52Articles
8Categories
2025-09-04Date
🚨 CISA KEV 1[−]
4 Sep KEVCISA Adds Three Known Exploited Vulnerabilities to CatalogCISA has added three new vulnerabilities to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-38352 Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability CVE-2025-48543 Android Runtime Unspecified V…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 8[−]
4 Sep KEVCISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively ExploitedThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being exploited in the wild. The vulnerabilities i…THEHACKERNEWS.COM
4 SepCVE-2025-55242 Xbox Certification Bug Copilot Djando Information Disclosure VulnerabilityExposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.MSRC.MICROSOFT.COM
4 SepCVE-2025-55241 Azure Entra Elevation of Privilege VulnerabilityAzure Entra Elevation of Privilege VulnerabilityMSRC.MICROSOFT.COM
4 SepSitecore zero-day configuration flaw under active exploitationA sample ASP.NET machine key in old deployment guides for Sitecore products is being exploited by attackers to launch ViewState code injection attacks that compromise servers. According to Google’s Mandiant Threat Defense team, after initial exploitation, the attackers deploy too…CSOONLINE.COM
4 SepReverse engineering of Apple's iOS 0-click CVE-2025-43300: 2 bytes that make size matterOn August 20th, Apple released an out-of-band security fix for its main operating systems. This patch allegedly fixes CVE-2025-43300, an out-of-bounds write , addressed with improved bounds checking in the ImageIO framework. In this blog post we provide a root cause analysis of t…QUARKSLAB.COM
⚠️ VULNERABILITY DISCLOSURE 16[−]
4 SepCloudflare Fends Off A Record Breaking 11.5 Tbps DDoS AttackIn this episode of Cybersecurity Today, host Jim Love covers the latest and most critical stories in the world of cyber threats and digital defense: • Cloudflare fends off a record-breaking 11.5 Tbps DDoS attack, highlighting the relentless scale and sophistication of modern cybe…CYBERSECURITYTODAY.LIBSYN.COM
4 SepHackers exploited Sitecore zero-day flaw to deploy backdoorsThreat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. [...]BLEEPINGCOMPUTER.COM
4 SepChess.com discloses recent data breach via file transfer appChess.com has disclosed a data breach after threat actors gained unauthorized access to a third-party file transfer application used by the platform. [...]BLEEPINGCOMPUTER.COM
4 SepNew TP-Link zero-day surfaces as CISA warns other flaws are exploitedTP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks. [...]BLEEPINGCOMPUTER.COM
4 SepCybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to MillionsCybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X's malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok. The findings were highlighted by Nati Tal, hea…THEHACKERNEWS.COM
4 SepGoogle Fined $379 Million by French Regulator for Cookie Consent ViolationsThe French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules. Both companies set advertising cookies on users' browsers without securing their consent…THEHACKERNEWS.COM
4 SepMalicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto DevelopersCybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend of threat actors constantly on the lookout for new ways…THEHACKERNEWS.COM
4 SepCISA Releases Five Industrial Control Systems AdvisoriesCISA released five Industrial Control Systems (ICS) advisories on September 4, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-247-01 Honeywell OneWireless Wireless Device Manager (WDM) ICSA-2…CISA.GOV
4 SepA Warrant Is Out for Your ArrestA super common voice phone call phishing scam (i.e., vishing) is when the scammer calls you and pretends to be a law enforcement official with a warrant for your arrest for not answering a court jury duty summons.KNOWBE4.COM
4 SepDatenpanne bei Palo Alto Networks, Zscaler und CloudflareAuch IT-Unternehmen, selbst im Bereich Cyber-Security sind nicht vor erfolgreichen Cyber-Attacken gefeit. PeopleImages.com – Yuri A/ Shutterstock.com Palo Alto Networks, ZScaler und Cloudflare haben bekannt gegeben, dass sie von einem Cyberangriff über Salesloft Drift getroffen w…CSOONLINE.COM
4 SepAvnet unlocks vendor lock-in and reinvents security data managementAs a leading distributor of electronic components and IT services, Avnet helps more than a million customers design, build, and move products through the supply chain. From cars and airplanes to medical devices and telecom networks, chances are Avnet played an integral part in tu…CSOONLINE.COM
4 SepPrincipal Financial pioneers biometric authentication to beat online fraudPrincipal Financial Group helps millions of people and businesses plan for the future through retirement services, insurance, and asset management. Customers trust Principal with their money, so it’s essential to keep digital channels secure. But that trust was tested in 2023, wh…CSOONLINE.COM
4 SepPressure on CISOs to stay silent about security incidents growingCISOs are coming under increased pressures to keep quiet about security incidents because concerns about corporate reputation often outweigh adherence to regulatory compliance. More than two-thirds (69%) of CISOs have been told to keep breaches confidential, according to a recent…CSOONLINE.COM
4 SepLasagna DoS, AI Slop, Hacker Ultimatums - PSW #890In the secure news: * Automakers respond to Flipper Zero attacks * More on the unconfirmed Elastic EDR 0-Day * When Secure Boot does its job too well * Crazy authenitcation bypass * Hacker ultimatums * AI Slop * Impatient hackers * Linux ISOs are malware * Attackers love drivers …YOUTUBE.COM
4 SepWhy XSS still matters: MSRC’s perspective on a 25-year-old threatCross-Site Scripting (XSS) has been a known vulnerability class for two decades, yet it continues to surface in modern applications, including those built with the latest frameworks and cloud-native architectures. At Microsoft, we still receive a steady stream of XSS reports acro…MSRC.MICROSOFT.COM
4 SepMultiple Vulnerabilities in Google Android OS Could Allow for Remote Code ExecutionMultiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful …CISECURITY.ORG
📢 SECURITY ADVISORIES 1[−]
4 SepFrance slaps Google with €325M fine for violating cookie regulationsThe French data protection authority has fined Google €325 million ($378 million) for violating cookie regulations and displaying ads between Gmail users' emails without their consent. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 5[−]
4 SepGenerative AI as a Cybercrime AssistantAnthropic reports on a Claude user: We recently disrupted a sophisticated cybercriminal that used Claude Code to commit large-scale theft and extortion of personal data. The actor targeted at least 17 distinct organizations, including in healthcare, the emergency services, and go…SCHNEIER.COM
4 SepCIS launches Commercial Cloud MDR, Powered by Sophos, to protect SLTT government organizationsInvestigate incidents in real time, quickly neutralize active threats, and prevent repeat attacks.SOPHOS.COM
4 SepTexas sues PowerSchool over breach exposing 62M students, 880k TexansTexas Attorney General Ken Paxton has filed a lawsuit against education software company PowerSchool, which suffered a massive data breach in December that exposed the personal information of 62 million students, including over 880,000 Texans. [...]BLEEPINGCOMPUTER.COM
4 SepReport: AI Can Now Automate Entire Attack ChainsThreat actors can now use AI tools to automate entire attack operations, according to a new report from Anthropic.KNOWBE4.COM
4 SepAutomobilbranche fürchtet sich vor CyberattackenDie deutsche Autoindustrie sorgt sich vor Hackerangriffen. Vor allem Cloud-Sicherheitslücken werden als großes Risiko eingestuft. Golden Dayz – shutterstock.com Die Automobilbranche ist nach wie vor ein beliebtes Ziel für Cyberattacken. Ein Beispiel ist der kürzlich erfolgte Angr…CSOONLINE.COM
🕵️ THREAT INTELLIGENCE 17[−]
4 SepApple Seeks Researchers for 2026 iPhone Security ProgramSecurity researchers interested in participating in the 2026 Apple Security Research Device program can apply until October 31. The post Apple Seeks Researchers for 2026 iPhone Security Program appeared first on SecurityWeek .SECURITYWEEK.COM
4 SepAI Supply Chain Attack Method Demonstrated Against Google, Microsoft ProductsAn AI supply chain issue named Model Namespace Reuse can allow attackers to deploy malicious models and achieve code execution. The post AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products appeared first on SecurityWeek .SECURITYWEEK.COM
4 SepUS Offers $10 Million for Three Russian Energy Firm HackersMarat Tyukov, Mikhail Gavrilov, and Pavel Akulov targeted US critical infrastructure and over 500 energy companies in 135 countries. The post US Offers $10 Million for Three Russian Energy Firm Hackers appeared first on SecurityWeek .SECURITYWEEK.COM
4 SepRussian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO CountriesThe Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor "is a VBA macro for Outlook designed to monitor incom…THEHACKERNEWS.COM
4 SepISC Stormcast For Thursday, September 4th, 2025 https://isc.sans.edu/podcastdetail/9598, (Thu, Sep 4th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
4 SepHospitals Need to Prepare for AI-Powered Phishing AttacksHealthcare organizations need to be prepared for an increase in AI-assisted phishing attacks, according to Zack Martin, Senior Policy Advisor at Venable.KNOWBE4.COM
4 SepBeyond the Audit Box: Building Security That Works in the Real WorldMany years ago, a friend of mine worked as a security director at a firm and had what they called an “audit box.” It was a pre-prepared box filled with policies, network diagrams, security controls and checkboxes.KNOWBE4.COM
4 SepSHARED INTEL Q&A: Inside the mind of a hacker — shadowing adversaries across API pathwaysIn today’s digital economy, business starts with the application. Increasingly, the critical activity lives in the APIs that support it. Related: The hidden cost of API security laspses For Jamison Utter , Field CISO at A10 Networks, this moment marks … (more…) The post SHA…LASTWATCHDOG.COM
4 SepPrisma SASE 4.0: Powering the AI-Ready EnterprisePrisma SASE 4.0 powers the AI-ready enterprise with AI-powered threat protection, frictionless data security and unified, intelligent operations. The post Prisma SASE 4.0: Powering the AI-Ready Enterprise appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
4 SepShift Left or Shift Blame? 🔒In this short, Jonathan breaks down the tension behind the famous “shift left” narrative in cybersecurity. Instead of solving problems, it often leaves AppSec leaders and engineering teams pointing fingers—security calls engineering lazy, engineering says security doesn’t underst…YOUTUBE.COM
4 SepWould You Give Up Revenue to Reduce Risk? #cybersecurityIn this short, Julia Knecht shares why the toughest choice in cybersecurity isn’t about money—it’s about mindset. Instead of chasing revenue, true security leaders focus on reducing risk, even if the wins look smaller on paper. This clip dives into how passion for solving securit…YOUTUBE.COM
4 SepWhy Apps Keep Failing You (And It’s Getting Worse)Apps are breaking down more often than people realize—and it’s not just annoying bugs. In this short, cybersecurity experts explain the growing risk of “shittification,” a trend where platforms and systems become unreliable, janky, and error-prone. What starts as a small glitch c…YOUTUBE.COM
4 SepForget Certs. Secure Something First! 💡Everyone asks which cybersecurity certification to start with—but John Kinsella flips the script. In this short, he breaks down why understanding core principles like input validation and output encoding matter way more than chasing certs. Perfect for aspiring security engineers …YOUTUBE.COM
4 SepThe number of mis-issued 1.1.1.1 certificates grows. Here’s the latest.submitted by cm0002 to cybersecurity 31 points | 3 comments https://arstechnica.com/information-technology/2025/09/the-number-of-mis-issued-1-1-1-1-certificates-grows-heres-the-latest/INFOSEC.PUB
4 SepAI hacking. Downloading images can allow your computer to be hijackedsubmitted by Jerry to cybersecurity 23 points | 2 comments Rule 1: Don’t ever use an agentic browser (one that an AI can control). Rule 2: But, if you do use an agentic browser, only run it inside a virtual machine. AI hacking. Downloading images can allow your computer to become…SH.ITJUST.WORKS
4 SepGhostRedirector poisons Windows servers: Backdoors with a side of PotatoesESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search resultsWELIVESECURITY.COM
4 SepNews alert: Sendmarc taps Rob Bowker to grow MSPs, DMARC adoption in North AmericaWilmington, Del., Sept. 4, 2025, CyberNewswire — Sendmarc today announced the appointment of Rob Bowker as North American Region Lead. Bowker will oversee regional expansion with a focus on growing the Managed Service Provider (MSP) partner community, developing strategic Value-A…LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
4 SepGhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS ModuleCybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led …THEHACKERNEWS.COM
4 SepAn MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ AppsTrend™ Research analyzed a campaign distributing Atomic macOS Stealer (AMOS), a malware family targeting macOS users. Attackers disguise the malware as “cracked” versions of legitimate apps, luring users into installation.TRENDMICRO.COM
📡 INFOSEC NEWS 2[−]
4 SepThree Critical Facts About Cyber Risk ManagementFor CISOs responsible for cyber risk management, these three insights will help build a strong and reliable foundation for your proactive security strategy.TRENDMICRO.COM
4 SepHow the SNI5GECT attack on 5G connectivity works, and how it threatens subscribers | Kaspersky official blogResearchers have found a way to attack 5G networks. How to protect your smartphone?KASPERSKY.COM