This is today’s cyber news for October 28th, 2025. We lead with a fix-now warning on Windows update servers after confirmed abuse, a reminder that whoever shapes your patches shapes your posture. Google knocked down rumors of a massive Gmail breach, underscoring how misinformation burns time even when core services are fine. X set a hard deadline to re-enroll security keys, raising access risks for brand accounts. Google also rushed a Chrome zero-day fix tied to a surveillance vendor, and Ubiquiti patched a flaw that could let attackers unlock doors—proof that identity, browsers, and building systems all intersect.

You’ll hear clear “what happened” briefs on backup agent risk at QNAP, long dwell time in Conduent’s breach, a Capitol Hill jobs portal exposure, and a UN cybercrime pact with privacy concerns. We cover falling ransomware payouts, Atlas browser memory abuse with ChatGPT, HyperRat Android spyware, North Korea’s refreshed tooling, LockBit 5’s resurgence, and mass attacks on outdated WordPress plugins. We close with holiday gift-card fraud, destructive Predatory Sparrow operations, Qilin’s BYOVD tactics, chatbot propaganda risks, and weak home-router passwords. Designed for leaders and defenders alike, the narrated feed is available at DailyCyber.news.