DNS failure leads to AWS outage
Was anyone marked safe from the AWS outage on Monday? Yeah, I didn’t think so. An Amazon Web Services (AWS) outage took down dozens of global platforms including Amazon, Snapchat, Roblox, Hulu, and financial apps like Robinhood and Coinbase. The disruption stemmed from a Domain Name System (DNS) failure in AWS’s critical US-East-1 region in Northern Virginia, impacting at least 28 AWS services. AWS says the issue was resolved Monday morning after engineers identified and mitigated the DNS problem, though lingering effects could be felt by those trying to get through the workday.
China accuses NSA of hacking national time center
China has accused the U.S. National Security Agency (NSA) of carrying out cyberattacks on its National Time Service Center, claiming the attacks exploited messaging service vulnerabilities and 42 types of “special cyberattack weapons” between 2022 and 2024. The center maintains and distributes China’s official standard time, which supports critical systems like communications, financial networks, power grids, transport, and defense, meaning any disruption could have widespread consequences. The U.S. has not responded to the allegations.
Chrome store flooded with high-risk WhatsApp automation
Researchers uncovered a large-scale campaign abusing 131 rebranded WhatsApp Web automation extensions for Chrome to spam Brazilian users. The extensions, all built on the same codebase, inject scripts directly into WhatsApp Web to automate bulk messaging while bypassing anti-spam limits, and collectively have over 20,900 active users. The campaign has been ongoing for at least nine months, with updates still appearing as of October 17, 2025.
Microsoft update issues
Microsoft’s October 2025 Windows security updates are causing smart card authentication and certificate issues across Windows 10, Windows 11, and Windows Server, stemming from a change to strengthen Cryptographic Services. The update switches RSA-based smart card certificates from Cryptographic Service Provider (CSP) to Key Storage Provider (KSP), which can trigger login failures, errors in apps using certificate-based authentication, and “invalid provider type specified” messages. A temporary fix involves manually disabling the new registry key, DisableCapiOverrideForRSA, but Microsoft warns this key will be removed in April 2026.
(Bleeping Computer), (Microsoft)
Huge thanks to our sponsor, ThreatLocker
Swedish home security company breached
Verisure reported a data breach at its Swedish subsidiary, Alert Alarm, affecting around 35,000 current and former customers. The compromised data includes names, addresses, emails, and social security numbers, though Verisure’s main network across Europe and Latin America was not impacted. The breach comes just a week after Verisure’s €3.2 billion IPO, which saw shares drop more than 5%, and Swedish authorities have opened an investigation into suspected blackmail and an aggravated data breach.
Hundreds of thousands remain exposed in F5 breach
A follow up to a story we first reported last week. More than 262,000 F5 BIG-IP devices remain exposed online after the company confirmed a breach by nation-state hackers. The attackers stole source code and data after gaining access to F5’s BIG-IP development and engineering systems. F5 said there were no signs of compromise in its financial, cloud, or CRM systems, and only limited customer configuration data was taken. The breach has been privately linked to the China-based threat group UNC5221 which was found to be active in the network for at least a year.
Windows SMB attacks continue
CISA warns that threat actors are actively exploiting a high-severity Windows SMB vulnerability, CVE-2025-33073, that lets attackers gain SYSTEM privileges on unpatched systems. The flaw affects all Windows Server, Windows 10, and Windows 11 versions up to 24H2 and was patched in June 2025, though proof-of-concept details were publicly available beforehand. Exploitation involves tricking victims into connecting to a malicious SMB server, allowing attackers to elevate privileges remotely.
Experian to delete Dutch database
Experian Netherlands was fined €2.7 million by the Dutch Data Protection Authority for GDPR violations after collecting and using personal data without consent, including information that influenced customer contracts and deposits. The company has stopped operating in the Netherlands and plans to delete its database of personal information by the end of the year, acknowledging the violations and not appealing the fine.