MATLOCK.CA
87Articles
10Categories
2025-09-23Date
🚨
CISA Releases Advisory on Lessons Learned from an Incident Response EngagementToday, CISA released a cybersecurity advisory detailing lessons learned from an incident response engagement following the detection of potential malicious activity identified through security alerts generated by the agency’s endpoint detection and response tool.  This advis…
KEVCISA.GOV — Tue, 23 Sep 25 1
🚨
CISA Adds One Known Exploited Vulnerability to CatalogCISA has added one new vulnerability to its  Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-10585 Google Chromium V8 Type Confusion Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber ac…
KEVCISA.GOV — Tue, 23 Sep 25 1
🐛
Libraesva ESG Vulnerability Allows Attackers to Execute Malicious Commands
GBHACKERS.COM — 23 Sep 2025
🐛
SolarWinds Web Help Desk Vulnerability Enables Privilege Escalation
GBHACKERS.COM — 23 Sep 2025
🐛
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
THEHACKERNEWS.COM — 23 Sep 2025
🐛
SolarWinds Makes Third Attempt at Patching Exploited Vulnerability
SECURITYWEEK.COM — 23 Sep 2025
🐛
BYOVD to the next level (part 1) — exploiting a vulnerable driver (CVE-2025-8061)
QUARKSLAB.COM — 2025-09-23
🐛
SolarWinds fixes Web Help Desk patch bypass for actively exploited flaw — again
KEVCSOONLINE.COM — 23 Sep 2025
⚠️
Threat Actors with Fake Job Lures Attacking Job Seekers to Deploy Advanced Malware
GBHACKERS.COM — 23 Sep 2025
⚠️
Hackers Exploit GitHub Notifications to Launch Phishing Attacks
GBHACKERS.COM — 23 Sep 2025
⚠️
Hackers Using SVG Files to Deliver Malicious Payloads
GBHACKERS.COM — 23 Sep 2025
⚠️
6 novel ways to use AI in cybersecurity
CSOONLINE.COM — 23 Sep 2025
⚠️
The CISO’s guide to rolling out generative AI at scale
CSOONLINE.COM — 23 Sep 2025
⚠️
Lectora Desktop and Online XSS Vulnerability Enables JavaScript Injection
GBHACKERS.COM — 23 Sep 2025
⚠️
GitHub Introduces npm Security with Stronger Authentication and Trusted Publishing
GBHACKERS.COM — 23 Sep 2025
⚠️
Apple’s New Memory Integrity Enforcement
SCHNEIER.COM — 2025-09-23
⚠️
Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited
SECURITYWEEK.COM — 23 Sep 2025
⚠️
Automaker giant Stellantis confirms data breach after Salesforce hack
SH.ITJUST.WORKS — 23 Sep 2025
⚠️
ShadowV2 turns DDoS into a cloud-native subscription service
KEVCSOONLINE.COM — 23 Sep 2025
⚠️
Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation
THEHACKERNEWS.COM — 23 Sep 2025
⚠️
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
THEHACKERNEWS.COM — 23 Sep 2025
⚠️
SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist
GBHACKERS.COM — 23 Sep 2025
⚠️
SolarWinds releases third patch to fix Web Help Desk RCE bug
BLEEPINGCOMPUTER.COM — 23 Sep 2025
⚠️
Police dismantles crypto fraud ring linked to €100 million in losses
BLEEPINGCOMPUTER.COM — 23 Sep 2025
⚠️
CISA says hackers breached federal agency using GeoServer exploit
BLEEPINGCOMPUTER.COM — 23 Sep 2025
⚠️
CISA Releases Six Industrial Control Systems Advisories
CISA.GOV — Tue, 23 Sep 25 1
⚠️
News alert: SpyCloud report finds security teams overconfident as identity exposures fuel ransomware
LASTWATCHDOG.COM — 23 Sep 2025
⚠️
Libraesva ESG issues emergency fix for bug exploited by state hackers
BLEEPINGCOMPUTER.COM — 23 Sep 2025
⚠️
Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack
SECURITYWEEK.COM — 23 Sep 2025
⚠️
Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries
THEHACKERNEWS.COM — 23 Sep 2025
⚠️
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security
THEHACKERNEWS.COM — 23 Sep 2025
⚠️
Widespread Supply Chain Compromise Impacting npm Ecosystem
CISA.GOV — Tue, 23 Sep 25 1
⚠️
Boyd Gaming discloses data breach after suffering a cyberattack
BLEEPINGCOMPUTER.COM — 23 Sep 2025
⚠️
HIBP Demo: Querying the API, and the Free Test Key!
TROYHUNT.COM — 23 Sep 2025
⚠️
A Vulnerability in SolarWinds Web Help Desk Could Allow for Remote Code Execution
CISECURITY.ORG — 23 Sep 2025
📋
SonicWall releases SMA100 firmware update to wipe rootkit malware
BLEEPINGCOMPUTER.COM — 23 Sep 2025
📢
Microsoft Publishes Guide for Certificate-Based Authentication in Windows Admin Center
GBHACKERS.COM — 23 Sep 2025
📢
SonicWall security advisory (AV25-612)
CYBER.GC.CA — 2025-09-23
📢
SolarWinds security advisory (AV25-613)
CYBER.GC.CA — 2025-09-23
📢
Microsoft Purview delivered 30% reduction in data breach likelihood
MICROSOFT.COM — 23 Sep 2025
📢
Citrix security advisory (AV25-614)
CYBER.GC.CA — 2025-09-23
📢
CISA Announces Steve Casapulla as Executive Assistant Director for Infrastructure Security
CISA.GOV — Tue, 23 Sep 25 1
🔥
European Airport Operations Disrupted by Ransomware
GBHACKERS.COM — 23 Sep 2025
🔥
Automotive Titan Stellantis Discloses Data Breach
SECURITYWEEK.COM — 23 Sep 2025
🔥
NPM package caught using QR Code to fetch cookie-stealing malware
BLEEPINGCOMPUTER.COM — 23 Sep 2025
🔥
Beware of Fake Online Speedtest Apps with Hidden JavaScript Code
GBHACKERS.COM — 23 Sep 2025
🔥
Zloader Malware Used as Gateway for Ransomware Deployment in Corporate Networks
GBHACKERS.COM — 23 Sep 2025
🔥
New npm Malware Steals Browser Passwords via Steganographic QR Code
GBHACKERS.COM — 23 Sep 2025
🔥
GitHub tightens npm security with mandatory 2FA, access tokens
BLEEPINGCOMPUTER.COM — 23 Sep 2025
🔥
Humber NHS board apologises for NRS Healthcare data breach
SH.ITJUST.WORKS — 23 Sep 2025
🔥
Threat Actors Breach Enterprise Infrastructure Within 18 Minutes of Initial Access
GBHACKERS.COM — 23 Sep 2025
🔥
European airports still dealing with disruptions days after ransomware attack
TECHCRUNCH.COM — 23 Sep 2025
🔥
Jaguar Land Rover to pause production until next week – at least
TECHCRUNCH.COM — 23 Sep 2025
🔥
Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack
SECURITYWEEK.COM — 23 Sep 2025
🕵️
ISC Stormcast For Tuesday, September 23rd, 2025 https://isc.sans.edu/podcastdetail/9624, (Tue, Sep 23rd)
ISC.SANS.EDU — 23 Sep 2025
🕵️
Windows 11 24H2 KB5064081 Update Causes Video Playback Issues
GBHACKERS.COM — 23 Sep 2025
🕵️
Nimbus Manticore Targets Defense and Telecom Industries with New Malware Attack
GBHACKERS.COM — 23 Sep 2025
🕵️
Massive 22.2 Tbps DDoS Attack Sets New World Record
GBHACKERS.COM — 23 Sep 2025
🕵️
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells
THEHACKERNEWS.COM — 23 Sep 2025
🕵️
Scattered Spider Suspect Arrested in US
SECURITYWEEK.COM — 23 Sep 2025
🕵️
Russia Leveraging Cyber-Attacks as a Strategic Weapon Against Key Industries in Major Nations
GBHACKERS.COM — 23 Sep 2025
🕵️
Hackers Abuse IMDS Service for Cloud Initial Access
GBHACKERS.COM — 23 Sep 2025
🕵️
ShadowV2 DDoS Service Lets Customers Self-Manage Attacks
SECURITYWEEK.COM — 23 Sep 2025
🕵️
All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher
SECURITYWEEK.COM — 23 Sep 2025
🕵️
Nightgridcybersecurity.
SH.ITJUST.WORKS — 23 Sep 2025
🕵️
Unit 221B Raises $5 Million for Threat Intel Aiding Hacker Arrests
SECURITYWEEK.COM — 23 Sep 2025
🕵️
Hackers Hijacking IIS Servers Using Malicious BadIIS Module to Serve Malicious Content
GBHACKERS.COM — 23 Sep 2025
🕵️
Malicious GitHub pages lure MacOS users into installing Atomic infostealer - Help Net Security
SH.ITJUST.WORKS — 23 Sep 2025
🕵️
U.S. Secret Service Shuts Down 300 SIM Servers and 100K SIM Cards Disabling Cell Towers
GBHACKERS.COM — 23 Sep 2025
🕵️
AsyncRAT spread through malicious SVG files imitating web portals
SH.ITJUST.WORKS — 23 Sep 2025
🕵️
Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349
YOUTUBE.COM — 2025-09-23
🕵️
New EDR-Freeze tool uses Windows WER to suspend security software
SH.ITJUST.WORKS — 23 Sep 2025
🕵️
22.2 Tbps DDoS Attack Breaks Internet With New World Record
SH.ITJUST.WORKS — 23 Sep 2025
🕵️
Defy Security Appoints Esteemed Cybersecurity Leader Gary Warzala to Its Board of Directors
GBHACKERS.COM — 23 Sep 2025
🕵️
GitHub tightens npm security with mandatory 2FA, access tokens
SH.ITJUST.WORKS — 23 Sep 2025
🕵️
CyberheistNews Vol 15 #38 Why Does Protecting AI Agents Need To Be Status Quo?
KNOWBE4.COM — 23 Sep 2025
🕵️
Attackers Abuse Google’s AppSheet to Send Phishing Emails
KNOWBE4.COM — 23 Sep 2025
🕵️
Uhura, Collins, Nimbus Manticore, Sonic Wall, Async Rat, Solar Winds, Aaran Leyland.. - SWN #514
YOUTUBE.COM — 2025-09-23
🕵️
A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York
SECURITYWEEK.COM — 23 Sep 2025
🌐
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
THEHACKERNEWS.COM — 23 Sep 2025
🌐
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
TRENDMICRO.COM — 23 Sep 2025
🎙️
The AI Fix #69: How we really use ChatGPT, and will AI agents crash the economy?
GRAHAMCLULEY.COM — 23 Sep 2025
📡
[Guest Diary] Distracting the Analyst for Fun and Profit, (Tue, Sep 23rd)
ISC.SANS.EDU — 23 Sep 2025
📡
5 ways to streamline Identity Governance with this free tool
BLEEPINGCOMPUTER.COM — 23 Sep 2025
📡
Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack
BLEEPINGCOMPUTER.COM — 23 Sep 2025
📡
WhatsApp adds message translation to iPhone and Android apps
BLEEPINGCOMPUTER.COM — 23 Sep 2025
📡
U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN
THEHACKERNEWS.COM — 23 Sep 2025