This is today’s cyber news for October 22nd, 2025. A major AWS outage reminded everyone how fragile single-cloud strategies can be, while a Windows update snag locked out cloned PCs with duplicate SIDs. CISA pressed urgency on an exploited Oracle E-Business Suite flaw, and a critical TP-Link Omada bug exposed small-business gateways to takeover. Researchers flagged outdated Chromium builds inside popular AI code editors, and Pwn2Own’s opening day delivered a flood of zero-days. We also cover Vidar Stealer’s faster redesign, a Copilot prompt-injection trick, a fast-growing PolarEdge router botnet, and a Citrix-based breach of a European telecom..

You will also hear how captchas are being weaponized by Star Blizzard, why Apache Syncope needs immediate patching, and how a “better-auth” plugin bug enables silent API-key minting. We run through Apple devices added to CISA’s exploited list, Microsoft’s WinRE hotfix for recovery input, and a ransomware hit that paused Muji’s online shop. Rounding it out: malicious npm packages seeding AdaptixC2, APT36’s NIC-spoofing phish, the “Cavalry Werewolf” espionage campaign against industrial firms, and a stealthy SQL Server exfiltration wave. It is a crisp, plain-English briefing for leaders, defenders, and builders alike, available at DailyCyber.news.