89Articles
9Categories
2025-09-10Date
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
10 Sep KEVPatch Tuesday priorities: Vulnerabilities in SAP NetWeaver and Microsoft NTLM and Hyper-VCISOs with SAP NetWeaver AS Java servers in their environments should make sure admins patch two highly critical vulnerabilities as soon as possible. They are among the most important of the monthly Patch Tuesday fixes issued today by a number of vendors. The worst NetWeaver vuln…CSOONLINE.COM
10 SepAdobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer AccountsAdobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts. The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.…THEHACKERNEWS.COM
10 SepSAP Patches Critical NetWeaver (CVSS Up to 10.0) and Previously Exploited S/4HANA FlawsSAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files. The vulnerabilities are listed below - CVE-2025-42944 (CVSS score: 10.0) - A …THEHACKERNEWS.COM
10 SepCritical SAP NetWeaver Flaw Allows Attackers to Execute Arbitrary CodeA critical security vulnerability has been discovered in SAP NetWeaver AS Java Deploy Service that enables authenticated attackers to execute arbitrary code and potentially achieve complete system compromise. The flaw, tracked as CVE-2025-42922, affects the Deploy Web S…GBHACKERS.COM
10 SepWindows BitLocker Flaw Allows Privilege Escalation by AttackersMicrosoft has released a warning about two serious security flaws in Windows BitLocker that could allow attackers to gain elevated privileges on affected machines. These vulnerabilities, tracked as CVE-2025-54911 and CVE-2025-54912, were publicly disclosed on September 9, 2025. B…GBHACKERS.COM
10 SepCritical Flaws in Microsoft Office Enable Remote Code Execution by AttackersMicrosoft has disclosed two serious security vulnerabilities in its Office suite that allow attackers to execute arbitrary code on affected systems. Both flaws were publicly released on September 9, 2025, and have been assigned CVE identifiers CVE-2025-54910 and CVE-2025-54906. T…GBHACKERS.COM
10 SepApple CarPlay Vulnerability Allows Remote Code Execution to Gain Root AccessA newly disclosed vulnerability in Apple’s CarPlay ecosystem enables remote code execution with root privileges, posing a serious risk to connected vehicles. Discovered by the Oligo Security Research team and tracked as CVE-2025-24132, the flaw resides within the AirPla…GBHACKERS.COM
10 SepCursor’s autorun lets hackers execute arbitrary codeOasis Security has uncovered a flaw in the widely used AI-powered code editor Cursor that lets malicious repositories silently execute code the moment a developer opens them. According to a disclosure shared with CSO ahead of its publication on Wednesday, the issue comes from how…CSOONLINE.COM
10 SepAdobe Commerce and Magento users: Patch critical SessionReaper flaw nowAdobe issued an emergency patch for one of the most severe vulnerabilities ever discovered in the Magento Open Source ecommerce platform and Adobe Commerce, its enterprise counterpart. The flaw allows unauthenticated attackers to hijack user accounts and, in some cases, execute a…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 30[−]
10 SepOT-Security: Warum der Blick auf Open Source lohntAuch im OT-Security-Bereich stellen Open-Source-Lösungen eine kostengünstige Alternative zu kommerziellen Tools dar. MY STOCKERS – Shutterstock.com OT-Security als strategischer Erfolgsfaktor Die zunehmende Digitalisierung und Vernetzung in der industriellen Produktion haben OT-S…CSOONLINE.COM
10 SepGentlemen Ransomware Exploits Drivers and Group Policies to Breach OrganizationsThe Gentlemen ransomware group has emerged as a sophisticated threat actor, demonstrating advanced capabilities through systematic compromise of enterprise environments across 17 countries. Their campaign combines legitimate driver abuse, Group Policy manipulation, and custom ant…GBHACKERS.COM
10 SepWorkday Data Breach Exposed Customer Data and Case DetailsMajor enterprise software provider Workday has disclosed a significant security incident that exposed customer data through a compromised third-party application, affecting business contact information and support case details. Third-Party Security Breach On August 23, 2025, Work…GBHACKERS.COM
10 SepChrome Security Update Fixes Critical Remote Code Execution FlawGoogle has released an urgent security update for Chrome to address two significant vulnerabilities, including a critical remote code execution flaw that could allow attackers to completely compromise user systems. The stable channel update brings Chrome to version 140.0.7339.127…GBHACKERS.COM
10 SepiCloud Calendar Invites Disguise New Phishing CampaignsPhishing Scams, Leaked Stream Keys, Zero-Day Android Vulnerabilities, and Bounties on Russian Hackers In this episode of Cybersecurity Today, host Jim Love discusses several critical cybersecurity issues. Attackers are using iCloud calendar invites for phishing scams, leveraging …CYBERSECURITYTODAY.LIBSYN.COM
10 SepDarkSamural APT Group Deploys LNK/PDF Malware to Steal Critical InformationDarkSamural, a newly identified subspecies of the notorious OceanLotus APT, has launched a sophisticated campaign targeting high-value organizations in Pakistan. Leveraging malicious LNK files masquerading as PDF documents and sophisticated MSC containers empowered by GrimResourc…GBHACKERS.COM
10 SepSophos Wireless Access Point Vulnerability Allows Attackers to Bypass AuthenticationSophos has released an important security advisory addressing a critical authentication bypass vulnerability in its AP6 Series Wireless Points. Attackers who can reach the management interface of an affected device may exploit this flaw to gain full administrator privileges. Soph…GBHACKERS.COM
10 SepGONEPOSTAL Malware Exploits Outlook for Stealthy Command-and-ControlA sophisticated espionage campaign leveraging a previously unknown malware strain dubbed GONEPOSTAL, attributed to the notorious Russian state-sponsored group KTA007, better known as Fancy Bear or APT28. The malware transforms Microsoft Outlook into a covert command and control c…GBHACKERS.COM
10 SepHighly Popular NPM Packages Poisoned in New Supply Chain AttackDesigned to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments. The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek .SECURITYWEEK.COM
10 SepFortinet, Ivanti, Nvidia Release Security UpdatesHigh-severity vulnerabilities could lead to remote code execution, privilege escalation, information disclosure, and configuration tampering. The post Fortinet, Ivanti, Nvidia Release Security Updates appeared first on SecurityWeek .SECURITYWEEK.COM
10 SepForrester 2026 Budget Planning Guide and BlackHat 2025 Interviews - Jess Burn - BSW #412With volatility now the norm, security and risk leaders need practical guidance on managing existing spending and new budgetary necessities. Where should they look? Jess Burn, Principal Analyst at Forrester Research, joins Business Security Weekly to discuss Forrester's Budget Pl…YOUTUBE.COM
10 SepLazarus Hackers Abuse Git Symlink Vulnerability in Stealthy Phishing CampaignKuCoin’s security team has uncovered a new phishing campaign orchestrated by the Lazarus Group (APT38), the notorious state-sponsored collective renowned for financially motivated cyberespionage. Armed with government resources and a history of high-profile breaches, Lazarus cont…GBHACKERS.COM
10 SepHackerOne Data Breach, Hackers Illegally Access Salesforce EnvironmentHackerOne, a leading vulnerability coordination platform, has confirmed that its Salesforce environment was compromised in a recent third-party data breach. The incident stemmed from an attack on the Drift application provided by Salesloft, which allowed unauthorized actors to ga…GBHACKERS.COM
10 SepAmp’ed RF BT-AP 111 Bluetooth Access Point Vulnerability Enables Admin TakeoverThe Amp’ed RF BT-AP 111 Bluetooth Access Point has been discovered to expose its HTTP-based administrative interface entirely without authentication controls, enabling unauthenticated attackers with network access to seize full administrative privileges. This critical security ov…GBHACKERS.COM
10 SepWhat the Salesloft Drift breaches reveal about 4th-party riskThe recent SalesLoft Drift breaches revealed an uncomfortable truth that keeps me up at night, and should keep every CISO awake, too. Organizations weren’t breached through their vendor. They weren’t even breached through their vendor’s vendor. It appears they were compromised th…CSOONLINE.COM
10 Sep KEVMicrosoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 BugsMicrosoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortco…THEHACKERNEWS.COM
10 SepApple iPhone Air and iPhone 17 Feature A19 Chips With Spyware-Resistant Memory SafetyApple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the tech giant, offers "always-on memory safety protection" across critical attack surface…THEHACKERNEWS.COM
10 SepApple Unveils iPhone Memory Protections to Combat Sophisticated AttacksApple’s new Memory Integrity Enforcement (MIE) brings always-on memory-safety protection covering key attack surfaces — including the kernel and over 70 userland processes. The post Apple Unveils iPhone Memory Protections to Combat Sophisticated Attacks appeared first on Security…SECURITYWEEK.COM
10 SepKikimora Announces Launch of Kikimora Agent: Accessible AI-Powered Cybersecurity Platform for SME SecuritySofia, Bulgaria, September 10th, 2025, CyberNewsWire Kikimora, a cybersecurity specialist and a product developer, has announced the launch of Kikimora Agent, a new AI-powered platform providing accessible cybersecurity management, vulnerability detection, and asset monitoring fo…GBHACKERS.COM
10 SepRansomware upstart ‘The Gentlemen’ raises the stakes for OT‑heavy sectorsA new threat actor, The Gentlemen, has emerged as a fast-moving ransomware group that has rapidly expanded its activity across Asia Pacific, South America, the US, and the Middle East. First identified in August, the group has already hit organizations in 17 countries, with victi…CSOONLINE.COM
10 SepCyberVolk Ransomware Targets Windows Systems in Critical Infrastructure and Research InstitutionsCyberVolk ransomware, which first emerged in May 2024, has escalated its operations against government agencies, critical infrastructure, and scientific institutions across Japan, France, and the United Kingdom. Operating with pro-Russian leanings, CyberVolk specifically targets …GBHACKERS.COM
10 SepApple: iPhone 17 lineup and iPhone Air come with Memory Integrity Enforcement, which provides always-on memory safety protectionsubmitted by Pro to cybersecurity 1 points | 0 comments https://security.apple.com/blog/memory-integrity-enforcement/ cross-posted from: programming.dev/post/37193710 Hacker News .SH.ITJUST.WORKS
10 SepJaguar Land Rover confirms data theft after recent cyberattackJaguar Land Rover (JLR) confirmed today that attackers also stole "some data" during a recent cyberattack that forced it to shut down systems and instruct staff not to report to work. [...]BLEEPINGCOMPUTER.COM
10 SepCan I have a new password, please? The $400M question.Scattered Spider didn't need a zero-day to breach Clorox. They just phoned the help desk—convincing agents to reset passwords & MFA without proper checks. The result: $380M in damages. Learn from Specops Software why caller verification and audit trails are critical. [...]BLEEPINGCOMPUTER.COM
10 SepHow Pixel and Android are bringing a new level of trust to your images with C2PA Content CredentialsPosted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Manager, Google C2PA Core At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos . This announ…SECURITY.GOOGLEBLOG.COM
10 SepAutomation or Exploitation? The AI Cybersecurity Dilemma!In this short, Sohrob Kazerounian breaks down the hidden risks of giving GenAI systems real control. Instead of just answering questions, these models could manage databases, automate workflows, and act on behalf of users. But is that innovation… or a cybersecurity nightmare? Wat…YOUTUBE.COM
10 Sep"Yep, I got pwned. Sorry everyone, very embarrassing."In essence, that is the disclosure and notification message that the open-source developer "qix" sent to the world when he was social engineered to give up access credentials to his GitHub account.KNOWBE4.COM
10 SepWhen “Free Data” Becomes Your Biggest Security Threat…A cybersecurity expert reveals why “free” open-source datasets can be the biggest hidden risk in AI development. This short highlights how a poisoned dataset trained countless models without anyone noticing — and why checking your AI SBOM (Software Bill of Materials) is now criti…YOUTUBE.COM
10 SepYour Hybrid Exchange Server Is Still Wide Open 😱A shocking discovery reveals that over 29,000 on-premises Exchange servers remain unpatched, leaving hybrid environments dangerously exposed. Doug White explains how ignoring a simple update could let attackers slip in with stolen identities and compromise entire networks. This s…YOUTUBE.COM
10 SepRisky Business #806 -- Apple's Memory Integrity Enforcement is a big dealOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Apple ruins exploit developers’ week with fresh memory corruption mitigations Feross Aboukhadijeh drops by to talk about the big, dumb npm supply chain attack Salesloft says its Gi…RISKY.BIZ
📋 SECURITY BULLETINS 5[−]
10 SepICS Patch Tuesday: Rockwell Automation Leads With 8 Security AdvisoriesAdvisories have also been published by Siemens, Schneider Electric, Phoenix Contact and CISA. The post ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories appeared first on SecurityWeek .SECURITYWEEK.COM
10 SepMicrosoft fixes app install issues caused by August Windows updatesMicrosoft has fixed a known issue caused by the August 2025 security updates, which triggers unexpected User Account Control (UAC) prompts and app installation problems for non-admin users on all Windows versions. [...]BLEEPINGCOMPUTER.COM
10 SepMicrosoft fixes streaming issues triggered by Windows updatesMicrosoft has resolved severe lag and stuttering issues with streaming software affecting Windows 10 and Windows 11 systems after installing the August 2025 security updates. [...]BLEEPINGCOMPUTER.COM
10 SepMultiple Vulnerabilities in GitLab Patched, Blocking DoS and SSRF Attack VectorsGitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure. The company released versions 18.3.2, 18.2.6, and 18.1.6 for bot…GBHACKERS.COM
10 SepSeptember Patch Tuesday handles 81 CVEsThe last round of fixes before Win 10’s final shout touches 15 product families, including XboxSOPHOS.COM
📢 SECURITY ADVISORIES 5[−]
10 SepChina-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 NegotiationsThe House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the People's Republic of China (PRC) amid contentious U.S.–China trade talks. "These campaigns seek to compromise organization…THEHACKERNEWS.COM
10 SepThe Time-Saving Guide for Service Providers: Automating vCISO and Compliance ServicesIntroduction Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better …THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 8[−]
10 SepUS Offers $10 Million Reward for Ukrainian Ransomware OperatorVolodymyr Tymoshchuk allegedly hit hundreds of organizations with the LockerGoga, MegaCortex, and Nefilim ransomware families. The post US Offers $10 Million Reward for Ukrainian Ransomware Operator appeared first on SecurityWeek .SECURITYWEEK.COM
10 SepThe State of Ransomware in Education 2025441 IT and cybersecurity share their ransomware experiences, revealing the realities facing lower and higher education providers today.SOPHOS.COM
10 SepLovesac warns customers their data was breached after suspected RansomHub attack six months agoAmerican furniture maker Lovesac, known for its modular couches and comfy beanbags, has warned customers that their data was breached by hackers earlier this year, and that they should remain vigilant to the threat of identity theft. Read more in my article on the Hot for Securit…BITDEFENDER.COM
10 SepAsyncRAT Leverages Fileless Techniques to Bypass DetectionFileless malware has become a formidable adversary for security teams, operating entirely in memory and evading disk-based detection. A recent incident demonstrates how attackers leveraged a multi-stage fileless loader to deploy AsyncRAT, a powerful Remote Access Trojan (RAT), th…GBHACKERS.COM
10 SepJaguar Land Rover says data stolen in disruptive cyberattackThe cyberattack at Jaguar Land Rover, which began on September 2, has ground vehicle assembly lines to a standstill.TECHCRUNCH.COM
10 SepJaguar Land Rover Admits Data Breach Caused by Recent CyberattackAfter announcing that the cyberattack-caused disruption to factories would continue, Jaguar Land Rover is now confirming a data breach. The post Jaguar Land Rover Admits Data Breach Caused by Recent Cyberattack appeared first on SecurityWeek .SECURITYWEEK.COM
10 SepChinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military SystemsAn advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme. "This multi-stage toolset achieves persistent, low-profile espionage by …THEHACKERNEWS.COM
10 SepUS charges suspected ransomware kingpin, and offers $10 million bounty for his captureA US federal court has unssealed charges against a Ukrainian national who authorities allege was a key figure behind several strains of ransomware, including LockerGoga, MegaCortex, and Nefilim. Read more in my article on the Fortra blog.FORTRA.COM
🕵️ THREAT INTELLIGENCE 20[−]
10 SepISC Stormcast For Wednesday, September 10th, 2025 https://isc.sans.edu/podcastdetail/9606, (Wed, Sep 10th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
10 SepGitHub Abused by Kimsuky Hackers Delivering Malware Through LNK FilesGitHub repositories for malware delivery through sophisticated weaponized LNK files, according to recent analysis by S2W’s Threat Intelligence Center, TALON. This campaign demonstrates the group’s evolving tactics in leveraging trusted platforms to bypass security mea…GBHACKERS.COM
10 SepHackers Impersonate Google AppSheet in Latest Phishing CampaignThe cybersecurity landscape has witnessed a novel phishing campaign that weaponizes Google’s no-code platform, AppSheet, to harvest user credentials. By abusing AppSheet’s trusted email infrastructure, attackers are bypassing traditional security controls and delivering malicious…GBHACKERS.COM
10 SepThreat Actor’s Self-Deployment of EDR Exposes Their Tools and WorkflowsIn a twist of fate that underscores both the power and inherent transparency of endpoint detection and response (EDR) solutions. By investigating alerts generated through this deployment, the Huntress Security Operations Center (SOC) gained unprecedented insight into the adversar…GBHACKERS.COM
10 SepMY TAKE: The workflow cadences of GenAI — what’s being lost, what’s starting to be reclaimedGen-AI disruption is real. It’s profound, high-stakes, and unprecedented. It’s also accelerating — faster than any technological shift in recent memory. But beneath the hype and uncertainty, a distinct set of rhythms is beginning to emerge. That’s what I’ve come … (more…) T…LASTWATCHDOG.COM
10 SepHush Security Emerges Stealth to Eliminate Credential Threats With No-Secrets PlatformTel Aviv–based startup replaces vaults and secrets managers with just-in-time policies, aiming to eliminate credentials entirely. The post Hush Security Emerges Stealth to Eliminate Credential Threats With No-Secrets Platform appeared first on SecurityWeek .SECURITYWEEK.COM
10 SepGoogle Drive Desktop for Windows Flaw Lets Users Gain Full Access to Others’ DrivesMillions of people and businesses trust Google Drive every day to store important files like contracts, reports, photos, and research papers. The desktop app for Windows promises secure and seamless syncing of files between local folders and the cloud. Yet a serious flaw in Googl…GBHACKERS.COM
10 SepRed Access Raises $17 Million for Agentless Security PlatformThe investment will accelerate product innovation and will fuel the security company’s expansion in the US. The post Red Access Raises $17 Million for Agentless Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
10 SepMeta Verified Scam Ads on Facebook Steal User Account DetailsContent creators and small businesses are facing a sophisticated new threat targeting their Facebook accounts through deceptive advertisements promising free Meta verification badges. A new malvertising campaign is targeting Facebook users with malicious ads that promise to unloc…GBHACKERS.COM
10 SepGeordie Emerges From Stealth With $6.5M for AI Agent Security PlatformGeordie has developed a platform that gives enterprises deep visibility into AI agents and what they are doing. The post Geordie Emerges From Stealth With $6.5M for AI Agent Security Platform appeared first on SecurityWeek .SECURITYWEEK.COM
10 SepA look at a P2P camera (LookCam app)submitted by cm0002 to cybersecurity 1 points | 0 comments https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/INFOSEC.PUB
10 SepNeues Phishing-Framework umgeht Multi-Faktor-AuthentifizierungPhishing 2.0 nutzt Subdomain-Rotation und Geoblocking. janews – Shutterstock.com Eine kürzlich aufgedeckte Phishing-Kampagne steht in Verbindung mit Salty2FA, einem Phishing-as-a-Service-(PhaaS-)Framework. Es soll entwickelt worden sein, um Multi-Faktor-Authentifizierung (MFA) zu…CSOONLINE.COM
10 SepBASE64 Over DNS, (Wed, Sep 10th)On the Stormcast , Johannes talked about BASE64 and DNS used by a backdoor. ISC.SANS.EDU
10 SepThe Most Overlooked Cybersecurity Skill in Devs ⚡In this short, Mike reveals why threat modeling might be the most overlooked cybersecurity skill for developers. He explains how thinking like a hacker—spotting abuse cases, errors, and malicious intent—shouldn’t just be an advanced trick but a core part of writing secure code. F…YOUTUBE.COM
10 SepWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 1 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
10 SepPaved Roads Explained: Security Without the Chaos 🚀In this short, cybersecurity experts break down the idea of “paved roads” — a strategy designed to bring clarity and alignment to security initiatives. Viewers learn how defining success criteria upfront can transform secrets management and reduce chaos across teams. By simplifyi…YOUTUBE.COM
10 SepMonorepo or Microservices… Does Security Care? 😱In this short, Jonathan breaks down the real difference between monorepos and microservices for security teams. Viewers will see how code partitioning works, why it matters less than people think, and what it means for cybersecurity operations. Perfect for developers, DevOps, and…YOUTUBE.COM
10 SepReport: Shadow AI Poses an Increasing Risk to OrganizationsThe use of “shadow AI” is an increasing security risk within organizations, according to a new report from Netskope.KNOWBE4.COM
10 SepUS Senator Wyden pushes FTC to investigate Microsoft for 'gross cybersecurity negligence'submitted by nemeski to cybersecurity 2 points | 0 comments https://www.reuters.com/legal/government/us-senator-wyden-pushes-ftc-investigate-microsoft-gross-cybersecurity-negligence-2025-09-10/SH.ITJUST.WORKS
10 SepWhy Developers Hate the Wrong Cybersecurity Metrics ⚡Developers don’t just dislike bad code—they hate bad cybersecurity metrics even more. In this short, experts break down why reporting “big numbers” to the board can backfire, and how prioritizing the right fixes matters more than showing inflated dashboards. It’s a quick look at …YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 1[−]
10 SepCHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux SystemsCybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems. According to an analysis from Jamf Threat Labs, …THEHACKERNEWS.COM
🎙️ PODCASTS 1[−]
10 SepSmashing Security podcast #434: Whopper Hackers, and AI WhoppersEver wondered what would happen if Burger King left the keys to the kingdom lying around for anyone to use? Ethical hackers did - and uncovered drive-thru recordings, hard-coded passwords, and even the power to open a Whopper outlet on the moon. Meanwhile, over in Silicon Valley,…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 9[−]
10 SepWhat’s Your Cybersecurity Maturity?This blog post looks at four key milestones along the cybersecurity maturity journey and poses some questions you can ask to determine the stage of your organization’s progress.TRENDMICRO.COM
10 SepWatch Out for Salty2FA: New Phishing Kit Targeting US and EU EnterprisesPhishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and sl…THEHACKERNEWS.COM
10 SepGoogle’s former security leads raise $13M to fight email threats before they reach youThe startup is using real-time AI agents that inspect, analyze, and neutralize email threats.TECHCRUNCH.COM
10 SepVibe coding? Meet vibe securityAs AI evolves at breakneck speed, attackers are evolving right alongside it. Vibe coding, AI agents, and prompt-based attacks are opening enterprises up to new vulnerabilities daily. The pressure is on for cybersecurity tools to keep pace, and startups are seizing the moment. Few…TECHCRUNCH.COM
10 SepPixel 10 fights AI fakes with new Android photo verification techGoogle is integrating C2PA Content Credentials into the Pixel 10 camera and Google Photos, to help users distinguish between authentic, unaltered images and those generated or edited with artificial intelligence technology. [...]BLEEPINGCOMPUTER.COM
10 SepCursor AI editor lets repos “autorun” malicious code on devicesA weakness in the Cursor code editor exposes developers to the risk of automatically executing tasks in a malicious repository as soon as it's opened. [...]BLEEPINGCOMPUTER.COM
10 SepHackers left empty-handed after massive NPM supply-chain attackThe largest supply-chain compromise in the history of the NPM ecosystem has impacted roughly 10% of all cloud environments, but attackers made little profit off it. [...]BLEEPINGCOMPUTER.COM
10 SepMicrosoft waives fees for Windows devs publishing to Microsoft StoreMicrosoft announced that, starting today, individual Windows developers will no longer have to pay for publishing their applications on the Microsoft Store. [...]BLEEPINGCOMPUTER.COM
10 SepDDoS defender targeted in 1.5 Bpps denial-of-service attackA DDoS mitigation service provider in Europe was targeted in a massive distributed denial-of-service attack that reached 1.5 billion packets per second. [...]BLEEPINGCOMPUTER.COM