🐛 COMMON VULNERABILITIES AND EXPOSURES 5[−]
26 SepCritical Cisco Flaw Lets Remote Attackers Execute Code on Firewalls and RoutersCisco published Security Advisory cisco-sa-http-code-exec-WmfP3h3O revealing a severe flaw in multiple Cisco platforms that handle HTTP-based management. Tracked as CVE-2025-20363, this vulnerability stems from improper validation of user-supplied input in HTTP requests. CVE Affe…GBHACKERS.COM
26 SepRecent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-DayEight days before patches, a threat actor exploited CVE-2025-10035 as a zero-day to create a backdoor admin account. The post Recent Fortra GoAnywhere MFT Vulnerability Exploited as Zero-Day appeared first on SecurityWeek .SECURITYWEEK.COM
26 Sep KEVCisco ASA 0-Day RCE Flaw Actively Exploited in the WildA critical zero-day vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software is being actively exploited in the wild. Tracked as CVE-2025-20333, this remote code execution flaw allows an authenticate…GBHACKERS.COM
26 SepApache Airflow Vulnerability Lets Read-Only Users Access Sensitive DataApache Airflow maintainers have disclosed a serious security issue, tracked as CVE-2025-54831, that allows users holding only read permissions to view sensitive connection details via both the Airflow API and web interface. The vulnerability, present in Airflow version 3.0.3, und…GBHACKERS.COM
26 SepMaximum severity GoAnywhere MFT flaw exploited as zero dayHackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT that allows injecting commands remotely without authentication. [...]BLEEPINGCOMPUTER.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
26 Sep KEVCisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Softwaresubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/09/cisco-warns-of-actively-exploited-snmp.htmlSH.ITJUST.WORKS
26 SepSalesforce AI Agent Vulnerability Lets Attackers Steal Sensitive DataCybersecurity researchers at Noma Labs have discovered a critical vulnerability in Salesforce’s Agentforce AI platform that could allow attackers to steal sensitive customer data through sophisticated prompt injection techniques. The vulnerability, dubbed “ForcedLeak,…GBHACKERS.COM
26 SepCisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER MalwareThe U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. "The Ray…THEHACKERNEWS.COM
26 SepThe Gravity of Process: Why New Tech Never Fixes Broken Process and Can AI Change It?Let’s tackle the age old question: can new technology fix broken or missing processes? And then let’s add: does AI and AI agents change the answer you would give? Gemini illustration based on this blog This is the question which I recently debated with some friends, with a few AI…MEDIUM.COM
26 SepAI Shadow Leak Avoids DetectionCybersecurity Today: Shadow Leak, SIM Farm Shutdown, Cisco Zero-Day, FBI Warning & Android Advanced Protection In this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity issues. Key topics include the discovery of the 'Shadow Leak' vulnerability i…CYBERSECURITYTODAY.LIBSYN.COM
26 SepSpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots PersistSpyCloud , the leader in identity threat protection, today released the 2025 SpyCloud Identity Threat Report , revealing that while 86% of security leaders report confidence in their ability to prevent identity-based attacks, 85% of organizations were affected by a ransomware inc…CSOONLINE.COM
26 SepCisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor AttacksLeading to remote code execution and privilege escalation, the flaws were exploited on Cisco ASA 5500-X series devices that lack secure boot. The post Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
26 SepQantas cutting CEO pay signals new era of cyber accountabilityIn early September, the board of Australia-based Qantas Airways voted to penalize CEO Vanessa Hudson and other top executives for a June 30 cyber incident that exposed the personally identifiable information of nearly 6 million passengers , deducting A$800,000 (US$522,000) from t…CSOONLINE.COM
26 SepHackers Exploit Cisco ASA 0-Day to Deploy RayInitiator and LINE VIPER MalwareSecurity teams worldwide have been warned after attackers began exploiting a newly discovered zero-day vulnerability in Cisco Adaptive Security Appliance (ASA) 5500-X Series firewalls. The breach allows hackers to deploy sophisticated malware, dubbed RayInitiator and…GBHACKERS.COM
26 SepUnveiling LummaStealer’s Technical Details Through ML-Based Detection ApproachIn early 2025, LummaStealer was in widespread use by cybercriminals targeting victims throughout the world in multiple industry verticals, including telecom, healthcare, banking, and marketing. A sweeping law enforcement operation in May brought this all to an abrupt halt. After …GBHACKERS.COM
26 SepFortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public DisclosureCybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclose…THEHACKERNEWS.COM
26 SepResearchers Map Links Between Major Hacker Groups: LAPSUS$, Scattered Spider, ShinyHuntersA loosely connected cybercrime supergroup is exploiting social engineering to compromise Fortune 100 organizations and government agencies. LAPSUS$, Scattered Spider, and ShinyHunters—three of the most notorious English-speaking cybercrime groups—have increasingly blurred their l…GBHACKERS.COM
26 SepNew Botnet ‘Loader-as-a-Service’ Turns Home Routers and IoT into Mirai FarmsCloudSEK has uncovered a sophisticated Loader-as-a-Service botnet campaign spanning the last six months, leveraging exposed command-and-control logs to orchestrate attacks against SOHO routers, embedded Linux devices, and enterprise applications. The threat actors exploit unsanit…GBHACKERS.COM
26 SepDigital Threat Modeling Under AuthoritarianismToday’s world requires us to make complex and nuanced decisions about our digital security. Evaluating when to use a secure messaging app like Signal or WhatsApp, which passwords to store on your smartphone, or what to share on social media requires us to assess risks and m…SCHNEIER.COM
26 SepOkta introduces Identity Security Fabric to secure AI agentsIdentity management vendor Okta Thursday launched an “Identity Security Fabric” designed to secure AI agents and replace the patchwork of point security solutions that enterprises currently use to manage users, applications, and AI systems. “As part of the fabric, organizations w…CSOONLINE.COM
26 SepTrust on MCP takes first in-the-wild hit via squatted Postmark connectorIn a newly disclosed supply-chain attack, an npm package “postmark-mcp” was weaponized to stealthily exfiltrate emails, marking the first reported in-the-wild abuse of user trust and insufficient guardrails around the much-buzzed AI connector protocol, MCP . The malicious package…CSOONLINE.COM
26 SepTrust in MCP takes first in-the-wild hit via squatted Postmark connectorIn a newly disclosed supply-chain attack, an npm package “postmark-mcp” was weaponized to stealthily exfiltrate emails, marking the first reported in-the-wild abuse of user trust and insufficient guardrails around the much-hyped AI connector protocol, MCP . The malicious package,…CSOONLINE.COM
26 SepIn Other News: LockBit 5.0, Department of War Cybersecurity Framework, OnePlus VulnerabilityOther noteworthy stories that might have slipped under the radar: Co-op lost £206 million due to cyberattack, South Korean credit card company hacked, Maryland Transit Administration ransomware attack. The post In Other News: LockBit 5.0, Department of War Cybersecurity Framework…SECURITYWEEK.COM
26 SepTruSources to show off its on-device identity-checking tech at TechCrunch Disrupt 2025Age verification laws are a privacy and security nightmare. This Battlefield startup performs age checks on-device, without users having to upload their IDs to the internet.TECHCRUNCH.COM
26 SepTop 10 Best AI Penetration Testing Companies in 2025In 2025, AI penetration testing tools have become the backbone of modern cybersecurity strategies, offering automation, intelligence-driven reconnaissance, and vulnerability analysis faster than traditional manual assessments. Businesses now demand AI-powered solutions to protect…GBHACKERS.COM
26 SepNews alert: Living Security unveils HRMCon 2025 lineup amid 81% human cyber risk visibility gapAustin, Texas, Sept. 25, 2025, CyberNewswire — Living Security, a global leader in Human Risk Management (HRM), today announced the full speaker lineup for the Human Risk Management Conference (HRMCon 2025) , taking place October 20, 2025, at Austin’s Q2 … (more…) The post …LASTWATCHDOG.COM
26 SepMeet LockBit 5.0: Faster ESXi drive encryption, better at evading detectionThe LockBit gang has released a new version of its ransomware with improved ESXi drive encryption speed. However, a security researcher who has talked to senior gang members in the past says LockBit 5.0 is more “fine tuning some basic features … and a lot of propaganda” than a ma…CSOONLINE.COM
📢 SECURITY ADVISORIES 6[−]
26 SepCrash Tests for Security: Why BAS Is Proof of Defense, Not AssumptionsCar makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions. Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposur…THEHACKERNEWS.COM
26 SepUS investors to take over TikTok operations in the countryU.S. President Donald Trump has signed an executive order approving a plan to restructure TikTok operations in the country to address national security concerns. [...]BLEEPINGCOMPUTER.COM
🔥 INCIDENT REPORTING 12[−]
26 SepLockBit 5.0 Ransomware Targets Windows, Linux, and VMware ESXi SystemsCybersecurity researchers at Trend Micro have discovered a new and dangerous variant of LockBit ransomware that targets Windows, Linux, and VMware ESXi systems, utilizing advanced obfuscation techniques and sophisticated cross-platform capabilities. Advanced Multi-Platform Attack…GBHACKERS.COM
26 SepNew XCSSET Malware Variant Targets macOS App DevelopersCybersecurity researchers have discovered an advanced variant of the XCSSET malware specifically targeting macOS developers through infected Xcode projects, introducing sophisticated clipboard hijacking and enhanced data exfiltration capabilities. Microsoft Threat Intelligence ha…GBHACKERS.COM
26 SepCyberangriff: Britischer Co-op-Gruppe entgeht Millionengewinnsrcset="https://b2b-contenthub.com/wp-content/uploads/2025/09/shutterstock_2287538095.jpg?quality=50&strip=all 4000w, https://b2b-contenthub.com/wp-content/uploads/2025/09/shutterstock_2287538095.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
26 SepLAMEHUG: An LLM-Driven Malware for Dynamic Reconnaissance and Data ExfiltrationA novel AI-driven threat leverages LLMs on Hugging Face to execute adaptive reconnaissance and data exfiltration in real time. Rather than relying on static scripts or prewritten payloads, LAMEHUG dynamically queries a Qwen 2.5-Coder-32B-Instruct model via the Hugging Face API to…GBHACKERS.COM
26 SepHackers Breach Active Directory, Steal NTDS.dit for Full Domain CompromiseThreat actors recently infiltrated a corporate environment, dumped the AD database file NTDS.dit, and nearly achieved full domain control. AD acts as the backbone of Windows domains, storing account data, group policies, and password hashes. Compromise of its core file effectivel…GBHACKERS.COM
26 SepGenAI-Infrastruktur anfällig für Cyberattackensrcset="https://b2b-contenthub.com/wp-content/uploads/2025/09/shutterstock_2668474647.jpg?quality=50&strip=all 6000w, https://b2b-contenthub.com/wp-content/uploads/2025/09/shutterstock_2668474647.jpg?resize=300%2C168&quality=50&strip=all 300w, https://b2b-contenthub.c…CSOONLINE.COM
26 SepNorth Korea’s Fake Recruiters Feed Stolen Data to IT WorkersNorth Korean threat actors pose as recruiters to steal developers’ identities and supply them to fraudulent IT workers. The post North Korea’s Fake Recruiters Feed Stolen Data to IT Workers appeared first on SecurityWeek .SECURITYWEEK.COM
26 SepNew COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused CyberattacksThe Russian advanced persistent threat (APT) group known as COLDRIVER has been attributed to a fresh round of ClickFix-style attacks designed to deliver two new "lightweight" malware families tracked as BAITSWITCH and SIMPLEFIX. Zscaler ThreatLabz, which detected the new multi-st…THEHACKERNEWS.COM
26 SepMalicious MCP Server Discovered Stealing Sensitive Emails Using AI AgentsEnterprises everywhere are embracing MCP servers—tools that grant AI assistants “god-mode” permissions to send emails, run database queries, and automate tedious tasks. But no one ever stopped to ask: Who built these tools? Today, the first real-world malicious MCP server—postmar…GBHACKERS.COM
26 SepHacking Campaign Has Breached Cisco Devices in US Governmentsubmitted by cm0002 to cybersecurity 2 points | 0 comments https://www.bloomberg.com/news/articles/2025-09-26/hacking-campaign-has-breached-cisco-devices-in-us-government archive.ph/O2RmGINFOSEC.PUB
26 SepNew tool: convert-ts-bash-history.py, (Fri, Sep 26th)In SANS FOR577 &#;x26;#;x5b;1&#;x26;#;x5d;, we talk about timelines on day 5, both filesystem and super-timelines. but sometimes, I want something quick and dirty and rather than fire up plaso, just to create a timeline of .…ISC.SANS.EDU
26 SepRoblox executors: It’s all fun and games until someone gets hackedYou could be getting more than you bargained for when you download that cheat tool promising quick winsWELIVESECURITY.COM
🕵️ THREAT INTELLIGENCE 12[−]
26 SepBroadcom, LastPass, SEO Poisoning, QR codes, H1B visas, Distributed Computing... - PSW #893Broadcom, LastPass, Brickstone, SEO Poisoning, QR codes, H1B visas, Distributed Computing, and More... Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-893YOUTUBE.COM
26 SepISC Stormcast For Friday, September 26th, 2025 https://isc.sans.edu/podcastdetail/9630, (Fri, Sep 26th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
26 SepNew macOS XCSSET Variant Targets Firefox with Clipper and Persistence ModuleCybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. "This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms," the …THEHACKERNEWS.COM
26 SepNew XCSSET macOS Malware Variant Hijacks Cryptocurrency TransactionsThe malware now uses a four-stage infection chain, has an additional persistence mechanism, and also targets Firefox browser data. The post New XCSSET macOS Malware Variant Hijacks Cryptocurrency Transactions appeared first on SecurityWeek .SECURITYWEEK.COM
26 SepNo Patches for Vulnerabilities Allowing Cognex Industrial Camera HackingCognex is advising customers to transition to newer versions of its machine vision products. The post No Patches for Vulnerabilities Allowing Cognex Industrial Camera Hacking appeared first on SecurityWeek .SECURITYWEEK.COM
26 SepMalware Gangs Enlist Covert North Korean IT Workers in Corporate AttacksMalware operators aligned with North Korea have forged a sophisticated partnership with covert IT workers to target corporate organizations worldwide. This collaboration, detailed in a new white paper presented at Virus Bulletin 2025, sheds light on the intertwined operations of …GBHACKERS.COM
26 SepMicrosoft Reduces Israel’s Access to Cloud and AI Products Over Reports of Mass Surveillance in GazaMicrosoft said Thursday it had disabled services to a unit within the Israeli military after a company review had determined its artificial intelligence and cloud computing products were being used to help carry out mass surveillance of Palestinians. The action comes after The As…SECURITYWEEK.COM
26 SepInterpol Says 260 Suspects in Online Romance Scams Have Been Arrested in AfricaThe operation took place in July and August and focused on scams in which perpetrators build online romantic relationships to extract money from targets or blackmail them with explicit images, Interpol said. The post Interpol Says 260 Suspects in Online Romance Scams Have Been Ar…SECURITYWEEK.COM
26 SepThe Behavioral Science Behind the ClickWelcome back. In our last blog post , we talked about the great divide between tech-focused and people-focused security.KNOWBE4.COM
26 SepNews alert: Gcore Radar flags record-breaking DDoS surge — 41% spike in first half of 2025Luxembourg, Luxembourg, Sept. 25, 2025, CyberNewswire — Gcore , the global edge AI, cloud, network, and security solutions provider, today announced the findings of its Q1-Q2 2025 Radar report into DDoS attack trends. DDoS attacks have reached unprecedented scale and … (mor…LASTWATCHDOG.COM
26 SepRiker's Curse, River City, EDR-Freeze, MCP, WordPress, GitHub, Josh Marpet, and More. - SWN #515Riker's Curse, River City, EDR-Freeze, MCP, WordPress, GitHub, Josh Marpet, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-515YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 2[−]
26 SepResearchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and VietnamA new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner. "The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipie…THEHACKERNEWS.COM
26 SepHow scammers have mastered AI: deepfakes, fake websites, and phishing emails | Kaspersky official blogWe explore new trends in phishing and scams linked to artificial intelligence.KASPERSKY.COM
📡 INFOSEC NEWS 9[−]
26 SepThousands of Indian bank transfer records found onlineSecurity researchers found the exposed Indian bank transfer records and the data was eventually secured, but nobody wants to take responsibility for the security lapse.TECHCRUNCH.COM
26 SepHeartCrypt’s wholesale impersonation effortHow the notorious Packer-as-a-Service operation built itself into a hydraSOPHOS.COM
26 SepMicrosoft releases the final Windows 10 22H2 preview updateMicrosoft has released the final non-security preview update for Windows 10, version 22H2, which includes fixes for the out-of-box experience and SMBv1 protocol connectivity. [...]BLEEPINGCOMPUTER.COM
26 SepThe hidden cyber risks of deploying generative AIGenerative AI can boost productivity—but without safeguards, it also opens the door to phishing, fraud & model manipulation. Learn more from Acronis TRU on why AI security must be built in from the start. [...]BLEEPINGCOMPUTER.COM
26 SepCNAPP is the Solution to Multi-cloud FlexibilityCloud-native application protection platform (CNAPP) not only helps organizations protect, but offers the flexibility of multi-cloud.TRENDMICRO.COM
26 SepMicrosoft Edge to block malicious sideloaded extensionsMicrosoft is planning to introduce a new Edge security feature that will protect users against malicious extensions sideloaded into the web browser. [...]BLEEPINGCOMPUTER.COM
26 SepMicrosoft shares temp fix for Outlook encrypted email errorsMicrosoft is investigating a known issue that triggers Outlook errors when opening encrypted emails sent from other organizations. [...]BLEEPINGCOMPUTER.COM
26 SepMicrosoft’s new AI feature will organize your photos automaticallyMicrosoft has begun testing a new AI-powered feature in Microsoft Photos, designed to categorize photos automatically on Windows 11 systems. [...]BLEEPINGCOMPUTER.COM
26 SepCloud Security in the CNAPP Era: Eight Important TakeawaysEight takeaways on why Trend Vision One™ embodies the best of today’s CNAPP vision. Includes insights from 2025 Gartner® Market Guide for CNAPPTRENDMICRO.COM