BMC Daily Cyber News

This is today’s cyber news for October 1st, 2025. Imgur’s sudden U.K. shutdown after a looming privacy fine leads the brief with a real-world reminder that regulatory pressure can break your workflows overnight. We cover Unit 42’s “Phantom Taurus” living filelessly inside Microsoft Exchange, fresh Android banking campaigns draining accounts in Italy and Spain, the FTC’s suit against the youth app Sendit, and PDF-based phishing kits that slip past filters. From there, we dig into low-cost side channels that challenge cloud isolation, WestJet’s passport data exposure, mass-vulnerable Cisco edge gear, a surveillance-tech vendor breach, and a ten-terabyte insurer leak.

You’ll also hear about a Western Digital My Cloud command-injection flaw, long-running VMware zero-day exploitation by a China-nexus actor, the limits of AI-based ransomware detection, an actively exploited Linux privilege escalation, and a record U.K. crypto-laundering conviction. We close with enterprise AI prompt-injection risks in Gemini, Microsoft’s “agentic” Sentinel shift, U.K. lawmakers pressing TCS over Jaguar Land Rover, Apple’s iOS 26 security fix, and new CISA KEV additions. Leaders, defenders, and builders get clear impact and immediate takeaways—available at dailycyber.news.