97Articles
9Categories
2025-09-11Date
🚨 CISA KEV 1[−]
11 Sep KEVCISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-5086 Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attac…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
11 Sep KEVACSC Warns of Actively Exploited SonicWall Access Control VulnerabilityThe Australian Cyber Security Centre (ACSC) has issued an urgent warning about a critical vulnerability in SonicWall firewall devices that is being actively exploited by threat actors. The flaw, tracked as CVE-2024-40766, affects SonicOS management access and SSLVPN functionality…GBHACKERS.COM
11 SepAI prompt injection gets real — with macros the latest hidden threatAttackers are increasingly exploiting generative AI by embedding malicious prompts in macros and exposing hidden data through parsers. The switch in adversarial tactics — noted in a recent State of File Security study from OPSWAT — calls for enterprises to extend the same type of…CSOONLINE.COM
11 SepNVIDIA NVDebug Tool Vulnerability Lets Attackers Gain Elevated System AccessA critical vulnerability in NVIDIA’s NVDebug tool could allow attackers to gain elevated system access, execute code, or tamper with data. NVIDIA released a security bulletin on September 8, 2025, reporting three distinct flaws in the NVDebug tool and urging all users to update t…GBHACKERS.COM
11 SepPalo Alto Networks User-ID Agent Flaw Leaks Passwords in CleartextA newly disclosed vulnerability in the Palo Alto Networks User-ID Credential Agent on Windows systems allows service account passwords to be exposed in cleartext under certain non-default configurations. Tracked as CVE-2025-4235, the flaw carries a CVSS base score of 4.2 (Medium)…GBHACKERS.COM
11 SepCoreDNS Vulnerability Allows Attackers to Poison DNS Cache and Block UpdatesA critical flaw in CoreDNS’s etcd plugin can let attackers pin DNS records in caches for years, effectively blocking legitimate updates. This vulnerability, tracked as CVE-2025-58063, stems from incorrect handling of etcd lease IDs. It affects every CoreDNS release from version 1…GBHACKERS.COM
11 SepAngular SSR Vulnerability Allows Attackers to Access Sensitive DataA high vulnerability in Angular’s server-side rendering (SSR) feature can lead to sensitive data exposure when multiple requests are handled at the same time. This flaw, tracked as CVE-2025-59052, stems from a global race condition in the platform injector that may cause cross-re…GBHACKERS.COM
11 SepAkira ransomware exploiting critical SonicWall SSLVPN bug againThe Akira ransomware gang is actively exploiting CVE-2024-40766, a year-old critical-severity access control vulnerability, to gain unauthorized access to SonicWall devices. [...]BLEEPINGCOMPUTER.COM
11 SepCVE-2025-55319 Agentic AI and Visual Studio Code Remote Code Execution VulnerabilityAi command injection in Agentic AI and Visual Studio Code allows an unauthorized attacker to execute code over a network.MSRC.MICROSOFT.COM
11 SepChromium: CVE-2025-10201 Inappropriate implementation in MojoThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
11 SepChromium: CVE-2025-10200 Use after free in ServiceworkerThis CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/202[SS9.1]5) for more information.MSRC.MICROSOFT.COM
⚠️ VULNERABILITY DISCLOSURE 31[−]
11 SepCalifornia, two other states to come down hard on GPC violatorsUS organizations are being advised to make sure they have systems in place to detect and honor Global Privacy Control (GPC) signals, as a result of the launch this week of a multi-state privacy enforcement sweep to target those who do not. The California Privacy Protection Agency…CSOONLINE.COM
11 SepManaged SOC für mehr SicherheitAls zentrale Einheit überwachen Fachleute im SOC die gesamte IT-Infrastruktur eines Unternehmens. Rund um die Uhr analysieren sie alle sicherheitsrelevanten Ereignisse in Echtzeit. Gorodenkoff – shutterstock.com Die Anforderungen an IT-Sicherheit haben sich in den vergangenen Jah…CSOONLINE.COM
11 SepReflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using SafariA recent bug bounty discovery has drawn attention to a browser-specific reflected Cross-Site Scripting (XSS) vulnerability on help-ads.target.com. This flaw was found to bypass Amazon CloudFront’s Web Application Firewall (WAF) protections but could only be exploited on the Safar…GBHACKERS.COM
11 SepAsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and CryptoCybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management (RMM) software, to deliver a fleshless loader that drops a remote access trojan (RAT) called AsyncRAT to steal sensitive data…THEHACKERNEWS.COM
11 SepDDoS Mitigation Provider Hit by Massive 1.5 Billion Packets Per Second Attack FastNetMon today announced it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack peaked at 1.5 billion packets per second (1.5 Gpps), making it one of the largest packet-…GBHACKERS.COM
11 SepOT security: Why it pays to look at open sourceOT security as a strategic success factor Increasing digitalization and networking in industrial production have made operational technology security a key issue for companies. Production data, SCADA systems (supervisory control and data acquisition) and networked machines are es…CSOONLINE.COM
11 SepCursor AI Code Editor RCE Flaw Allows Malicious Code to Autorun on MachinesA critical vulnerability in the Cursor AI Code Editor exposes developers to stealthy remote code execution (RCE) attacks when opening code repositories, security researchers warn. The flaw, discovered by Oasis Security, allows attackers to deliver and run harmful code automatical…GBHACKERS.COM
11 Sep1.5 Billion Packets Per Second DDoS Attack Detected with FastNetMonFastNetMon today announced that it detected a record-scale distributed denial-of-service (DDoS) attack targeting the website of a leading DDoS scrubbing vendor in Western Europe. The attack reached 1.5 billion packets per second (1.5 Gpps) — one of the largest…GBHACKERS.COM
11 SepZynorRAT Exploits Windows and Linux Systems to Gain Remote AccessDuring a recent threat hunting exercise, the Sysdig Threat Research Team (TRT) identified a new sample dubbed ZynorRAT. This Go-based Remote Access Trojan (RAT) delivers a comprehensive suite of custom command-and-control (C2) capabilities for both Linux and Windows systems. Firs…GBHACKERS.COM
11 SepFake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business AccountsCybersecurity researchers have disclosed two new campaigns that are serving fake browser extensions using malicious ads and fake websites to steal sensitive data. The malvertising campaign, per Bitdefender, is designed to push fake "Meta Verified" browser extensions named SocialM…THEHACKERNEWS.COM
11 SepkkRAT Exploits Network Protocols to Exfiltrate Clipboard DataThe threat actor delivers three Remote Access Trojans (RATs)—ValleyRAT, FatalRAT, and a newly discovered RAT dubbed kkRAT—via phishing sites hosted on GitHub Pages. These sites masquerade as legitimate software installers for popular applications. In each instance, a ZIP archive …GBHACKERS.COM
11 Sep KEVSonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware HackersThreat actors affiliated with the Akira ransomware group have continued to target SonicWall devices for initial access. Cybersecurity firm Rapid7 said it observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewe…THEHACKERNEWS.COM
11 SepAkira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall FlawThe Akira ransomware group is likely exploiting a combination of three attack vectors to gain unauthorized access to vulnerable appliances. The post Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepUAE’s K2 Think AI Jailbroken Through Its Own Transparency FeaturesResearchers exploited K2 Think’s built-in explainability to dismantle its safety guardrails, raising new questions about whether transparency and security in AI can truly coexist. The post UAE’s K2 Think AI Jailbroken Through Its Own Transparency Features appeared first on Securi…SECURITYWEEK.COM
11 SepDocker malware breaks in through exposed APIs, then changes the locksA newly discovered strain of a cryptomining malware, first reported in June 2025, has evolved to target exposed Docker APIs instead of relying on Docker escape techniques as before. According to security researchers from Akamai’s Hunt Team, the new variant has also shifted focus …CSOONLINE.COM
11 SepMassive L7 DDoS Botnet Exploits 5.76M Hijacked Devices for Record AttacksIn a stark reminder of how vulnerable online services remain, Qrator Labs has revealed that a sprawling Layer 7 distributed denial-of-service (DDoS) botnet has swelled to over 5.76 million compromised devices, unleashing unprecedented traffic against critical infrastructures. Mon…GBHACKERS.COM
11 SepMicrosoft under fire: Senator demands FTC investigation into ‘arsonist selling firefighting services’US Senator Ron Wyden has formally requested that the Federal Trade Commission investigate Microsoft for what he characterized as “gross cybersecurity negligence” that had enabled widespread ransomware attacks against critical infrastructure, including healthcare organizations. In…CSOONLINE.COM
11 SepCritical Chrome Vulnerability Earns Researcher $43,000Google patched a critical use-after-free vulnerability in Chrome that could potentially lead to code execution. The post Critical Chrome Vulnerability Earns Researcher $43,000 appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepThreat Actors Leveraging Open-Source AdaptixC2 in Real-world AttacksIn early May 2025, Unit 42 researchers observed multiple instances of AdaptixC2 being deployed to infect enterprise systems. Unlike many high-profile command-and-control (C2) platforms, AdaptixC2 has flown under the radar, with scant public documentation demonstrating its use in …GBHACKERS.COM
11 SepThe Buyer’s Guide to Browser Extension ManagementBrowser extensions boost productivity—but also open the door to hidden risks like data exfiltration and AitM attacks. Keep Aware's Buyer's Guide shows how to gain visibility, enforce policies, and block risky add-ons in real time. [...]BLEEPINGCOMPUTER.COM
11 SepCISA Releases Eleven Industrial Control Systems AdvisoriesCISA released eleven Industrial Control Systems (ICS) advisories on September 11, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-254-01 Siemens SIMOTION Tools ICSA-25-254-02 Siemens SIMATIC V…CISA.GOV
11 Sep🚨 Pre-Auth SQL Injection to RCE… How Does This Still Happen?!A cybersecurity researcher breaks down a shocking case of a pre-auth SQL injection leading to remote code execution (RCE). This isn’t just theory—it’s a real vulnerability that raises questions about outdated code and weak software development practices. How does such a basic fla…YOUTUBE.COM
11 SepChina pilots village surveillance in Solomon Islands in the Pacific, where Chinese police are collecting fingerprints, palm prints to "curb social unrest"submitted by randomname to cybersecurity 1 points | 0 comments https://www.reuters.com/world/china/china-pilots-village-surveillance-solomon-islands-seeks-stability-2025-09-11/ cross-posted from: scribe.disroot.org/post/4501921 China has exported its village surveillance model to…SH.ITJUST.WORKS
11 SepChina pilots village surveillance in Solomon Islands in the Pacific, where Chinese police are collecting fingerprints, palm prints to "curb social unrest"submitted by randomname to cybersecurity 2 points | 0 comments https://www.reuters.com/world/china/china-pilots-village-surveillance-solomon-islands-seeks-stability-2025-09-11/ cross-posted from: scribe.disroot.org/post/4501921 China has exported its village surveillance model to…INFOSEC.PUB
11 SepBulletproof Host Stark Industries Evades EU SanctionsIn May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation …KREBSONSECURITY.COM
11 SepPanama Ministry of Economy discloses breach claimed by INC ransomwarePanama's Ministry of Economy and Finance (MEF) has disclosed that one of its computers may have been compromised in a cyberattack.. [...]BLEEPINGCOMPUTER.COM
11 SepThe #1 Question You Should Ask Before Installing Any PackageIn this short, Mike and Janet break down the hidden risks behind software supply chains. Instead of focusing only on the package itself, they highlight the critical question every cybersecurity professional should ask: Can I really trust this package? From provenance to reproduci…YOUTUBE.COM
11 SepTop 10 Best Cloud Penetration Testing Companies in 2025Cloud is the foundation of modern business, but it comes with a complex and evolving security landscape. Traditional penetration testing, which focuses on on-premise networks and applications, is not sufficient to secure these dynamic environments. Cloud penetration testing requi…GBHACKERS.COM
11 SepIs Your OT Network the Next Target? 💀 #CyberSecurityCybersecurity expert Doug White breaks down how hackers are actively exploiting Erlang OTP/SSH on OT networks. With nearly 70% of attacks coming from firewalls that protect operational technology, it raises the question: is your OT network the next target? This short exposes why …YOUTUBE.COM
11 SepAmericans Can't Hack It - PSW #891This week: * Americans Can't Hack It * Copy and paste to get malware * Pixel 5 web servers - because you can * How they got in and why security is hard * Vulnerability management is failing - is it dead yet? * Exploiting hacker tools * Bluetooth spending spree! * How to defend yo…YOUTUBE.COM
11 SepFrance says Apple notified victims of new spyware attackssubmitted by Pro to cybersecurity 1 points | 0 comments cross-posted from: programming.dev/post/37271383 Translated and Republished under Open License, V2.0 . Originally published in CERT-FR as Threat and Incident Report . Since 2021, Apple has been sending notification campaigns…SH.ITJUST.WORKS
📋 SECURITY BULLETINS 1[−]
11 SepDell PowerProtect Data Manager Flaw Allows System Compromise by AttackersDell has released a critical security update for its PowerProtect Data Manager (PPDM) platform, addressing multiple vulnerabilities that could allow attackers to compromise systems and execute arbitrary commands. The security advisory DSA-2025-326 reveals several high-severity fl…GBHACKERS.COM
📢 SECURITY ADVISORIES 6[−]
11 SepKey Operators of LockerGoga, MegaCortex, and Nefilim Ransomware Gangs ArrestedThe U.S. District Court for the Eastern District of New York has charged Volodymyr Viktorovich Tymoshchuk, a Ukrainian national known as deadforz, Boba, msfv, and farnetwork, for his role in administering LockerGoga, MegaCortex, and Nefilim ransomware operations. The indictment a…GBHACKERS.COM
11 SepCracking the Boardroom Code: Helping CISOs Speak the Language of BusinessCISOs know their field. They understand the threat landscape. They understand how to build a strong and cost-effective security stack. They understand how to staff out their organization. They understand the intricacies of compliance. They understand what it takes to reduce risk.…THEHACKERNEWS.COM
11 SepFBI Issues Guidance for Avoiding Deepfake ScamsThe FBI and the American Bankers Association (ABA) have issued a joint advisory warning of the growing threat posed by AI-generated deepfake scams .KNOWBE4.COM
🔥 INCIDENT REPORTING 11[−]
11 SepHackers Reap Minimal Gains from Massive npm Supply Chain BreachOn September 8th, 2025, at approximately 9AM EST, the npm ecosystem faced an acute supply chain attack. A threat actor leveraged social engineering techniques to compromise the account of well-known npm developer Qix, subsequently publishing malicious releases for several widely-…GBHACKERS.COM
11 SepTop 10 Best External Penetration Testing Companies in 2025External penetration testing is a crucial practice for any organization aiming to validate its security posture against real-world threats. In 2025, with the proliferation of cloud services, SaaS applications, and remote work, an organization’s external attack surface is la…GBHACKERS.COM
11 SepWyden Urges FTC to Investigate Microsoft Over Weak RC4 Encryption Enabling KerberoastingSenator Ron Wyden has formally requested the Federal Trade Commission investigate Microsoft for cybersecurity negligence that has enabled ransomware attacks against critical infrastructure organizations nationwide. In a September 10 letter to FTC Chair Andrew Ferguson, Wyden deta…GBHACKERS.COM
11 SepEggStreme Malware Emerges With Fileless Techniques and DLL Sideloading PayloadsA Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute p…GBHACKERS.COM
11 SepCyber Attack Exposes LNER Train Passengers’ Personal DataLondon North Eastern Railway (LNER) has confirmed that an unauthorized breach at one of its third-party suppliers exposed contact details and travel histories of some passengers. No banking or password data were involved. The company says it is treating the incident with the high…GBHACKERS.COM
11 Sep100,000 Impacted by Cornwell Quality Tools Data BreachThe tools manufacturer was targeted in a ransomware attack claimed by the Cactus group. The post 100,000 Impacted by Cornwell Quality Tools Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepAttackers Abuse Kubernetes DNS to Extract Git Credentials from ArgoCDA newly discovered attack method targeting ArgoCD and Kubernetes that could give red-teamers fresh ammo and blue-teamers fresh headaches. This technique lets an attacker abuse Kubernetes DNS to steal powerful Git credentials from ArgoCD, potentially taking over entire Git account…GBHACKERS.COM
11 SepUK Train Operator LNER Warns Customers of Data BreachLNER said the security incident involved a third-party supplier and resulted in contact information and other data being compromised. The post UK Train Operator LNER Warns Customers of Data Breach appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepSenator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity NegligenceU.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to probe Microsoft and hold it responsible for what he called "gross cybersecurity negligence" that enabled ransomware attacks on U.S. critical infrastructure, including against healthcare networks. "Without …THEHACKERNEWS.COM
11 SepJaguar Land Rover confirms data theft after recent cyberattacksubmitted by kid to cybersecurity 1 points | 0 comments https://www.bleepingcomputer.com/news/security/jaguar-land-rover-jlr-confirms-data-theft-after-recent-cyberattack/SH.ITJUST.WORKS
11 SepU.S. Senator accuses Microsoft of “gross cybersecurity negligence”U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 26[−]
11 SepDShield SIEM Docker Updates, (Wed, Sep 10th)Since the last update [ 5 ], over the past few months I added several enhancements to DShield SIEM and webhoneypot sensor collection that included an update to the interface to help with DShield sensor analysis. I updated the main dashboard to have all the main analytic…ISC.SANS.EDU
11 SepISC Stormcast For Thursday, September 11th, 2025 https://isc.sans.edu/podcastdetail/9608, (Thu, Sep 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 SepMenschenzentrierte Cybersicherheit gewinnt an BedeutungLesen Sie, worauf es beim Human Risk Management ankommt. UnImages – shutterstock.com Die Rolle des CISO in Unternehmen hat sich stark gewandelt, vom Cybersicherheitsexperten mit Technikfokus hin zu einem Manager von Mensch und Maschine. Gerade diese Kompetenzen sind insbesondere …CSOONLINE.COM
11 SepChrome Extension Scam Exposed: Hackers Stealing Meta AccountsA sophisticated campaign targeting Meta advertisers through fake AI-powered ad optimization tools has been uncovered, with cybercriminals deploying malicious Chrome extensions to steal credentials and hijack business accounts. Cybereason Security Services has identified an evolvi…GBHACKERS.COM
11 SepChillyHell macOS Malware: Three Methods of Compromise and PersistenceA new wave of macOS-targeted malware has emerged under the radar—despite employing advanced process reconnaissance and maintaining successful notarization status for years. Jamf Threat Labs recently uncovered a developer-signed sample on VirusTotal that used sophisticated endpoin…GBHACKERS.COM
11 SepPoisonSeed Threat Actor Strengthens Credential Theft Operations with New DomainsSpoof the email delivery platform SendGrid and employ fake Cloudflare CAPTCHA interstitials to lend legitimacy before redirecting unsuspecting users to credential harvesting pages. Since June 1, 2025, DomainTools Investigations has identified 21 newly registered domains exhibitin…GBHACKERS.COM
11 SepRemote CarPlay Hack Puts Drivers at Risk of Distraction and SurveillanceOligo Security has shared details on an Apple CarPlay attack that hackers may be able to launch without any interaction. The post Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepEmail Security Startup AegisAI Launches With $13 Million in FundingAegisAI uses autonomous AI agents to prevent phishing, malware, and BEC attacks from reaching inboxes. The post Email Security Startup AegisAI Launches With $13 Million in Funding appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepSenator Urges FTC Probe of Microsoft Over Security FailuresSenator Ron Wyden’s complaints focus on Windows security and the Kerberoasting attack technique. The post Senator Urges FTC Probe of Microsoft Over Security Failures appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepAI Emerges as the Hope—and Risk—for Overloaded SOCsWith security teams drowning in alerts, many suppress detection rules and accept hidden risks. AI promises relief through automation and triage—but without human oversight, it risks becoming part of the problem. The post AI Emerges as the Hope—and Risk—for Overloaded SOCs appeare…SECURITYWEEK.COM
11 SepKenyan Filmmakers Targeted with FlexiSPY Spyware Tracking Messages and Social MediaThe revelation that commercially available FlexiSPY spyware was clandestinely installed on devices belonging to Kenyan filmmakers while in police custody has ignited fresh concerns over press freedom and governmental overreach. Forensic analysis conducted by the Citizen Lab at th…GBHACKERS.COM
11 SepCisco Patches High-Severity IOS XR VulnerabilitiesHigh-severity flaws in IOS XR could lead to ISO image verification bypass and denial-of-service conditions. The post Cisco Patches High-Severity IOS XR Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepNokia CEO calls on EU to remove “high-risk vendors” - specifically China's Huawei and ZTE - from European networkssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://coincentral.com/nokia-ceo-pushes-eu-to-rethink-chinese-vendors cross-posted from: lemmy.sdf.org/post/42077068 Nokia CEO urges Europe to consider banning Huawei and ZTE amid over security reasons and a shrinki…INFOSEC.PUB
11 SepNokia CEO calls on EU to remove “high-risk vendors” - specifically China's Huawei and ZTE - from European networkssubmitted by Hotznplotzn to cybersecurity 1 points | 0 comments https://coincentral.com/nokia-ceo-pushes-eu-to-rethink-chinese-vendors cross-posted from: lemmy.sdf.org/post/42077068 Nokia CEO urges Europe to consider banning Huawei and ZTE amid over security reasons and a shrinki…SH.ITJUST.WORKS
11 SepWebinar Today: Breaking AI – Inside the Art of LLM Pen TestingJoin the webinar as we reveal a new model for AI pen testing – one grounded in social engineering, behavioral manipulation, and even therapeutic dialogue. The post Webinar Today: Breaking AI – Inside the Art of LLM Pen Testing appeared first on SecurityWeek .SECURITYWEEK.COM
11 SepTop 10 Best Penetration Testing as a Service (PTaaS) Companies in 2025Penetration Testing as a Service (PTaaS) is a modern approach to offensive security that combines the best of human-led penetration testing with the efficiency of an automated platform. Unlike traditional, project-based penetration tests, a PTaaS model provides continuous, on-dem…GBHACKERS.COM
11 SepThis Is Why You Can’t Trust AI Numbers 😱AI might sound smart, but even the best models can hallucinate. In this short, cybersecurity experts break down why large language models sometimes invent numbers and why that matters for businesses handling sensitive data. From revenue reports to critical security logs, trusting…YOUTUBE.COM
11 SepMalicious npm Code Reached 10% of Cloud Environmentssubmitted by kid to cybersecurity 3 points | 0 comments https://www.infosecurity-magazine.com/news/malicious-npm-code-10-cloud/SH.ITJUST.WORKS
11 SepDDoS Mitigation Provider targeted In 1.5 Gpps 1.5 Billion Packets per Second DDoS Attacksubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/1-5-gpps-ddos-attack/SH.ITJUST.WORKS
11 SepEuropean crypto platform SwissBorg to reimburse users after $41 million theftsubmitted by kid to cybersecurity 1 points | 0 comments https://therecord.media/swissborg-platform-solana-cryptocurrency-stolenSH.ITJUST.WORKS
11 SepWhy Cybersecurity Needs to Go Where the People Are 👣At Netflix, Julia Knecht shares how their security teams live by one principle: go where the people are. Instead of forcing employees to come to security, they embed security into everyday workflows, making protection seamless and intentional. This approach shows why modern cyber…YOUTUBE.COM
11 SepPayPal Scam From PayPalOne of the most common human risk management recommendations is for users to hover over URL links of unexpected messages to see if the involved DNS domain is legitimate or not for the sending company involved.KNOWBE4.COM
11 SepPhishing Campaign Abuses iCloud Calendar InvitesAttackers are abusing iCloud Calendar invites to send phishing messages that pose as PayPal notifications, BleepingComputer reports. Since the messages are sent from Apple’s infrastructure, they’re more likely to bypass security filters.KNOWBE4.COM
11 SepDancing Pigs or Secure Code? You DecideIn this short clip, Neil Carpenter challenges one of cybersecurity’s oldest jokes: that developers will always pick “dancing pigs” over security. Instead of blaming developers, he argues the real issue is how security teams communicate risk—either giving too little intelligence o…YOUTUBE.COM
11 SepModern Smartphones Vulnerable to Silent ‘ChoiceJacking’ USB Attackssubmitted by Pro to cybersecurity 1 points | 0 comments https://cyberinsider.com/modern-smartphones-vulnerable-to-silent-choicejacking-usb-attacks/ cross-posted from: programming.dev/post/37265353SH.ITJUST.WORKS
11 SepTop 10 Best Mobile Application Penetration Testing Services in 2025Mobile Application Penetration Testing is a critical cybersecurity service in 2025, focusing on a unique and rapidly evolving attack surface. These tests go beyond static code analysis to assess an app’s runtime behavior, server-side interactions, and how it handles sensiti…GBHACKERS.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
11 SepFrance says Apple notified victims of new spyware attacksThe French government says Apple sent out threat notifications to customers alerting them to spyware attacks earlier in September.TECHCRUNCH.COM
11 SepApple warns customers targeted in recent spyware attacksApple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR). [...]BLEEPINGCOMPUTER.COM
11 SepApple’s latest iPhone security feature just made life more difficult for spyware makersBuried in an ocean of flashy novelties announced by Apple this week, the tech giant also revealed new security technology for its latest iPhone 17 and iPhone Air devices. This new security technology was made specifically to fight against surveillance vendors and the types of vul…TECHCRUNCH.COM
11 SepEvilAI Operators Use AI-Generated Code and Fake Apps for Far-Reaching AttacksCombining AI-generated code and social engineering, EvilAI operators are executing a rapidly expanding campaign, disguising their malware as legitimate applications to bypass security, steal credentials, and persistently compromise organizations worldwide.TRENDMICRO.COM
📡 INFOSEC NEWS 7[−]
11 SepKids in the UK are hacking their own schools for dares and notorietyKids are making a mark in the U.K.'s cybersecurity arena, and not in the way their parents want them to.TECHCRUNCH.COM
11 SepCybersecurity and privacy in LLM-powered AI browsers | Kaspersky official blogWe break down the pros, cons, and risks of browsers with built-in AI agentsKASPERSKY.COM
11 SepNew VMScape attack breaks guest-host isolation on AMD, Intel CPUsA new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. [...]BLEEPINGCOMPUTER.COM
11 SepGoogle Pixel 10 Adds C2PA Support to Verify AI-Generated Media AuthenticityGoogle on Tuesday announced that its new Google Pixel 10 phones support the Coalition for Content Provenance and Authenticity (C2PA) standard out of the box to verify the origin and history of digital content. To that end, support for C2PA's Content Credentials has been added to …THEHACKERNEWS.COM
11 SepMicrosoft adds malicious link warnings to Teams private chatsMicrosoft Teams will automatically alert users when they send or receive a private message containing links that are tagged as malicious. [...]BLEEPINGCOMPUTER.COM
11 SepMicrosoft investigates Exchange Online outage in North AmericaMicrosoft is working to resolve an ongoing Exchange Online outage affecting customers throughout North America, blocking their access to emails. [...]BLEEPINGCOMPUTER.COM
11 SepAre cybercriminals hacking your systems – or just logging in?As bad actors often simply waltz through companies’ digital front doors with a key, here’s how to keep your own door firmly locked tightWELIVESECURITY.COM