This is today’s cyber news for October 9th, 2025. A new cloud-focused extortion crew targets AWS, a three-way ransomware alliance promises faster, louder campaigns, and Qilin pressures Asahi with leaked data. We cover a coordinated push against Salesforce tenants by a “Scattered Lapsus$ Hunters” collective and a Microsoft 365 outage that rippled through Teams and Exchange. Rounding out the brief: urgent fixes for a Redis Lua flaw, an MCP plugin risk in Figma workflows, mass exploitation of a WordPress theme, cache-smuggling “FileFix” lures, and Chinese operators using Nezha to drop Gh0st RAT—plus Mustang Panda tradecraft, malware-less database raids, Salesforce’s refusal to pay, UK arrests in a childcare dox case, a DraftKings ATO wave, and a new Android RAT on GitHub.

Listeners will hear what happened, what it means, and one crisp recommendation per story—built for executives who need decisions and defenders who need next steps. We translate technical signals into business impact, name who’s most exposed, and point to practical controls you can apply today. Leaders, analysts, and builders will all leave with clear priorities and signals to watch. The narrated daily feed is available at DailyCyber.news.