October 23rd, 2025
A massive set of stolen credentials — ~183 million unique username/password combinations — has been added to the free breach-checking service Have I Been Pwned (HIBP).
These credentials were harvested via infostealer malware (software that secretly steals data from infected machines).
From that set, ~16.4 million email addresses had never appeared in any prior leak.
September 30th, 2025
KNP Logistics Group (UK, operating 158 years, ~500 trucks) was hit by a ransomware attack by the Akira group after hackers guessed an employee’s weak, internet‑facing password.
Because no multi-factor authentication (MFA) protected that access, the attackers moved laterally, encrypted systems, and destroyed backups and disaster recovery.
The ransom demanded was ~£5 million — far more than KNP could pay. The company lost operations, entered administration, and 700 employees lost their jobs.
September 17th, 2025
ReversingLabs discovered a self-replicating worm, coined Shai-hulud (named after the giant sand worm in the Dune series) infecting packages on the npm registry.
The worm takes over compromised maintainers’ npm accounts and injects malicious code into their public and private packages so downloads spread the worm further.
It harvests developer/cloud secrets (tokens for npm, GitHub, AWS, GCP) and installs TruffleHog to hunt for hundreds of secret types; it has also made some private GitHub repositories public.
September 8, 2025
Security firm ESET uncovered a novel ransomware variant dubbed PromptLock, believed to be the first AI-powered ransomware.
Researchers at NYU Tandon confirmed they authored the code as part of a research project named Ransomware 3.0 ("Self-Composing and LLM-Orchestrated"), with intent to expose potential future threats. PromptLock is considered to be Proof-of-Concept (PoC), and while it has yet to be observed in real world attacks, it is theoretically capable of autonomously scanning files, deciding which to exfiltrate or encrypt, and can even destroy data altogether.
