Top 5 Cybersecurity News Stories October 23, 2025
Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:
1. “Jingle Thief” Hackers Exploit Cloud Infrastructure to Steal Millions in Gift Cards
A criminal group dubbed “Jingle Thief” is exploiting cloud- and Microsoft 365-based environments within retail and consumerservices firms to carry out large-scale gift-card issuance fraud. Research by Unit 42 found the group uses phishing and smishing to harvest credentials, then moves laterally inside corporate clouds to locate gift-card issuance systems, internal VPN/Citrix resources, and Office 365 workflows (including SharePoint/OneDrive) to issue unauthorized cards.
The attackers maintain persistence by registering rogue authenticator apps and covering tracks. The activity has reportedly persisted for months at some victims. Cloud-serving organisations must strengthen identity, access flow, and issuance workflow controls.
Read more on The Hacker News
2. Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide
Europol, working with national law-enforcement agencies in Austria, Estonia, Finland and Latvia, has disrupted a cyber-crime-as-a-service (CaaS) SIM-farm network called “SIMCARTEL” that supported at least 49 million fake online accounts. The takedown included seizures of about 1,200 SIM-box devices, around 40,000 active SIM cards, five servers and luxury assets, with seven arrests.
The infrastructure was used for phishing, investment scams, fake-account creation and identity fraud across more than 80 countries and thousands of individual fraud cases. Telecom and online-platform operators are urged to strengthen SIM-box detection and account-creation controls.
Read more on The Hacker News
3. Meta launches new anti-scam tools for WhatsApp and Messenger
Meta has introduced a suite of new anti-scam features across its messaging services—WhatsApp and Messenger—to combat rising fraud. Notably, the tools include group-invite safety overviews, contextual warnings for chats from unknown contacts, and AI-driven detection of scam messages.
Meta disclosed it took down over 6.8 million WhatsApp accounts linked to organised scam centres during the first half of 2025. Emphasis is on protecting users from multi-platform scam campaigns originating from Southeast Asian networks. Users are encouraged to “pause → question → verify” before responding to unsolicited messages.
Read more on BleepingComputer
4. Iranian hackers targeted over 100 govt orgs with Phoenix backdoor
A coordinated campaign attributed to Iran-linked threat actors targeted more than 100 government institutions across multiple countries using a multi-stage backdoor called Phoenix. The actors leveraged credential-spraying, spear-phishing and forged documents to compromise networks, then deployed the Phoenix payload to conduct reconnaissance, escalate privileges and maintain persistent access.
Victims include national ministries, public-service bodies and infrastructure operators. The campaign illustrates the blurred lines between espionage and disruptive cyber-operations, as governments must consider digital threats not just as data-leak events but as potential service-disrupt incidents.
Read more on BleepingComputer
5. Jaguar Land Rover hack cost UK economy an estimated $2.5 billion, report says
A cyberattack on Jaguar Land Rover (JLR) in August 2025 resulted in a shutdown of UK operations and an estimated economic loss of about £1.9 billion (≈US $2.55 billion), according to a report by the Cyber Monitoring Centre (CMC). The disruption impacted three UK factories, halted production of approximately 1,000 vehicles per day, and affected some 5,000 supplier organisations.
Much of the cost is attributed to lost manufacturing output rather than data theft. The UK government provided a £1.5 billion loan guarantee to support JLR’s supply chain. The incident underscores the evolving threat where cyberattacks transition into severe national-economic events.
Read more on Reuters
At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.
For more information, please contact us now!
