Top 5 Cybersecurity News Stories October 10, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. 175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Security researchers have identified 175 malicious npm packages, collectively downloaded approximately 26,000 times, used to carry out credential phishing attacks. The packages embed scripts that prompt users for login or API keys, essentially acting as trojanized utilities. Many mimic legitimate package names to maintain stealth.

Analysts warn that these packages exploit trust in the open-source ecosystem and pose serious supply chain risk, even beyond direct dependency usage. Organizations are urged to audit dependencies, verify package signatures, and deploy runtime detection to spot abnormal behavior.
Read more on The Hacker News

2. Hack on Japan’s biggest brewer renews concerns over cyberattack readiness

Asahi Group Holdings, a major Japanese beverage producer, confirmed that a cybersecurity incident beginning September 29 disrupted its systems nationwide. The company declared a “system failure” due to a ransomware attack, forcing suspension of order processing, shipments, and call center operations.

Asahi has formed an Emergency Response HQ to assess impact and restore functionality, while withholding full technical details to prevent further damage. Some factories have resumed work manually, but supply chain effects and product shortages are emerging. Analysts view the incident as a sobering reminder of critical infrastructure vulnerability.
Read more on CNN

3. Microsoft: Hackers target universities in “payroll pirate” attacks

A threat group tracked as Storm-2657 is launching targeted attacks against U.S. university human resources staff, aiming to hijack payroll systems since March 2025. The campaign—dubbed “Payroll Pirates”—leverages phishing, credential theft, and redirection of salary payments to attacker-controlled accounts.

Attackers often masquerade as internal HR systems or payroll vendors to trick users into providing login credentials. The scheme capitalizes on trust relationships within academic institutions and highlights the risk of internal systems abuse. Institutions are advised to enforce multi-factor authentication, monitor payroll changes, and strengthen employee phishing awareness.
Read more on BleepingComputer

4. Hackers claim Discord breach exposed data of 5.5 million users

Hackers assert they breached a third-party vendor for Discord’s support platform and obtained data from 55 million users, including usernames, emails, IPs, and support tickets. Discord has confirmed a limited breach tied to its customer support service, affecting users who interacted with its Trust & Safety or support channels.

It emphasized that passwords and authentication tokens were not compromised. Discord has revoked vendor access, launched forensic investigations, and begun notifying impacted users. The incident underscores risks in outsourcing user-data management to third-party providers.
Read more on BleepingComputer

5. Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

A zero-day exploit in the Service Finder WordPress theme enables unauthenticated attackers to bypass login controls and assume administrator accounts. The vulnerability affects sites using this popular theme, allowing adversaries to escalate privileges, manipulate content, install backdoors, or pivot across the infrastructure.

Researchers report attackers are already actively exploiting the flaw in the wild. Mitigation requires immediate patching or removal of vulnerable themes, as well as reviewing access logs for unusual activity and resetting credentials for exposed sites.
Read more on The Hacker News

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!