30Articles
8Categories
2025-09-03Date
🚨 CISA KEV 2[−]
3 Sep KEVCISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active ExploitationThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerabil…THEHACKERNEWS.COM
3 Sep KEVCISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2023-50224 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability CVE-2025-9377 TP-Link Archer C7(EU) and TL-WR841N/ND(MS) …CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 2[−]
3 SepAndroid Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under AttackGoogle has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks. The vulnerabilities are listed below - CVE-2025-38352 (CVS…THEHACKERNEWS.COM
3 SepExploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086, (Wed, Sep 3rd)When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure. On the other hand, there is also "big software" that is used to man…ISC.SANS.EDU
⚠️ VULNERABILITY DISCLOSURE 11[−]
3 SepIndirect Prompt Injection Attacks Against LLM AssistantsReally good research on practical attacks against LLM agents. “ Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous ” Abstract: The growing integration of LLMs into applications has introduced new sec…SCHNEIER.COM
3 SepThreat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of DisclosureThreat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws. HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconn…THEHACKERNEWS.COM
3 SepIranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting DiplomatsAn Iran-nexus group has been linked to a "coordinated" and "multi-wave" spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world. The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operator…THEHACKERNEWS.COM
3 SepCISA, NSA, and Global Partners Release a Shared Vision of Software Bill of Materials (SBOM) GuidanceCISA, in collaboration with NSA and 19 international partners, released joint guidance outlining A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity . This marks a significant step forward in strengthening software supply chain transparency and security worldwi…CISA.GOV
3 SepSmashing Security podcast #433: How hackers turned AI into their new henchmanYour AI reads the small print, and that's a problem. This week in episode 433 of "Smashing Security" we dig into LegalPwn - malicious instructions tucked into code comments and disclaimers that sweet-talks AI into rubber-stamping dangerous payloads (or even pretending they’re a h…GRAHAMCLULEY.COM
3 SepCritical Insight Q&A: As digital trust compresses, resilience will require automation and scaleA quiet but consequential change is reshaping the foundations of online trust. Related: CISA on quantum readiness Starting in 2026, TLS certificate lifespans will shrink in stages — from 200 days, to 100, and eventually just 47 by 2029. The … (more…) The post Critical Insig…LASTWATCHDOG.COM
3 SepMalicious npm packages use Ethereum blockchain for malware deliveryAttackers behind a recent supply chain attack that involved rogue GitHub repositories and npm packages used smart contracts on the Ethereum blockchain to deliver malware payloads. The attacks likely targeted users and developers from the cryptocurrency space. “These latest attack…CSOONLINE.COM
3 SepZero Trust bereitet CISOs ProblemeLaut einer Umfrage ist die Umsetzung von Zero Trust für die meisten CISOs nicht leicht. Gannvector – shutterstock.com Laut einem aktuellen Bericht von Accenture haben fast neun von zehn Sicherheitsverantwortlichen (88 Prozent) erhebliche Schwierigkeiten damit, Zero-Trust in ihren…CSOONLINE.COM
3 SepHow the generative AI boom opens up new privacy and cybersecurity risksIt was one of the viral tech news stories at the start of July when WeTransfer, the popular file sharing service used massively by companies and end users alike, had changed its terms of use. It’s the kind of thing that is usually accepted without going too deeply into it, but on…CSOONLINE.COM
3 SepA CISO’s guide to monitoring the dark webMost security leaders know the dark web exists, but many still view it as the internet’s seedy underbelly — useful for criminals who want to make illegal transactions, but not a source of information for those who walk the straight and narrow. That’s a mistake. Cybercriminal netw…CSOONLINE.COM
3 SepMultiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code ExecutionMultiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. De…CISECURITY.ORG
📢 SECURITY ADVISORIES 2[−]
3 SepCISA, NSA and 19 International Partners Release Shared Vision of Software Bill of Materials for Cybersecurity GuideCISA, NSA, and 19 international partners release a shared vision of Software Bill of Materials (SBOM) highlighting the importance of SBOM in securing global supply chains & enhancing software resilience worldwide.CISA.GOV
3 SepRelief for European Commission as court upholds EU Data Privacy Framework agreement with USThe controversial Data Privacy Framework (DPF) agreement between the EU and the US has been upheld after the European Court of Justice (ECJ) General Court rejected a high-profile legal challenge that would have struck it down. “The General Court dismisses an action for annulment …CSOONLINE.COM
🔥 INCIDENT REPORTING 2[−]
3 SepJaguar Land Rover nach Cyberattacke lahmgelegtsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/09/Richard-OD_shutterstock_2589622701_GermanyOnly_NURREDAKTIONELL-1.jpg?quality=50&strip=all 6909w, https://b2b-contenthub.com/wp-content/uploads/2025/09/Richard-OD_shutterstock_2589622701_GermanyOnly_NURREDAKTIONELL-…CSOONLINE.COM
3 SepRisky Business #805 -- On the Salesloft Drift breach and "OAuth soup"On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: The Salesloft breach and why OAuth soup is a problem The Salt Typhoon telco hackers turn out to be Chinese private sector, but state-directed Google says it will stand up a “disrup…RISKY.BIZ
🕵️ THREAT INTELLIGENCE 5[−]
3 SepISC Stormcast For Wednesday, September 3rd, 2025 https://isc.sans.edu/podcastdetail/9596, (Wed, Sep 3rd)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
3 SepSecurity Money: The Index Dips and 20 Years of Cybersecurity Consolidation - Ross Hale... - BSW #411The cybersecurity industry is undergoing a consolidation wave that is moving far faster than many realize. This isn’t at all about CISOs wanting fewer tools as much as some would like to think - the changes are happening at the macro level. Ross Haleliuk joins BSW to present the …YOUTUBE.COM
3 SepAttackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunnelingsubmitted by cm0002 to cybersecurity 3 points | 0 comments https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.htmlINFOSEC.PUB
3 SepWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 2 points | 1 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
🌐 CYBER THREAT LANDSCAPE 1[−]
3 SepSalesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of OrganizationsSalesloft on Tuesday announced that it's taking Drift temporarily offline "in the very near future," as multiple companies have been ensnared in a far-reaching supply chain attack spree targeting the marketing software-as-a-service product, resulting in the mass theft of authenti…THEHACKERNEWS.COM
📡 INFOSEC NEWS 5[−]
3 SepDetecting Data Leaks Before DisasterIn January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belo…THEHACKERNEWS.COM
3 SepCloudflare Blocks Record-Breaking 11.5 Tbps DDoS AttackCloudflare on Tuesday said it automatically mitigated a record-setting volumetric distributed denial-of-service (DDoS) attack that peaked at 11.5 terabits per second (Tbps). "Over the past few weeks, we've autonomously blocked hundreds of hyper-volumetric DDoS attacks, with the l…THEHACKERNEWS.COM
3 SepVenezuela’s president thinks American spies can’t hack Huawei phonesHuawei phones, given their custom hardware and operating system, may actually be easier to hack than other brands.TECHCRUNCH.COM
3 SepFBI warns seniors are being targeted in three-phase Phantom Hacker scamsThe FBI’s Internet Crime Complaint Center (IC3) says that the elderly are more at risk from falling victim to online fraud and internet scammers than ever before. Read more in my article on the Fortra blog.FORTRA.COM
3 SepHow businesses should respond to employees using personal AI appsShadow AI is already present in 90% of companies. How do you strike a balance between business growth and security?KASPERSKY.COM