This is today’s cyber news for October 29th, 2025. Today’s brief tracks a hardware side-channel that weakens confidential computing on mainstream servers, real-world zero-day abuse in a major enterprise resource planning platform, and a trusted-update weakness that can turn patching into a malware pipeline. We also cover a ransomware twist that runs Linux encryptors through Windows Subsystem for Linux, active exploitation in factory software tied to production lines, a marketing agency breach, record-scale denial-of-service bursts, mass attacks on popular WordPress plugins, a risky backup agent flaw, and remote takeovers of public wiki servers.

You’ll hear targeted campaigns against crypto and high-risk professionals, a Chrome zero-day linked to commercial spyware, two mobile banking threats that bypass fraud checks, and a third-party data claim involving a national grid operator. We round out with a massive marketing dataset exposure, a fast privilege-escalation bug in Ubuntu, Chrome’s move to warn on insecure HTTP by default, required re-enrollment for passkeys on a major social platform, and the commercial fallout from a vendor breach. The narrated feed is available at DailyCyber.news.