70Articles
7Categories
2025-09-05Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 12[−]
5 Sep KEVRecent SAP S/4HANA Vulnerability Exploited in AttacksA critical SAP S/4HANA code injection flaw tracked as CVE-2025-42957 and allowing full system takeover has been exploited in the wild. The post Recent SAP S/4HANA Vulnerability Exploited in Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepCISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active ExploitationFederal Civilian Executive Branch (FCEB) agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-53690, carries a CV…THEHACKERNEWS.COM
5 Sep KEVSAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the WildA critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed by SAP as part of its monthly updat…THEHACKERNEWS.COM
5 SepChromium: CVE-2025-9867 Inappropriate implementation in DownloadsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
5 SepChromium: CVE-2025-9866 Inappropriate implementation in ExtensionsThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
5 SepChromium: CVE-2025-9865 Inappropriate implementation in ToolbarThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
5 SepChromium: CVE-2025-9864 Use after free in V8This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
5 SepCVE-2025-53791 Microsoft Edge (Chromium-based) Security Feature Bypass VulnerabilityImproper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.MSRC.MICROSOFT.COM
5 Sep KEVCritical SAP S/4HANA Vulnerability Actively Exploited, Allowing Full System TakeoverA critical security flaw in SAP S/4HANA, tracked as CVE-2025-42957, is being actively exploited by attackers, according to research from SecurityBridge. The vulnerability, which carries a CVSS score of 9.9 out of 10, allows a low-privileged user to execute code injection and gain…GBHACKERS.COM
5 SepNew Exploit Bypasses Code Integrity to Backdoor Signal, 1Password, Slack, and MoreA new security exploit has been discovered that lets attackers slip malicious code into widely used desktop applications including Signal, 1Password, Slack, and Google Chrome by evading built-in code integrity checks. The vulnerability, tracked as Electron CVE-2025-55305, affects…GBHACKERS.COM
5 SepHacker nutzen gravierende Schwachstelle bei SAP S/4HANA ausEin Exploit für die Schwachstelle wurde bereits in freier Wildbahn beobachtet. Nitpicker / Shutterstock Vergangenen Monat hat SAP einen Patch für S/4HANA herausgebracht, der die kritische Schwachstelle CVE-2025-42957 mit einem CVSS-Score von 9,9 beheben soll. Der nun aufgetauchte…CSOONLINE.COM
5 Sep KEVAlert: Exploit available to threat actors for SAP S/4HANA critical vulnerabilitySAP S/4HANA admins who haven’t already installed a critical August 11 patch could be in trouble: An exploit for the code injection vulnerability is already being exploited in the wild. The vulnerability, CVE-2025-42957 (with a CVSS score of 9.9) allows a low-privileged user to ta…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 19[−]
5 SepReminder of this week's schedule and preview of Weekend Edition.For this short week we had episodes on Tuesday and Thursday. We'll return to our Monday, Wednesday and Friday schedule starting next Monday. But we have an interview this weekend with the researchers who have issued a proof of concept showing that you can go from CVE to working e…CYBERSECURITYTODAY.LIBSYN.COM
5 SepMicrosoft now enforces MFA on Azure Portal sign-ins for all tenantsMicrosoft says it has been enforcing multifactor authentication (MFA) for Azure Portal sign-ins across all tenants since March 2025. [...]BLEEPINGCOMPUTER.COM
5 SepFinancial services firm Wealthsimple discloses data breachWealthsimple, a leading Canadian online investment management service, has disclosed a data breach after attackers stole the personal data of an undisclosed number of customers in a recent incident. [...]BLEEPINGCOMPUTER.COM
5 SepMax severity Argo CD API flaw leaks repository credentialsAn Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. [...]BLEEPINGCOMPUTER.COM
5 SepDon’t let outdated IGA hold back your security, compliance, and growthIdentity Governance & Administration (IGA) is critical to keeping data secure, ensuring only the right people have access to the right resources. But legacy IGA is slow, costly, and code-heavy. Learn from tenfold why Modern IGA solutions deliver faster out-of-the-box integrations…BLEEPINGCOMPUTER.COM
5 SepCritical SAP S/4HANA vulnerability now exploited in attacksA critical SAP S/4HANA code injection vulnerability is being leveraged in attacks in the wild to breach exposed servers, researchers warn. [...]BLEEPINGCOMPUTER.COM
5 SepAcademics Build AI-Powered Android Vulnerability Discovery and Validation ToolCalled A2, the framework mimics human analysis to identify vulnerabilities in Android applications and then validates them. The post Academics Build AI-Powered Android Vulnerability Discovery and Validation Tool appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepMore Cybersecurity Firms Hit by Salesforce-Salesloft Drift BreachProofpoint, SpyCloud, Tanium, and Tenable confirmed that hackers accessed information stored in their Salesforce instances. The post More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepAzure mandatory multifactor authentication: Phase 2 starting in October 2025Microsoft Azure is announcing the start of Phase 2 multi-factor authentication enforcement at the Azure Resource Manager layer, starting October 1, 2025. The post Azure mandatory multifactor authentication: Phase 2 starting in October 2025 appeared first on Microsoft Security Blo…AZURE.MICROSOFT.COM
5 SepMicrosoft Tapped China Engineers for SharePoint SupportA new investigation has revealed that Microsoft relied on China-based engineers to provide technical support and bug fixes for SharePoint, the same collaboration software that was recently exploited by Chinese state-sponsored hackers in a massive cyberattack affecting hundreds of…GBHACKERS.COM
5 SepCybersecurity Landscape 2025 Amid Record Vulnerabilities, Infrastructure Breakdown, and Growing Digital RisksThe year 2025 has unfolded in an environment marked by eroding trust in vulnerability databases, an explosive growth in cyberattacks, and digital overload for businesses. Data breaches have become routine, the number of CVEs continues to break records, and traditional defense app…GBHACKERS.COM
5 SepThreat Actors Exploit ScreenConnect Installers for Initial AccessA marked escalation in the abuse of ConnectWise ScreenConnect installers since March 2025, with U.S.-based businesses bearing the brunt of these incursions. Adversaries are now deploying lightweight ClickOnce runner installers—devoid of embedded configurations—to evade static det…GBHACKERS.COM
5 Sep10 Best Attack Surface Management (ASM) Companies in 2025Attack Surface Management (ASM) is a proactive cybersecurity discipline that helps organizations identify, analyze, and remediate all of their internet-facing assets and potential vulnerabilities. It goes beyond traditional vulnerability scanning to find and continuously monitor …GBHACKERS.COM
5 Sep KEVCISA Warns: TP-Link Vulnerabilities Under Active ExploitationThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding critical vulnerabilities in popular TP-Link router models that are currently being actively exploited by cybercriminals. These security flaws affect widely-used home and small busin…GBHACKERS.COM
5 Sep KEVYou should be aware of these latest social engineering trendsInstead of relying on advanced tools or complex scripts, experienced attackers penetrate systems and steal data using the most effective weapon of all: social engineering . Social engineering lies at the intersection of cybersecurity and psychology, exploiting human behavior to a…CSOONLINE.COM
5 SepSendmarc appoints Rob Bowker as North American Region LeadVeteran email security leader to expand MSP and VAR partnerships and accelerate DMARC adoption. Sendmarc today announced the appointment of Rob Bowker as North American Region Lead . Bowker will oversee regional expansion with a focus on growing the Managed Service Provider (MSP)…CSOONLINE.COM
5 SepLack of board access: The No. 1 factor for CISO dissatisfactionCybersecurity leaders agree that they must engage with the board at their organizations to do their jobs. In reality, board engagement lags, and that disconnect drags down CISOs’ job satisfaction. Nearly half of CISOs (40%) at small and mid-market organizations have minimal or no…CSOONLINE.COM
5 SepAuthentifizierungslösungen: 10 Passwordless-Optionen für UnternehmenUm Passwörter hinter sich zu lassen, gibt es bessere Lösungen. Wir zeigen Ihnen zehn. Foto: Raffi Ilham Pratama – shutterstock.com Passwörter sind seit Jahrzehnten der Authentifizierungsstandard für Computersysteme , obwohl sie sich immer wieder aufs Neue als anfällig für diverse…CSOONLINE.COM
5 SepZero-day vulnerability discovered in TP-Link routerssubmitted by nemeski to cybersecurity 58 points | 7 comments https://www.techzine.eu/news/security/134354/zero-day-vulnerability-discovered-in-tp-link-routers/SH.ITJUST.WORKS
📢 SECURITY ADVISORIES 3[−]
5 SepMy Latest Book: Rewiring DemocracyI am pleased to announce the imminent publication of my latest book, Rewiring Democracy: How AI will Transform our Politics, Government, and Citizenship : coauthored with Nathan Sanders , and published by MIT Press on October 21. Rewiring Democracy looks beyond common tropes like…SCHNEIER.COM
5 SepAdvanced Educational Competition – Ask Your Employees To Submit Their Best PhishingI occasionally get human risk management (HRM) administrators asking me to help them with ideas of “contests” to better educate their end-users.KNOWBE4.COM
5 SepAI Trolley Problems, Rhode Island Drivers, and Kohlbergian Post Conventionalism - SWN #509Josh Marpet and Doug White talk about AI Ethics, Issues, and Compliance. AI Trolley problems, Rhode Island Drivers, and Post Conventionalism. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-509YOUTUBE.COM
🔥 INCIDENT REPORTING 5[−]
5 SepIn Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims DebunkedNoteworthy stories that might have slipped under the radar: Google fined €325 million, City of Baltimore sent $1.5 million to scammer, Bridgestone targeted in cyberattack. The post In Other News: Scammers Abuse Grok, US Manufacturing Attacks, Gmail Security Claims Debunked appear…SECURITYWEEK.COM
5 SepSafePay Ransomware Hits 73 Organizations in Just One MonthSafePay, an emerging ransomware group, has rapidly ascended from obscurity to notoriety in 2025. In June alone, the group claimed responsibility for attacks on 73 organizations, topping Bitdefender’s Threat Debrief rankings for the month. July saw another surge, with 42 victims a…GBHACKERS.COM
5 SepGermany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructureA 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia's state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia's invasion of Ukraine, crippled the company's operations and cost millions …EXPONENTIAL-E.COM
5 SepMassiver Anstieg bei Hackerangriffen auf deutschen Bildungssektorsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/09/shutterstock_2626144453.jpg?quality=50&strip=all 7680w, https://b2b-contenthub.com/wp-content/uploads/2025/09/shutterstock_2626144453.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
5 SepChess.com confirms data breachsubmitted by nemeski to cybersecurity 42 points | 9 comments https://www.neowin.net/news/chesscom-confirms-data-breach/SH.ITJUST.WORKS
🕵️ THREAT INTELLIGENCE 23[−]
5 SepGPT-4o-mini Falls for Psychological ManipulationInteresting experiment : To design their experiment, the University of Pennsylvania researchers tested 2024’s GPT-4o-mini model on two requests that it should ideally refuse: calling the user a jerk and giving directions for how to synthesize lidocaine. The researchers crea…SCHNEIER.COM
5 SepHow to Close the AI Governance Gap in Software DevelopmentWidespread adoption of AI coding tools accelerates development—but also introduces critical vulnerabilities that demand stronger governance and oversight. The post How to Close the AI Governance Gap in Software Development appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepFireCompass Raises $20 Million for Offensive Security PlatformThe AI-powered automated penetration testing firm will invest the new funds in R&D, team expansion, and global scale. The post FireCompass Raises $20 Million for Offensive Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepNorth Korean Hackers Targeted Hundreds in Fake Job Interview AttacksThe hackers were seen actively monitoring cyber threat intelligence to discover and rebuild exposed infrastructure. The post North Korean Hackers Targeted Hundreds in Fake Job Interview Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
5 SepTAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware OperationsThe threat actor behind the malware-as-a-service (MaaS) framework and loader called CastleLoader has also developed a remote access trojan known as CastleRAT. "Available in both Python and C variants, CastleRAT's core functionality consists of collecting system information, downl…THEHACKERNEWS.COM
5 SepFrom YARA Offsets to Virtual Addresses, (Fri, Sep 5th)YARA is an excellent tool that most of you probably already know and use daily. If you don&#;x26;#;39;t, search on isc.sans.edu, we have a bunch of diaries about it[ 1 ]. YARA is very powerful because you can search for arrays of bytes that r…ISC.SANS.EDU
5 SepISC Stormcast For Friday, September 5th, 2025 https://isc.sans.edu/podcastdetail/9600, (Fri, Sep 5th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
5 SepSmishing Campaign Targets California Taxpayers With Phony Refund OffersThe State of California’s Franchise Tax Board (FTB) has warned of an ongoing SMS phishing (smishing) campaign targeting residents, Malwarebytes reports.KNOWBE4.COM
5 SepWarning: New Spear Phishing Campaign Targets ExecutivesResearchers at Stripe warn of a wave of spear phishing attacks targeting C-suite employees and senior leadership across a wide range of industries.KNOWBE4.COM
5 SepOver 143,000 Malware Files Target Android and iOS Users in Q2 2025In the second quarter of 2025, users of Android and iOS devices faced relentless cyberthreats, with Kaspersky Security Network reporting nearly 143,000 malicious installation packages detected across its mobile security products. Although the overall number of mobile attacks—incl…GBHACKERS.COM
5 SepTAG-150 Hackers Escalate Attacks with Proprietary Malware FamiliesA sophisticated threat actor, TAG-150, active since at least March 2025. Characterized by rapid malware development, technical sophistication, and a sprawling multi-tiered infrastructure, TAG-150 has deployed several self-developed families—CastleLoader, CastleBot, and most recen…GBHACKERS.COM
5 SepWhy Security Champions Are the Secret Weapon 🛡️In this short, Neil Carpenter explains why the future of cybersecurity isn’t just about patching systems but about empowering developers to become true security champions. Instead of late-night fixes, the real advantage comes when dev and sec teams build bridges, share responsibi…YOUTUBE.COM
5 SepFake Nudes, AI & The Dark Web… What Can We Do? 🤯In this short clip, Doug White dives into one of the strangest and most concerning issues in cybersecurity today: the rise of AI-powered fake nudes and “nudification sites.” From Telegram groups to the dark web, these tools are spreading fast—and the big question is, how can anyo…YOUTUBE.COM
5 SepAI Dependencies: The Cyber Time Bomb You Ignore ⏱️Most teams think they’ve locked down their software supply chain... but what about their AI dependencies? 🤖 In this eye-opening clip, Janet Worthington drops a truth bomb that every cybersecurity pro needs to hear. If you're still ignoring the risks hiding behind machine learning…YOUTUBE.COM
5 SepFrom Syntax to Security: Inside a Compiler 🔍 #ProgrammingIn this short, Jonathan breaks down what really happens inside a compiler—how code transforms from syntax into a type-attributed tree before execution. Viewers will see how this hidden process not only powers programming but also shapes security decisions developers can’t ignore.…YOUTUBE.COM
5 SepSecrets of Security Engineers Who Think Like Product ManagersIn this short, Julia Knecht reveals how security engineers can transform their impact by thinking like product managers. Instead of jumping straight to tools, she explains why defining the problem and envisioning the end state are the first critical steps. Drawing on her experien…YOUTUBE.COM
5 SepFrom Deep Blue to Today: Why AI Still Confuses ExpertsIn this short, Sohrob Kazerounian explores how the meaning of “intelligence” in AI has shifted from Deep Blue defeating Garry Kasparov to today’s advanced systems. Even for cybersecurity professionals and tech experts, the line between real intelligence and clever computation rem…YOUTUBE.COM
5 SepAI Projects in College… But Zero Security Classes?! 🚨In this short, cybersecurity expert John Kinsella points out a shocking reality: while students are diving into AI projects in college, almost no one is teaching them how to secure it. The industry is racing ahead with innovation, but the security side hasn’t caught up—yet. This …YOUTUBE.COM
5 SepImaginaryCTF 2025 | September 5-7, 12 PM PDT | a cybersecurity CTF competition with a variety of challenges for all skill levelssubmitted by otter to cybersecurity 4 points | 0 comments https://2025.imaginaryctf.org/ cross-posted from: lemmy.ca/post/51072576INFOSEC.PUB
5 SepFrostbyte10 bugs put thousands of refrigerators at major grocery chains at risksubmitted by cm0002 to cybersecurity 14 points | 0 comments https://www.theregister.com/2025/09/02/frostbyte10_copeland_controller_bugs/INFOSEC.PUB
5 SepVirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pagessubmitted by Amoxtli to cybersecurity 18 points | 2 comments https://thehackernews.com/2025/09/virustotal-finds-44-undetected-svg.html?m=1SH.ITJUST.WORKS
5 SepSextortion with a twist: Spyware takes webcam pics of users watching pornsubmitted by return2ozma to cybersecurity 25 points | 9 comments https://arstechnica.com/security/2025/09/sextortion-with-a-twist-spyware-takes-webcam-pics-of-users-watching-porn/SH.ITJUST.WORKS
5 SepChina-aligned crew poisons Windows servers to manipulate Google resultssubmitted by Pro to cybersecurity 14 points | 1 comments https://www.welivesecurity.com/en/eset-research/ghostredirector-poisons-windows-servers-backdoors-side-potatoes/ cross-posted from: programming.dev/post/36914853SH.ITJUST.WORKS
🌐 CYBER THREAT LANDSCAPE 3[−]
5 SepAutomation Is Redefining Pentest DeliveryPentesting remains one of the most effective ways to identify real-world security weaknesses before adversaries do. But as the threat landscape has evolved, the way we deliver pentest results hasn't kept pace. Most organizations still rely on traditional reporting methods—static …THEHACKERNEWS.COM
5 SepVirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing PagesCybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute…THEHACKERNEWS.COM
5 SepUnder lock and key: Safeguarding business data with encryptionAs the attack surface expands and the threat landscape grows more complex, it’s time to consider whether your data protection strategy is fit for purposeWELIVESECURITY.COM
📡 INFOSEC NEWS 5[−]
5 SepEU fines Google $3.5 billion for anti-competitive ad practicesThe European Commission has fined Google €2.95 billion ($3.5 billion) for abusing its dominance in the digital advertising technology market and favoring its adtech services over those of its competitors. [...]BLEEPINGCOMPUTER.COM
5 SepMicrosoft gives US students a free year of Microsoft 365 PersonalMicrosoft announced that starting this Thursday, all college students in the United States can get a free year of Microsoft 365 Personal. [...]BLEEPINGCOMPUTER.COM
5 SepX is now offering me end-to-end encrypted chat — you probably shouldn’t trust it yetX's new encrypted messaging feature, XChat, has some red flags.TECHCRUNCH.COM
5 SepParents warned that robot toys spied on children’s location without consentParents are being reminded to exercise caution about the toys that they purchase their children, after the United States Federal Trade Commission (FTC) announced it had taken action against a robot toy maker. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
5 SepHow to reduce the digital footprint of kids and teens | Kaspersky official blogLearn how to reduce your child's digital footprint without intrusive controls or heavy-handed bans — plus essential cyber-hygiene for today's schoolkids.KASPERSKY.COM