Cybersecurity News: DeepMind fixes vulnerabilities, California offers data opt-out, China-Nexus targets open-source tool

By
Sarah Lane
-

October 9, 2025

In today’s cybersecurity news…

Google DeepMind’s AI agent finds and fixes vulnerabilities 

Google DeepMind unveiled CodeMender, an AI agent that autonomously finds and fixes software vulnerabilities. Using Gemini DeepThink models, CodeMender can rewrite code to eliminate entire classes of security bugs, validate changes via static and dynamic analysis, fuzzing, and multi-agent systems, and prevent regressions. Over the past six months, it has delivered 72 security fixes to large open-source projects, though all patches are reviewed before submission. The tool addresses the growing challenge of keeping pace with AI-generated vulnerabilities. (SecurityWeek)

California law lets consumers universally opt out of data sharing

California’s governor signed a new law requiring web browsers to include an easy-to-find universal opt-out option for data sharing, letting Californians block third-party data sales with one click. The law expands on the 2018 California Consumer Privacy Act, which granted the right to send opt-out signals but didn’t require browsers to make them simple to use. Gov. Newsom also approved related bills strengthening the state’s data broker disclosure rules and requiring social media platforms to fully delete user data upon account cancellation. (The Record)

China-Nexus actors weaponize ‘Nezha’ open source tool

A China-linked threat actor is exploiting the open-source server management tool Nezha to compromise organizations, primarily in Southeast Asia. Attackers gained initial access through unsecured phpMyAdmin instances, performed log poisoning to deploy a web shell, and used Nezha to manage systems, disable Windows Defender, and install Gh0stRAT malware. Since August, more than 100 organizations across six continents, including large media and academic targets, have been affected. Researchers highlight the growing trend of repurposing legitimate tools for attacks due to low detection risk and minimal research cost. (Dark Reading)

DraftKings thwarts attack, urges password reset and MFA

DraftKings detected a credential stuffing attack on September 2nd, using stolen logins from non-DraftKings sources. While no evidence shows its systems were breached or sensitive data stolen, some user accounts may have been temporarily accessed. Impacted users were notified and advised to reset passwords and enable MFA. DraftKings added technical safeguards to prevent future attacks. This follows previous incidents, including one in 2022 affecting 68,000 accounts. (Security Affairs)

Huge thanks to our sponsor, ThreatLocker

Cybercriminals don’t knock — they sneak in through the cracks other tools miss. That’s why organizations are turning to ThreatLocker. As a zero-trust endpoint protection platform, ThreatLocker puts you back in control, blocking what doesn’t belong and stopping attacks before they spread. Zero Trust security starts here — with ThreatLocker. Learn more at ThreatLocker.com.

Russian hackers turn to AI as old tactics fail

Ukrainian researchers report that Russian hackers are increasingly using AI and new tactics as Kyiv’s defenses improve. Attacks now include AI-generated malware, automated phishing, and zero-click exploits, while hackers adopt a “Steal & Go” model, taking data quickly and disappearing. CERT-UA noted that Russian cyber operations are also coordinated with missile and drone strikes, but Ukraine’s defenses have largely kept pace, neutralizing most intrusions. (The Record)

Vampire Bot malware targets job hunters

Researchers at Aryaka Threat Research Labs say a Vietnam-based group called BatShadow is targeting job seekers and digital marketing professionals with phishing emails that install Vampire Bot malware. Written in Go, the malware takes continuous screenshots, hides in system folders, and sends stolen data to remote servers. The campaign uses fake job-related PDFs in zip files to lure victims, blending surveillance and data theft into what looks like normal professional activity. (Dark Reading)

LockBit, Qilin, & DragonForce join ransomware forces

Ransomware groups LockBit, Qilin, and DragonForce have formed a strategic alliance to share tools, infrastructure, and techniques, potentially increasing attacks on critical infrastructure and expanding into low-risk sectors. LockBit 5.0, capable of targeting Windows, Linux, and ESXi, marks its return after a 2024 law enforcement takedown. Qilin, highly active in North America, claimed over 200 victims in Q3 2025. Overall, ransomware incidents remain high, as groups increasingly target new regions like Egypt, Thailand, and Colombia. (The Hacker News)

Red Hat hackers team up with Scattered Lapsus$ Hunters

Dark Reading reports that the group behind the Red Hat Consulting breach, known as Crimson Collective, has joined forces with Scattered Lapsus$ Hunters, the alliance linked to major breaches at Salesforce and others. Crimson Collective claims it stole 28,000 Red Hat repositories containing client data and has added Red Hat to Scattered Lapsus$ Hunters’ dark web leak site. Security firm Rapid7 says Crimson Collective has also targeted AWS environments using leaked credentials and extortion tactics. (Dark Reading)