Threat Briefing: October 3, 2025

October is Cybersecurity Awareness Month, a perfect time to remind you to promote strong cyber hygiene and highlight how simple, everyday practices can make a big difference in staying safe online.

This year, the global threat landscape continues to evolve rapidly. Nation-state actors are expanding both regulatory control and offensive cyber operations. China is tightening incident reporting requirements while being tied to widespread exploitation campaigns. Meanwhile, North Korea is escalating identity fraud to infiltrate international finance and healthcare sectors, using these schemes to generate funds for its weapons program.

At the same time, AI systems are emerging as new targets, with vulnerabilities like prompt injection and misconfigurations discovered in enterprise platforms such as Google Gemini and Salesforce Agentforce.

• China Mandates One-Hour Cyber Incident Reporting – Organizations in China must now report major cyber incidents within one hour of detection. The rule applies to breaches impacting critical infrastructure, data leaks, or foreign attacks, with penalties for noncompliance. The new regulation follows reports linking China to the Salt Typhoon threat group, which the FBI says has targeted over 600 organizations globally. Dark Reading
• North Korea Broadens Fake IT Worker Operations – North Korean operatives are expanding their remote-work fraud schemes beyond U.S. tech firms to target global finance and healthcare sectors. Using stolen identities and falsified credentials, these actors secure legitimate positions to funnel income to the regime’s weapons programs and gain access to sensitive networks. The FBI reports that nearly 25% of impacted organizations are outside the U.S., underscoring the campaign’s widening reach. The Record
• Security Gaps Found in Google’s Gemini AI – Security researchers discovered vulnerabilities in Google’s Gemini AI that allow adversarial prompts to evade safety controls and produce unsafe or deceptive responses. The weaknesses affect Gemini Cloud Assist, Search Personalization, and Browsing tools. Google has confirmed the findings and is working on mitigation efforts. The Hacker News
• Researchers Find Salesforce Agentforce Leaking Customer Data – A misconfiguration in Salesforce’s Agentforce AI tool exposed sensitive customer data through multiple vulnerabilities. Researchers found that malicious prompts in “Web-to-Lead” forms could trigger data leaks and that expired domains on Agentforce’s whitelist could be exploited by threat actors to capture sensitive information. The issue was linked to improper access controls and inadequate oversight of AI workflows. Dark Reading
• Chinese Hackers Exploit VMware Vulnerability – A newly disclosed VMware vulnerability has been exploited by Chinese threat actors to compromise remote work systems. Identified in May 2024, the flaw appears to have been active in attacks since October 2024 and has been linked to the UNC5174 threat group. Dark Reading