ahead of the Next Threat

Cybersecurity is constantly evolving, and so are the attackers. Stay informed with expert insights, best practices, and real-world threat updates from TAAUS Secure Technologies.

Sign-up for our newsletter or contact TAAUS Secure Technologies to schedule a consultation and protect your business before the next attack.