Intro Snapshot
Today’s reports hit deep infrastructure attacks, nation-state strategizing, credential vault exploitation, and phishing schemes adapted to invoicing workflows. All of them revolve around trust breaking—whether in routers, secrets stores, or billing systems. The question becomes: how do you revoke trust across so many layers?
1) Hackers deploy Linux rootkits via Cisco gear
Full URL: https://thehackernews.com/2025/10/hackers-deploy-linux-rootkits-via-cisco.html
Threat actors have been using compromised Cisco appliances to deploy Linux rootkits, giving them persistent, stealthy control over corporate networks. Because the rootkits live at OS-level in devices already trusted for routing, they’re very hard to detect.
2) China hackers use AI-optimized attacks against Taiwan
Full URL: https://www.darkreading.com/threat-intelligence/china-hackers-ai-optimized-attack-taiwan
A Chinese group is reportedly using AI to refine targeting, intrusion timing, phishing content, and escalation logic in campaigns directed at Taiwan—illustrating how AI gives adversaries precision and agility in geopolitical contexts.
3) Cyber attackers increasingly target LastPass & password managers
Full URL: https://www.darkreading.com/cyberattacks-data-breaches/cyberattackers-target-lastpass-password-managers
Attackers are shifting focus to vault systems like LastPass, aiming to obtain master secrets, vault blobs, or encryption keys. If successful, they gain a single point of total exposure across connected accounts and services.
4) KnowBe4 warns of new PayPal invoice phishing campaign
Full URL: https://www.itsecurityguru.org/2025/10/16/knowbe4-warns-of-new-paypal-invoice-phishing-scam/?utm_source=feedly&utm_medium=rss&utm_campaign=knowbe4-warns-of-new-paypal-invoice-phishing-scam
An evolving phishing campaign is distributing fake PayPal invoices to individuals and businesses. The emails mimic legitimate billing notices with links to credential harvesting or payment redirection sites. The campaign is designed to evade spam filters by using familiar invoice structures.
Key Takeaways
Infrastructure as attack vector: Rootkits on Cisco gear show how control of core networking devices can bypass many endpoint defenses. AI becomes battlefield advantage: AI-driven campaigns let nation-state players scale targeting and adaptation in real time. Vault compromise is extreme leverage: Targeting password managers is a high-lift/high-payoff move for adversaries. Billing phishing is evolved social engineering: Attackers are leaning on business workflows (invoices, payments) to cross user guardrails.