🚨 CISA KEV 1[−]
17 Sep KEVMalicious Listener for Ivanti Endpoint Mobile Management SystemsMalware Analysis at a Glance Executive Summary The Cybersecurity and Infrastructure Security Agency (CISA) obtained two sets of malware from an organization compromised by cyber threat actors exploiting CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPM…CISA.GOV
🐛 COMMON VULNERABILITIES AND EXPOSURES 4[−]
17 SepLinux Kernel KSMBD Flaw Lets Remote Attackers Drain Server ResourcesA critical vulnerability in the Linux kernel’s KSMBD implementation has been discovered that allows remote attackers to completely exhaust server connection resources through a simple denial-of-service attack. The flaw, tracked as CVE-2025-38501 and dubbed “KSMBDrain,…GBHACKERS.COM
17 SepChaos Mesh Critical Vulnerabilities Expose Kubernetes Clusters to TakeoverSecurity Research recently uncovered four new flaws, CVE-2025-59358, CVE-2025-59359, CVE-2025-59360, and CVE-2025-59361, in the default configuration of the Chaos Controller Manager GraphQL server, a popular open-source chaos engineering platform for Kubernetes. Three of these fl…GBHACKERS.COM
17 SepApple Patches 0-Day Vulnerabilities in Older iPhones and iPadsApple has released critical security updates for older iPhone and iPad models, addressing a zero-day vulnerability that has reportedly been exploited in sophisticated targeted attacks. The iOS 16.7.12 and iPadOS 16.7.12 updates, released on September 15, 2025, patch a serious sec…GBHACKERS.COM
17 SepApple patches critical zero-day in ImageIO amid reports of targeted exploitsApple has rolled out two new updates to patch a zero-day vulnerability in the ImageIO framework, which may have already been exploited in attacks against specific individuals. The flaw, tracked as CVE-2025-43300, and addressed in iOS 16.7.12 and iPadOS 16.7.12, allows for memory …CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 17[−]
17 SepBitPixie Windows Boot Manager Flaw Lets Hackers Escalate PrivilegesA critical vulnerability nicknamed “BitPixie” in Windows Boot Manager allows attackers to bypass BitLocker drive encryption and escalate privileges, security researchers have revealed. The flaw exploits a weakness in the PXE soft reboot feature that fails to properly …GBHACKERS.COM
17 SepSupply Chain Attack “Shai-Halud” Targets 477 NPM PackagesA major supply chain attack dubbed “Shai-Halud” has impacted the JavaScript ecosystem by targeting over 477 NPM packages, raising serious concerns among developers and organizations relying on software from the Node Package Manager (NPM) registry. This incident reveal…GBHACKERS.COM
17 SepShai-Hulud Worm - A Self Propagating Supply Chain ThreatCybersecurity Worms, Steganography Attacks, Municipal Cyber Incidents and More... In this episode of Cybersecurity Today, host Jim Love delves into multiple cybersecurity threats affecting the tech landscape. He discusses the 'Shai Hulud' worm, which has infiltrated over 187 Java…CYBERSECURITYTODAY.LIBSYN.COM
17 SepNew FileFix Steganography Campaign Spreads StealC MalwareA sophisticated new campaign that represents the first documented real-world deployment of FileFix attacks beyond proof-of-concept demonstrations. This campaign marks a significant evolution in social engineering tactics, combining advanced steganographic techniques with multilay…GBHACKERS.COM
17 Sep5 steps for deploying agentic AI red teamingAs more enterprises deploy agentic AI applications, the potential attack surface increases in complexity and reach. As we wrote about this topic earlier , there are numerous ways to circumvent AI model guardrails, pollute an existing knowledge base that is used to train the model…CSOONLINE.COM
17 SepPureHVNC RAT Developers Exploit GitHub to Spread Pure Malware Source CodeThe developers behind the PureHVNC remote access trojan (RAT) have been uncovered using GitHub repositories to host critical components and plugin source code for their Pure malware family. Check Point Research’s recent forensic analysis of an eight-day ClickFix intrusion campaig…GBHACKERS.COM
17 SepAdtech Abused by Threat Actors to Spread Malicious AdvertisementsMalicious advertising campaigns have surged in sophistication, with cybercriminals exploiting and even operating adtech firms to deliver malware, credential stealers and phishing schemes directly through mainstream ad networks. A cluster of interconnected companies—run through sh…GBHACKERS.COM
17 SepKubernetes C# Client Flaw Exposes API Server to MiTM AttacksA recently disclosed vulnerability in the Kubernetes C# client library allows attackers to carry out man-in-the-middle (MiTM) attacks against the API server. The flaw stems from improper certificate validation when using custom certificate authorities (CAs). As organizations incr…GBHACKERS.COM
17 SepBoard Priority But Lack of Access & CISO Pressure, 360 Privacy and Pentera Interviews ... - BSW #413In the leadership and communications segment, Lack of board access: The No. 1 factor for CISO dissatisfaction, Pressure on CISOs to stay silent about security incidents growing, The Secret to Building a High-Performing Team, and more! Jackie McGuire sits down with Chuck Randolph,…YOUTUBE.COM
17 SepHackers Exploit AdaptixC2, an Emerging Open-Source C2 ToolIn early May 2025, Unit 42 researchers observed that AdaptixC2 was used to infect several systems. While many C2 frameworks garner public attention, AdaptixC2 has remained largely under the radar—until Unit 42 documented its deployment by real-world threat actors. This article ex…GBHACKERS.COM
17 SepHacking Electronic SafesVulnerabilities in electronic safes that use Securam Prologic locks: While both their techniques represent glaring security vulnerabilities, Omo says it’s the one that exploits a feature intended as a legitimate unlock method for locksmiths that’s the more widespread …SCHNEIER.COM
17 SepChina-Aligned TA415 Exploits Google Sheets & Calendar for C2China-aligned TA415 hackers have adopted Google Sheets and Google Calendar as covert command-and-control (C2) channels in a sustained espionage campaign targeting U.S. government, academic, and think tank entities. By blending malicious operations into trusted cloud services, TA4…GBHACKERS.COM
17 SepMicrosoft and Cloudflare execute ‘rugpull’ on massive phishing empireMicrosoft and Cloudflare executed a coordinated “rugpull” against one of the world’s most sophisticated phishing operations, seizing 338 websites and dismantling infrastructure that generated potentially hundreds of millions of malicious emails targeting business users globally. …CSOONLINE.COM
17 SepMicrosoft and Cloudflare disrupt massive RaccoonO365 phishing serviceMicrosoft and Cloudflare have disrupted a massive Phishing-as-a-Service (PhaaS) operation, known as RaccoonO365, that helped cybercriminals steal thousands of Microsoft 365 credentials. [...]BLEEPINGCOMPUTER.COM
17 SepCheck Point acquires Lakera to build a unified AI security stackCheck Point has signed an agreement to acquire Lakera, an AI-native security platform specializing in agentic AI applications. Expected to close in Q4 2025 for an undisclosed sum, the deal is expected to boost Check Point’s AI security stack, strengthening enterprise defenses as …CSOONLINE.COM
17 SepShinyHunters claims 1.5 billion Salesforce records stolen in Drift hacksThe ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies using compromised Salesloft Drift OAuth tokens. [...]BLEEPINGCOMPUTER.COM
17 SepIrregular raises $80 million to secure frontier AI modelsIrregular, the AI security startup, now has a valuation of $450 million, a source close to the deal told TechCrunch.TECHCRUNCH.COM
📋 SECURITY BULLETINS 1[−]
17 SepApple releases iOS 15.8.5 security update for 10-year old iPhone 6ssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://support.apple.com/en-us/125142INFOSEC.PUB
📢 SECURITY ADVISORIES 6[−]
17 SepDOJ Resentences BreachForums Founder to 3 Years for Cybercrime and Possession of CSAMThe U.S. Department of Justice (DoJ) on Tuesday resentenced the former administrator of BreachForums to three years in prison in connection with his role in running the cybercrime forum and possessing child sexual abuse material (CSAM). Conor Brian Fitzpatrick (aka Pompompurin), …THEHACKERNEWS.COM
17 SepChinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy ExpertsA China-aligned threat actor known as TA415 has been attributed to spear-phishing campaigns targeting the U.S. government, think tanks, and academic organizations utilizing U.S.-China economic-themed lures. "In this activity, the group masqueraded as the current Chair of the Sele…THEHACKERNEWS.COM
🔥 INCIDENT REPORTING 11[−]
17 SepWave of 40,000+ Cyberattacks Target API EnvironmentsThe cybersecurity landscape has witnessed a dramatic escalation in API-targeted attacks during the first half of 2025, with security researchers documenting over 40,000 API incidents across more than 4,000 monitored environments. This surge represents a fundamental shift in how c…GBHACKERS.COM
17 SepWorld’s Biggest Hacker Forum Admin Gets Resentenced to Serve Three More YearsConor Brian Fitzpatrick, the founder and operator of BreachForums, has been resentenced to three more years in prison after a federal appeals court vacated his earlier light sentence. Authorities say Fitzpatrick created and ran one of the world’s largest English-language hacker f…GBHACKERS.COM
17 SepScattered Spider Resurfaces With Financial Sector Attacks Despite Retirement ClaimsCybersecurity researchers have tied a fresh round of cyber attacks targeting financial services to the notorious cybercrime group known as Scattered Spider, casting doubt on their claims of going "dark." Threat intelligence firm ReliaQuest said it has observed indications that th…THEHACKERNEWS.COM
17 SepBreachForums Owner Sent to Prison in ResentencingConor Fitzpatrick, who pleaded guilty in July 2023, was sentenced last year to time served and supervised release. The post BreachForums Owner Sent to Prison in Resentencing appeared first on SecurityWeek .SECURITYWEEK.COM
17 SepGOLD SALEM’s Warlock operation joins busy ransomware landscapeThe emerging group demonstrates competent tradecraft using a familiar ransomware playbook and hints of ingenuitySOPHOS.COM
17 SepFounder of One of World’s Largest Hacker Forums(BreachForums) Resentenced to Three Years in Prisonsubmitted by Pro to cybersecurity 1 points | 0 comments https://www.justice.gov/opa/pr/founder-one-worlds-largest-hacker-forums-resentenced-three-years-prison cross-posted from: programming.dev/post/37577921SH.ITJUST.WORKS
17 SepHow LLMs can be compromised in 2025 | Kaspersky official blogA breakdown of new threats to large language models, based on Black Hat 2025 presentations and scientific research.KASPERSKY.COM
17 SepSonicWall warns customers to reset credentials after breachSonicWall warned customers today to reset credentials after their firewall configuration backup files were exposed in a security breach that impacted MySonicWall accounts. [...]BLEEPINGCOMPUTER.COM
17 SepJaguar Land Rover to pause production for third week due to cyberattackThe company owned by Tata Motors is estimated to be losing millions of pounds a week due to the shutdown.TECHCRUNCH.COM
17 SepVC giant Insight Partners warns thousands after ransomware breachNew York-based venture capital and private equity firm Insight Partners is notifying thousands of individuals whose personal information was stolen in a ransomware attack. [...]BLEEPINGCOMPUTER.COM
17 SepRisky Business #807 -- Shai-Hulud npm worm wreaks old-school havocOn this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including: Shai-Hulud worm propagates via npm and steals credentials Jaguar Land Rover attack may put smaller suppliers out of business Leaked data emerges from the vendor behind the Great Fi…RISKY.BIZ
🕵️ THREAT INTELLIGENCE 24[−]
17 SepISC Stormcast For Wednesday, September 17th, 2025 https://isc.sans.edu/podcastdetail/9616, (Wed, Sep 17th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
17 SepPython-Based “XillenStealer” Campaign Targets Windows Users’ Sensitive DataA sophisticated Python-based information stealer named XillenStealer has emerged as a significant threat to Windows users, designed to harvest sensitive system data, browser credentials, and cryptocurrency wallet information. XillenStealer operates through a comprehensive builder…GBHACKERS.COM
17 SepRaccoonO365 Phishing Service Disrupted, Leader IdentifiedMicrosoft and Cloudflare have teamed up to take down the infrastructure used by RaccoonO365. The post RaccoonO365 Phishing Service Disrupted, Leader Identified appeared first on SecurityWeek .SECURITYWEEK.COM
17 SepShai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages HitThe packages were injected with malicious code to harvest secrets, dump them to a public repository, and make private repositories public. The post Shai-Hulud Supply Chain Attack: Worm Used to Steal Secrets, 180+ NPM Packages Hit appeared first on SecurityWeek .SECURITYWEEK.COM
17 SepMicrosoft Takes Down 300+ Websites Behind RaccoonO365 Phishing SchemeMicrosoft’s Digital Crimes Unit (DCU) has seized control of 338 websites facilitating RaccoonO365, the rapidly expanding phishing-as-a-service platform that enables anyone to harvest Microsoft 365 credentials. Acting under a court order from the Southern District of New York, the…GBHACKERS.COM
17 SepPalo Alto Networks and Microsoft Featured in MITRE ATT&CK Evaluations 2026Two cybersecurity industry leaders have made significant announcements regarding their participation in the upcoming MITRE ATT&CK Evaluations, marking a notable shift in how major security vendors approach independent testing validation. Diagram illustrating core features of …GBHACKERS.COM
17 SepGoogle Play Flooded With 224 Malicious Apps, 38 Million Downloads Deliver MalwareA global ad fraud and click fraud operation, dubbed SlopAds, comprising 224 Android apps that collectively amassed more than 38 million downloads across 228 countries and territories. Under the guise of AI-themed utilities, these apps employ advanced obfuscation techniques—such a…GBHACKERS.COM
17 SepDecade-Old Pixie Dust Wi-Fi Hack Still Impacts Many DevicesNetRise has identified 20 device models from six vendors that are still vulnerable to Pixie Dust attacks. The post Decade-Old Pixie Dust Wi-Fi Hack Still Impacts Many Devices appeared first on SecurityWeek .SECURITYWEEK.COM
17 SepSecuring the Future of AIDiscover how Palo Alto Networks Prisma AIRS provides end-to-end AI security, protecting models, agents, apps and data across the entire AI lifecycle. The post Securing the Future of AI appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
17 SepScalekit Raises $5.5 Million to Secure AI Agent AuthenticationThe startup provides an authentication stack that secures both incoming authentication and outgoing agent actions. The post Scalekit Raises $5.5 Million to Secure AI Agent Authentication appeared first on SecurityWeek .SECURITYWEEK.COM
17 SepHackerangriff auf HEM expertVon dem Cyberangriff auf den Elektrohändler HEM expert sind alle zehn Filialen betroffen. HEM expert Mössingen HEM expert hat kürzlich ein Rundschreiben an seine Kunden verschickt, in dem über einen Cyberangriff informiert wird. Wie das Unternehmen gegenüber CSO bestätigt, betraf…CSOONLINE.COM
17 SepNew Magecart Attack Injects Malicious JavaScript to Steal Payment DataA new Magecart-style campaign has emerged that leverages malicious JavaScript injections to skim payment data from online checkout forms. The threat surfaced after security researcher sdcyberresearch posted a cryptic tweet hinting at an active campaign hosted on cc-analytics[.]co…GBHACKERS.COM
17 SepDetails Emerge on Chinese Hacking Operation Impersonating US LawmakerThe campaign targeted US government, think tank, and academic entities involved in US-China relations, international trade, and economic policy. The post Details Emerge on Chinese Hacking Operation Impersonating US Lawmaker appeared first on SecurityWeek .SECURITYWEEK.COM
17 SepBeaverTail Malware Delivered Through Malicious Repositories Targets RetailersTech Note – BeaverTail variant distributed via malicious repositories and ClickFix lure17 September 2025 – Oliver Smith, GitLab Threat Intelligence We have identified infrastructure distributing BeaverTail and InvisibleFerret malware since at least May 2025, operated by North Kor…GBHACKERS.COM
17 SepMicrosoft OneDrive Auto-Sync Flaw Leaks Enterprise Secrets from SharePoint OnlineA new report from Entro Labs reveals that one in five exposed secrets in large organizations can be traced back to SharePoint. Rather than a flaw in SharePoint itself, the real culprit is a simple convenience feature: OneDrive’s default auto-sync. When OneDrive silently backs up …GBHACKERS.COM
17 SepRegScale Raises $30 Million for GRC PlatformRegScale has raised a total of more than $50 million, with the latest investment being used to enhance its platform and expand. The post RegScale Raises $30 Million for GRC Platform appeared first on SecurityWeek .SECURITYWEEK.COM
17 SepMuddyWater Deploys Custom Multi-Stage Malware Hidden Behind CloudflareSince early 2025, cybersecurity analysts have witnessed a marked evolution in the tactics and tooling of MuddyWater, the Iranian state-sponsored Advanced Persistent Threat (APT) group. Historically known for broad Remote Monitoring and Management (RMM) campaigns, MuddyWater has p…GBHACKERS.COM
17 SepWhat are You Working on Wednesdaysubmitted by shellsharks to cybersecurity 2 points | 0 comments Weekly thread to discuss whatever you’re working on, big or small, at work or in your free time.INFOSEC.PUB
17 SepSatori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation - HUMAN Securitysubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-slopads-covers-fraud-with-layers-of-obfuscation/ HUMAN Security’s Satori team has uncovered “SlopAds,” a sophisticated ad fraud operation involving…INFOSEC.PUB
17 SepIrregular Raises $80 Million for AI Security Testing LabIrregular is testing the cybersecurity capabilities of AI models, including Anthropic’s Claude and OpenAI’s ChatGPT. The post Irregular Raises $80 Million for AI Security Testing Lab appeared first on SecurityWeek .SECURITYWEEK.COM
17 SepFrom ClickFix to MetaStealer: Dissecting Evolving Threat Actor TechniquesClickFix isn't just back—it's mutating. New variants use fake CAPTCHAs, File Explorer tricks & MSI lures to drop MetaStealer. Stay ahead with Huntress' Tradecraft Tuesday threat briefings. [...]BLEEPINGCOMPUTER.COM
17 SepVirtual Event Today: Attack Surface Management SummitSecurityWeek's Attack Surface Management Virtual Summit is now LIVE and runs today from 11AM – 4PM ET. The post Virtual Event Today: Attack Surface Management Summit appeared first on SecurityWeek .SECURITYWEEK.COM
17 SepNew in Syteca Release 7.21: Agentless Access, Sensitive Data Masking, and Smooth Session PlaybackSyteca, a global cybersecurity provider, introduced the latest release of its platform, continuing the mission to help organizations reduce insider risks and ensure sensitive data protection. Syteca 7.21 is a major update designed to enhance user privacy, simplify access manageme…GBHACKERS.COM
17 SepNews alert: Syteca release 7.21 enhances privacy, access and oversight with powerful new toolsWaltham, Mass. Sept. 17, 2025, CyberNewswire — Syteca , a global cybersecurity provider, introduced the latest release of its platform, continuing the mission to help organizations reduce insider risks and ensure sensitive data protection. Syteca 7.21 is a major update … (m…LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
17 SepCTRL-Z DLL Hooking, (Wed, Sep 17th)When you're debugging a malware sample, you probably run it into a debugger and define some breakpoints. The idea is to take over the program control before it will perform “interesting†actions. Usually, we set breakpoints on memory man…ISC.SANS.EDU
17 SepFrom mischief to malware: ICO warns schools about student hackersRecent research released by the ICO say that school pupils should be considered as an "insider threat" by schools. Read more in my article on the Fortra blog.FORTRA.COM
🎙️ PODCASTS 1[−]
17 SepSmashing Security podcast #435: Lights! Camera! Hacktion!When "bad actors" stop being hackers and start being... actual actors. This week, Graham and special guest Jenny Radcliffe play “Hacker or Ham?” (yes, Steven Seagal, we’re looking at you), before diving into a campaign which saw an Iranian gang luring Israeli performers with fake…GRAHAMCLULEY.COM
📡 INFOSEC NEWS 4[−]
17 SepRaccoonO365 Phishing Network Shut Down After Microsoft and Cloudflare Disrupt 338 DomainsMicrosoft's Digital Crimes Unit said it teamed up with Cloudflare to coordinate the seizure of 338 domains used by RaccoonO365, a financially motivated threat group that was behind a phishing-as-a-service (Phaas) toolkit used to steal more than 5,000 Microsoft 365 credentials fro…THEHACKERNEWS.COM
17 SepRethinking AI Data Security: A Buyer's GuideGenerative AI has gone from a curiosity to a cornerstone of enterprise productivity in just a few short years. From copilots embedded in office suites to dedicated large language model (LLM) platforms, employees now rely on these tools to code, analyze, draft, and decide. But for…THEHACKERNEWS.COM
17 SepFrom Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber ResilienceQuantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than ever before. But, imagine the flip side, waking up to news that hackers have used a quantum computer to crack your comp…THEHACKERNEWS.COM
17 SepMicrosoft: Office 2016 and Office 2019 reach end of support next monthMicrosoft reminded customers again this week that Office 2016 and Office 2019 will reach the end of extended support in less than 30 days, on October 14, 2025. [...]BLEEPINGCOMPUTER.COM