🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
30 Sep KEVCISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix SystemsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation…THEHACKERNEWS.COM
30 SepVMware vCenter and NSX Flaws Allow Hackers to Enumerate UsernamesBroadcom released VMSA-2025-0016 to address three key vulnerabilities affecting VMware vCenter Server and NSX products. The vulnerabilities include an SMTP header injection in vCenter (CVE-2025-41250) and two distinct username enumeration flaws in NSX (CVE-2025-41251 and CVE-2025…GBHACKERS.COM
30 SepApple Font Parser Vulnerability Allowing Memory Corruption AttacksApple has released a security update for macOS Sequoia 15.7.1 to address a serious vulnerability in its font parser. The flaw, tracked as CVE-2025-43400, allows a maliciously crafted font file to trigger an out-of-bounds write. Exploitation could cause unexpected application cras…GBHACKERS.COM
30 SepVMware Tools and Aria 0-Day Under Active Exploitation for Privilege EscalationOrganizations using VMware hypervisors face an urgent threat as a local privilege escalation zero-day, tracked as CVE-2025-41244, is under active exploitation in the wild. Both VMware Tools and VMware Aria Operations’ Service Discovery Management Pack (SDMP) are affected, enablin…GBHACKERS.COM
30 SepResearchers Publish Technical Analysis of Linux Sudo Privilege EscalationA team of security researchers has released an in-depth technical report on CVE-2025-32463, a critical local privilege escalation flaw in the widely used Linux sudo utility. The vulnerability, which affects sudo versions 1.9.14 through 1.9.17, allows a local attacker with standar…GBHACKERS.COM
30 SepCISA Issues Alert on Active Exploitation of Linux and Unix Sudo FlawThe Cybersecurity and Infrastructure Security Agency (CISA) has released an urgent alert for system administrators and IT teams worldwide. Researchers have confirmed that attackers are actively exploiting a serious vulnerability in the sudo utility used on many Linux and Unix sys…GBHACKERS.COM
30 Sep KEVCISA Issues Alert on Actively Exploited Libraesva ESG Command Injection VulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting the active exploitation of a serious vulnerability in the Libraesva Email Security Gateway (ESG). Cataloged as CVE-2025-59689, this command injection vulnerability has em…GBHACKERS.COM
30 SepHackers Actively Probe Palo Alto PAN-OS GlobalProtect Vulnerability for ExploitationAn uptick in internet-wide scanning activity indicates that threat actors are actively probing for systems vulnerable to CVE-2024-3400, a critical GlobalProtect flaw in Palo Alto Networks PAN-OS. Security researchers at SANS ISC observed a single source IP address 141.98.82.…GBHACKERS.COM
30 SepCISA warns of critical Linux Sudo flaw exploited in attacksHackers are actively exploiting a critical vulnerability (CVE-2025-32463) in the sudo package that enables the execution of commands with root-level privileges on Linux operating systems. [...]BLEEPINGCOMPUTER.COM
30 Sep KEVUrgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8…THEHACKERNEWS.COM
⚠️ VULNERABILITY DISCLOSURE 24[−]
30 SepNotepad++ DLL Hijacking Vulnerability Let Attackers Execute Malicious Codesubmitted by cm0002 to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/notepad-hijacking-vulnerability/INFOSEC.PUB
30 SepTile exploit could let stalkers follow you with your own tracker — Bluetooth broadcasting flaw is relatively simple to exploit, researchers discoversubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.tomshardware.com/tech-industry/cyber-security/tile-exploit-could-let-stalkers-follow-you-with-your-own-tracker-researchers-uncover-broadcasting-flaw-via-bluetoothINFOSEC.PUB
30 SepKI-Gefahren rücken Integritätsschutz in den MittelpunktData Poisoning gefährdet die Integrität von KI-Modellen. pixadot.studio – shutterstock.com Für CISOs reduziert KI selten die Komplexität, sondern füllt vielmehr ihre ohnehin schon volle Agenda. Neben den traditionellen Sicherheitsprioritäten müssen sie sich nun auch mit neuen KI-…CSOONLINE.COM
30 SepVeeam RCE Exploit Allegedly Listed for Sale on Dark WebA new dark web marketplace listing has sparked alarm in the cybersecurity community after a seller using the handle “SebastianPereiro” purportedly advertised a remote code execution (RCE) exploit targeting Veeam Backup & Replication platforms. The alleged exploit,…GBHACKERS.COM
30 SepHow to restructure your security program to modernize defenseIn 2024, Marriott received a harsh wake-up call: a federal order to restructure its security program . The order from the U.S. Federal Trade Commission followed an investigation that uncovered a string of breaches dating back to 2014, incidents that exposed the personal informati…CSOONLINE.COM
30 SepOrganizations Warned of Exploited Sudo VulnerabilityThe vulnerability could allow local, low-privileged attackers to execute commands with root privileges, leading to full system compromise. The post Organizations Warned of Exploited Sudo Vulnerability appeared first on SecurityWeek .SECURITYWEEK.COM
30 SepU.K. Police Just Seized £5.5 Billion in Bitcoin — The World’s Largest Crypto BustA Chinese national has been convicted for her role in a fraudulent cryptocurrency scheme after law enforcement authorities in the U.K. confiscated £5.5 billion (about $7.39 billion) during a raid of her home in London. The cryptocurrency seizure, amounting to 61,000 Bitcoin, is b…THEHACKERNEWS.COM
30 SepThreat Actors Exploiting MS-SQL Servers to Deploy XiebroC2 FrameworkA surge in attacks targeting improperly managed MS-SQL servers, culminating in the deployment of the open-source XiebroC2 command-and-control (C2) framework. Similar in functionality to legitimate tools like Cobalt Strike, XiebroC2 offers capabilities for information gathering, r…GBHACKERS.COM
30 SepApple Updates iOS and macOS to Prevent Malicious Font AttacksThe vulnerability could lead to a denial-of-service condition or memory corruption when a malicious font is processed. The post Apple Updates iOS and macOS to Prevent Malicious Font Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
30 SepDetails of a ScamLongtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here’s an almost : Then he added, “Here at Chase, we’ll never ask for your personal information or passwords.” On the contrary, he gave me more information—…SCHNEIER.COM
30 SepWarning: Malicious AI Tools Being Distributed as Chrome Extensions by Threat ActorsCybercriminals are exploiting the growing popularity of artificial intelligence tools by distributing malicious Chrome browser extensions that masquerade as legitimate AI services. These fake extensions, mimicking popular AI platforms like ChatGPT, Claude, Perplexity, and Meta…GBHACKERS.COM
30 SepMondoo Raises $17.5 Million for Vulnerability Management PlatformMondoo has raised more than $32 million in total, with the latest funding round led by HV Capital. The post Mondoo Raises $17.5 Million for Vulnerability Management Platform appeared first on SecurityWeek .SECURITYWEEK.COM
30 SepBeer Maker Asahi Shuts Down Production Due to CyberattackJapanese beer and beverage giant Asahi Group Holdings has been forced to halt production at its domestic factories as a result of a cyberattack that struck on Monday. Asahi, known for its popular brands such as Asahi Super Dry Beer, Nikka Whisky, and Mitsuya Cider, has yet to res…GBHACKERS.COM
30 SepHackers Use Cellular Router API to Send Malicious SMS with Weaponized LinksThe monitoring and analysis of vulnerability exploitations are among the primary responsibilities of Sekoia.io’s Threat Detection & Research (TDR) team. Using honeypots, the team monitors traffic targeting edge devices and internet-facing applications. On 22 July 2025, suspic…GBHACKERS.COM
30 SepDatabricks enters the cybersecurity arena with an AI-driven platformDatabricks is trying to carve out a bigger role in cybersecurity for itself with the launch of “Data Intelligence for Cybersecurity,” a platform aimed at unifying fragmented security data and powering AI agents against automated attacks. The company says the tool integrates direc…CSOONLINE.COM
30 SepHackers Posing as Google Careers Recruiter to Steal Gmail Login DetailsAn emerging phishing campaign is targeting job seekers by masquerading as Google Careers recruiters, delivering seemingly legitimate emails that lead victims to malicious sites designed to harvest Gmail credentials. Security researchers have uncovered a sophisticated multi-stage …GBHACKERS.COM
30 SepResearchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud ExploitsCybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. "They made Gemini vulnerable to se…THEHACKERNEWS.COM
30 SepChinese hackers exploiting VMware zero-day since October 2024Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024. [...]BLEEPINGCOMPUTER.COM
30 SepCISA Releases Ten Industrial Control Systems AdvisoriesCISA released ten Industrial Control Systems (ICS) advisories on September 30, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-273-01 MegaSys Enterprises Telenium Online Web Application ICSA-2…CISA.GOV
30 SepUrgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024submitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.htmlSH.ITJUST.WORKS
30 Sep KEVNearly 50,000 Cisco firewalls vulnerable to actively exploited flawsRoughly 48,800 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers. [...]BLEEPINGCOMPUTER.COM
30 SepCritical WD My Cloud bug allows remote command injectionWestern Digital has released firmware updates for multiple My Cloud NAS models to patch a critical-severity vulnerability that could be exploited remotely to execute arbitrary system commands. [...]BLEEPINGCOMPUTER.COM
30 SepWestJet confirms recent breach exposed customers' passportsCanadian airline WestJet is informing customers that the cyberattack disclosed in June compromised their sensitive information, including passports and ID documents. [...]BLEEPINGCOMPUTER.COM
30 SepMultiple Vulnerabilities in VMware Aria Operations and VMware Tools Could Allow for Privilege EscalationMultiple vulnerabilities have been discovered in VMware Aria Operations and VMware Tools, the most severe of which could allow for privilege escalation to root. VMware Aria is a multi-cloud management platform that provides automation, operations, and cost management for applicat…CISECURITY.ORG
📋 SECURITY BULLETINS 1[−]
30 SepBroadcom fixes high-severity VMware NSX bugs reported by NSABroadcom has released security updates to patch two high-severity VMware NSX vulnerabilities reported by the U.S. National Security Agency (NSA). [...]BLEEPINGCOMPUTER.COM
📢 SECURITY ADVISORIES 5[−]
30 SepThe Cybersecurity Information Sharing Act Faces ExpirationThe CISA is set to expire on September 30, 2025, raising urgent questions about risk, politics, and the future of threat intelligence. The post The Cybersecurity Information Sharing Act Faces Expiration appeared first on SecurityWeek .SECURITYWEEK.COM
30 SepSharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product ManufacturersOver the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet th…NIST.GOV
30 SepPhantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth MalwareGovernment and telecommunications organizations across Africa, the Middle East, and Asia have emerged as the target of a previously undocumented China-aligned nation-state actor dubbed Phantom Taurus over the past two-and-a-half years. "Phantom Taurus' main focus areas include mi…THEHACKERNEWS.COM
30 SepCISA kills agreement with nonprofit that runs MS-ISACsubmitted by cm0002 to cybersecurity 3 points | 0 comments https://www.theregister.com/2025/09/30/cisa_kills_cis_agreement/INFOSEC.PUB
30 SepFrom fake lovers to sextortionists: 260 scammers arrested in AfricaINTERPOL has announced the arrest of 260 alleged romance scammers, sextortionists, and online fraudsters as part of a multi-national operation across Africa. Read more in my article on the Hot for Security blog.BITDEFENDER.COM
🔥 INCIDENT REPORTING 11[−]
30 SepNew Harrods Data Breach Leaks Personal Information of 430,000 CustomersLuxury department store Harrods has become the latest victim of a significant cybersecurity incident after hackers successfully accessed personal data belonging to 430,000 customers. The prestigious London retailer confirmed that threat actors contacted the company following the …GBHACKERS.COM
30 SepLunar Spider Infected Windows Machine in Single Click and Harvested Login CredentialsA sophisticated cybercriminal group known as Lunar Spider successfully compromised a Windows machine through a single malicious click, establishing a foothold that allowed them to harvest credentials and maintain persistent access for nearly two months. The intrusion, which began…GBHACKERS.COM
30 SepIs your SIEM still serving You? Why it might be time to rethink your security stackSecurity teams are under increasing pressure to detect and respond to threats in real time, especially as the median dwell time for ransomware attacks has dropped from weeks to a few days. Yet many organizations still rely on legacy Security Information and Event Management (SIEM…SOPHOS.COM
30 SepCyberattack on Beer Giant Asahi Disrupts ProductionThe incident has resulted in a system failure that impacted orders and shipments in Japan, and call center operations. The post Cyberattack on Beer Giant Asahi Disrupts Production appeared first on SecurityWeek .SECURITYWEEK.COM
30 SepNew Android Banking Trojan Uses Hidden VNC for Full Remote Control of DevicesIn late August 2025, Cleafy’s Threat Intelligence team uncovered Klopatra, a new, highly sophisticated Android banking trojan and Remote Access Trojan (RAT) that grants attackers full control of compromised devices and facilitates large-scale financial fraud. Active campaigns in …GBHACKERS.COM
30 SepCanada WestJet breach American customers notified | Cybernewssubmitted by kid to cybersecurity 1 points | 0 comments https://cybernews.com/security/canada-westjet-breach-notifies-american-customers-data-stolen-june/SH.ITJUST.WORKS
30 SepDatenleck bei Kido-KindergärtenEine Ransomware-Bande hat die Daten von mehr als 8.000 Kindern der Kido-Kindergärten gestohlen. New Africa – shutterstock.com Die Ransomware-Bande Randiant veröffentlichte kürzlich einen Darknet-Post mit Hinweisen auf einen Angriff auf den britischen Kindertagesstättenbetreiber K…CSOONLINE.COM
30 SepMicrosoft Expands Sentinel Into Agentic Security Platform With Unified Data LakeMicrosoft on Tuesday unveiled the expansion of its Sentinel Security Incidents and Event Management solution (SIEM) as a unified agentic platform with the general availability of the Sentinel data lake. In addition, the tech giant said it's also releasing a public preview of Sent…THEHACKERNEWS.COM
30 SepStop Alert Chaos: Context Is the Key to Effective Incident ResponseThe Problem: Legacy SOCs and Endless Alert Noise Every SOC leader knows the feeling: hundreds of alerts pouring in, dashboards lighting up like a slot machine, analysts scrambling to keep pace. The harder they try to scale people or buy new tools, the faster the chaos multiplies.…THEHACKERNEWS.COM
30 SepJapan’s beer-making giant Asahi stops production after cyberattackA day after one of Japan's biggest brewers, Asahi Group, announced it suspended production due to a cyberattack, the company said it has no timeline for its recovery.TECHCRUNCH.COM
30 SepA breach every month raises doubts about South Korea’s digital defensesKnown for its blazing fast internet and home to some of the world’s biggest tech giants, South Korea has also faced a string of data breaches and cybersecurity lapses that has struggled to match the pace of its digital ambitions.TECHCRUNCH.COM
🕵️ THREAT INTELLIGENCE 26[−]
30 SepISC Stormcast For Tuesday, September 30th, 2025 https://isc.sans.edu/podcastdetail/9634, (Tue, Sep 30th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
30 SepHackers Distribute Malicious Microsoft Teams Build to Steal Remote AccessCybersecurity researchers have identified a sophisticated campaign where threat actors are using malicious advertisements and search engine optimization poisoning to distribute fake Microsoft Teams installers containing the Oyster backdoor malware. The campaign targets users sear…GBHACKERS.COM
30 SepMalicious Code in Fake Postmark MCP Server Steals Thousands of EmailsA newly discovered attack on the npm ecosystem has exposed a deceptive backdoor embedded in a malicious package impersonating Postmark. The package, named postmark-mcp, quietly siphoned off thousands of emails from unsuspecting developers and organizations, all with just one line…GBHACKERS.COM
30 SepAPT35 Hackers Targeting Government and Military to Steal Login CredentialsStormshield CTI researchers have identified two active phishing servers linked to APT35, revealing ongoing credential-stealing operations targeting government and military entities. In an active threat-hunting operation, Stormshield’s Cyber Threat Intelligence (CTI) team discover…GBHACKERS.COM
30 SepChanging the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to figure out how to present developers with useful vuln info that doesn't overwhelm them. Francesco Cipollone shares how to redirec…YOUTUBE.COM
30 SepWebinar Today: AI and the Trust Dilemma: Balancing Innovation and RiskWebinar: How do you embrace AI’s potential while defending against its threats? The post Webinar Today: AI and the Trust Dilemma: Balancing Innovation and Risk appeared first on SecurityWeek .SECURITYWEEK.COM
30 SepDutch teens recruited on Telegram, accused of Russia-backed hacking plotTwo 17-year-olds have been arrested by Dutch authorities on suspicion of spying for pro-Russian hackers. The teenagers, who are said to have been recruited as "disposable agents" via Telegram, were reportedly arrested last week "on suspicion that are linked to government-sponsore…BITDEFENDER.COM
30 SepHigh-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenterThe flaws could allow attackers to escalate privileges, manipulate notifications, and enumerate usernames. The post High-Severity Vulnerabilities Patched in VMware Aria Operations, NSX, vCenter appeared first on SecurityWeek .SECURITYWEEK.COM
30 SepCalifornia Gov. Gavin Newsom Signs Bill Creating AI Safety MeasuresThe Transparency in Frontier Artificial Intelligence Act (TFAIA) requires AI companies to implement and disclose publicly safety protocols to prevent their most advanced models from being used to cause major harm. The post California Gov. Gavin Newsom Signs Bill Creating AI Safet…SECURITYWEEK.COM
30 SepNew Guidance Calls on OT Operators to Create Continually Updated System InventoryAgencies in several countries have created guidance titled ‘Creating and Maintaining a Definitive View of Your OT Architecture’. The post New Guidance Calls on OT Operators to Create Continually Updated System Inventory appeared first on SecurityWeek .SECURITYWEEK.COM
30 SepCISO Conversations: John ‘Four’ Flynn, VP of Security at Google DeepMindFlynn has been DeepMind’s VP of security since May 2024. Before then he had been a CISO with Amazon, CISO at Uber, and director of information security at Facebook. The post CISO Conversations: John ‘Four’ Flynn, VP of Security at Google DeepMind appeared first on SecurityWeek .SECURITYWEEK.COM
30 Sep'You'll never need to work again': Criminals offer reporter money to hack BBCsubmitted by kid to cybersecurity 1 points | 0 comments https://www.bbc.com/news/articles/c3w5n903447oSH.ITJUST.WORKS
30 SepMicrosoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Securitysubmitted by kid to cybersecurity 3 points | 0 comments https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.htmlSH.ITJUST.WORKS
30 SepThe 3 Biggest Email Security Challenges Facing Legal OrganizationsLaw firms really are under constant pressure to meet tight deadlines, maintain client confidentiality and protect privileged communications.KNOWBE4.COM
30 SepEvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizationssubmitted by kid to cybersecurity 1 points | 0 comments https://thehackernews.com/2025/09/evilai-malware-masquerades-as-ai-tools.htmlSH.ITJUST.WORKS
30 SepNational Cyber Authorities Launch OT Security Guidance - Infosecurity Magazinesubmitted by kid to cybersecurity 2 points | 0 comments https://www.infosecurity-magazine.com/news/national-cyber-authorities-ot/SH.ITJUST.WORKS
30 SepGoogle Project Zero Details ASLR Bypass on Apple Devices Using NSDictionary Serializationsubmitted by kid to cybersecurity 1 points | 0 comments https://cybersecuritynews.com/aslr-bypass-on-apple-devices/SH.ITJUST.WORKS
30 SepThe AI Fix #70: AI behaves… until it knows you’re watchingIn episode 70 of The AI Fix, our hosts learn that AI makes people more dishonest, Waymo's robo-cars save lives but get outsmarted by a bathroom mirror, a "rescue" bot slurps up victims head-first, and China shows off a fusion robot arm that can lift ten elephants (or 200,000 pige…GRAHAMCLULEY.COM
30 SepEmpowering defenders in the era of agentic AI with Microsoft SentinelMicrosoft Sentinel is expanding into an agentic platform with general availability of the Sentinel data lake, and the public preview of Sentinel graph and Sentinel Model Context Protocol (MCP) server. The post Empowering defenders in the era of agentic AI with Microsoft Sentinel …MICROSOFT.COM
30 SepNew Chinese Nexus APT Group Targeting Organizations to Deploy NET-STAR Malware SuiteChina-linked advanced persistent threat (APT) group Phantom Taurus has intensified espionage operations against government and telecommunications targets across Africa, the Middle East, and Asia, deploying a newly discovered .NET malware suite called NET-STAR. First tracked by Un…GBHACKERS.COM
30 SepPatchwork APT: Leveraging PowerShell to Create Scheduled Tasks and Deploy Final PayloadPatchwork, the advanced persistent threat (APT) actor also known as Dropping Elephant, Monsoon, and Hangover Group, has been observed deploying a new PowerShell-based loader that abuses Windows Scheduled Tasks to execute its final payload. Active since at least 2015 and focused o…GBHACKERS.COM
30 SepGoogle Patches Gemini AI Hacks Involving Poisoned Logs, Search ResultsResearchers found more methods for tricking an AI assistant into aiding sensitive data theft. The post Google Patches Gemini AI Hacks Involving Poisoned Logs, Search Results appeared first on SecurityWeek .SECURITYWEEK.COM
30 SepCall for Presentations Open for 2025 CISO Forum Virtual SummitThis online event is expected to attract more than 2,500 attendee registrations from around the world. The post Call for Presentations Open for 2025 CISO Forum Virtual Summit appeared first on SecurityWeek .SECURITYWEEK.COM
30 SepCyberheistNews Vol 15 #39 [Watch Your Back] Why Your Security Strategy Needs a Human Upgrade NowKNOWBE4.COM
30 Sep50K Cisco firewalls remain vulnerable to advanced attackssubmitted by cm0002 to cybersecurity 1 points | 0 comments https://www.theregister.com/2025/09/30/cisco_firewall_vulns/INFOSEC.PUB
30 SepAttica, Crustacean Porn, Broadcom, William of Ockham, Jaguar, SVG, Aaran Leyland... - SWN #516Attica, Crustacean Porn, Broadcom, William of Ockham, Jaguar, SVG, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-516YOUTUBE.COM
🌐 CYBER THREAT LANDSCAPE 3[−]
30 SepEvolving Enterprise Defense to Secure the Modern AI Supply ChainThe world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from…THEHACKERNEWS.COM
30 SepNew Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel EventsCybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly. Dutch mobile security company ThreatFabric said it discovered the c…THEHACKERNEWS.COM
30 SepNew MatrixPDF toolkit turns PDFs into phishing and malware luresA new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential theft or malware downloads. [...]BLEEPINGCOMPUTER.COM
📡 INFOSEC NEWS 10[−]
30 SepWindows 11 KB5065789 update released with 41 changes and fixesMicrosoft has released the KB5065789 preview cumulative update for Windows 11 24H2, which includes 41 improvements, including new AI actions in File Explorer and bug fixes for Windows Update and Windows Sandbox. [...]BLEEPINGCOMPUTER.COM
30 SepMicrosoft fixes Windows DRM video playback issues for some usersMicrosoft says it has "partially" resolved a known issue that caused problems when trying to play DRM-protected video in Blu-ray/DVD/Digital TV applications. [...]BLEEPINGCOMPUTER.COM
30 SepVMware Certification Is Surging in a Shifting IT LandscapeVMware certification is surging as IT teams face hybrid infra, cloud complexity, & rising risks. See how VMUG Advantage helps practitioners & enterprises turn certification into stronger security & measurable value. [...]BLEEPINGCOMPUTER.COM
30 SepInternal expertise vs. managed security | Kaspersky official blogKaspersky XDR Optimum or MXDR Optimum – which path which suits your cybersecurity strategy best?KASPERSKY.COM
30 Sep"user=admin". Sometimes you don't even need to log in., (Tue, Sep 30th)One of the common infosec jokes is that sometimes, you do not need to "break" an application, but you have to log in. This is often the case for weak default passwords, which are common in IoT devices. However, an even easier method is to tell the application who you are. This do…ISC.SANS.EDU
30 SepWindows 11 2025 Update (25H2) is now available, Here's what's newToday, Microsoft announced the release of Windows 11 25H2, also known as Windows 11 2025 Update. [...]BLEEPINGCOMPUTER.COM
30 SepSendit sued by the FTC for illegal collection of children dataThe Federal Trade Commission (FTC) is suing Sendit's operating company and its CEO for unlawful collection of data from underage users, as well as deceptive subscription practices. [...]BLEEPINGCOMPUTER.COM
30 SepTed Cruz blocks bill that would extend privacy protections to all AmericansThe Texas senator blocked a bill that would have prevented data brokers from collecting and selling personal data on anyone in the United States, and not just federal lawmakers and government officials.TECHCRUNCH.COM
30 SepImgur blocks UK users after data watchdog signals possible finePeople in the United Kingdom are no longer able to access content hosted on the Imgur, a popular media sharing site, after a UK data watchdog warned it may impose a monetary penalty on the parent company, MediaLab. [...]BLEEPINGCOMPUTER.COM
30 Sep[Guest Diary] Comparing Honeypot Passwords with HIBP, (Wed, Oct 1st)[This is a Guest Diary by Draden Barwick, an ISC intern as part of the SANS.edu Bachelor&#;39;s Degree in Applied Cybersecurity (BACS) program [1].]
ISC.SANS.EDU