This is today’s cyber news for October 27th, 2025. We cover an emergency push by Microsoft to protect Windows Server Update Services from active attacks, Amazon’s explanation for a Domain Name System failure inside Amazon Web Services that rippled across major apps, and a cache-poisoning risk in BIND that threatens the trust behind logins and payments. You’ll also hear how LockBit’s upgraded ransomware raises the stakes for virtualization hosts, and why mass exploitation of old WordPress plugins keeps taking small sites offline. Each segment explains impact in plain English and gives a next step you can act on today.

We then shift to developer and identity risks—from a Visual Studio Code supply-chain worm and Internet Information Services module hijacks, to LastPass “vault inheritance” lures and consent traps abusing Copilot Studio. Rounding out the brief: large-scale smishing infrastructure, fake “Telegram X” on Android, a Lazarus hiring lure against European drone makers, rapid “N-day” exploitation of SharePoint, Pwn2Own’s wave of new bugs, DDOS against Russia’s food tracking systems, edge-device flaws in TP-Link Omada and Festa VPN, malware distributed through YouTube videos, and ransomware claims against aviation. The daily feed is available at DailyCyber.news.