September, 2025
September 30, 2025 – Outage
UK government to be guarantor for Jaguar Land Rover loan as it recovers from cyberattack Full Text
Abstract
The British government announced it is underwriting a loan for auto manufacturer Jaguar Land Rover (JLR) as the company and its supply chain attempt to recover from the disruption caused by a cyberattack earlier this month.THe Record
September 30, 2025 – Criminals
Ransomware gang sought BBC reporter’s help in hacking media giant Full Text
Abstract
Cybersecurity correspondent Joe Tidy revealed in a story on the BBC that the hackers wanted to use his laptop to breach the British public-service broadcaster's network and then ask for a ransom.Bleeping Computer
September 30, 2025 – Malware
New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events Full Text
Abstract
Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly.The Hacker News
September 30, 2025 – Ransomware
Akira ransomware: From SonicWall VPN login to encryption in under four hours Full Text
Abstract
Four hours or less: that’s how long it takes for Akira affiliates to break into organizations and deploy the ransomware on their systems, Arctic Wolf researchers have warned.Help Net Security
September 30, 2025 – Malware
Fake Postmark MCP npm package stole emails with one-liner Full Text
Abstract
A fake npm package posing as Postmark's MCP (Model Context Protocol) server silently stole potentially thousands of emails a day by adding a single line of code that secretly copied outgoing messages to an attacker-controlled address.The Register
September 30, 2025 – Breach
‘Widespread’ breach let hackers steal employee data from FEMA and CBP Full Text
Abstract
A “widespread cybersecurity incident” at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection.Next Gov
September 30, 2025 – Outage
Asahi runs dry as online attackers take down Japanese ops Full Text
Abstract
Japan's largest brewery biz, Asahi, has shut down distribution systems following an online attack, and local drinkers will just have to make do with stocks as they stand.The Register
September 29, 2025 – Government
National Cyber Authorities Launch OT Security Guidance Full Text
Abstract
National cybersecurity agencies from seven countries have jointly released new guidance to enhance the security of OT systems. The guidance is intended for cybersecurity practitioners working in organizations that deploy or operate OT systems.Infosecurity Magazine
September 29, 2025 – Privacy
Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say Full Text
Abstract
Researchers have uncovered privacy and security bugs in Tile tracking tags. These flaws allow malicious actors to track users, bypass anti-stalking protections, and even impersonate Tile tags to falsely implicate individuals.Wired
September 29, 2025 – Breach
Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M Full Text
Abstract
The Medusa ransomware group claimed responsibility for a data breach at Comcast Corporation, alleging the theft of 834.4 GB of data. The group is demanding a $1.2 million ransom for either deleting the data or selling it to interested buyers.Hack Read
September 29, 2025 – Policy and Law
Vital cyber data-sharing law appears likely to expire amid looming government shutdown Full Text
Abstract
The 2015 Cybersecurity Information Sharing Act is poised to expire on September 30. The law has been instrumental in enabling private sector entities to share cyber threat intelligence with federal agencies under legal protections.NextGov
September 29, 2025 – Phishing
Google Ads Used to Spread Trojan Disguised as TradingView Premium Full Text
Abstract
A malware campaign is leveraging Google Ads and hijacked YouTube channels to distribute a Trojan disguised as TradingView Premium. The campaign It now uses over 500 domains and thousands of malicious ads daily in English, Vietnamese, and Thai.Hack Read
September 29, 2025 – Vulnerabilities
GitLab security advisory (AV25-620) Full Text
Abstract
Flaws have been identified in GitLab Community Edition (CE) and Enterprise Edition (EE), affecting versions prior to 18.4.1, 18.3.3, and 18.2.7. GitLab has released a security advisory and corresponding patch updates to address these issues.Government of Canada
September 27, 2025 – Attack
Chinese Cyberspies Hacked US Defense Contractors Full Text
Abstract
RedNovember, a Chinese state-sponsored cyberespionage group, has conducted a global campaign from July 2024 to July 2025, targeting US defense contractors and a wide range of organizations across government, aerospace, legal, and industrial sectors.Security Week
September 27, 2025 – Policy and Law
Dem report concludes Department of Government Efficiency violates cybersecurity, privacy rules Full Text
Abstract
The report focuses on DOGE’s activities at the General Services Administration (GSA), Office of Personnel Management (OPM), and Social Security Administration (SSA), revealing multiple instances of potential cybersecurity violations.Cyber Scoop
September 27, 2025 – Government
CISA Directs Federal Agencies to Identify and Mitigate Potential Compromise of Cisco Devices Full Text
Abstract
On September 25, 2025, the CISA issued Emergency Directive ED 25-03, mandating all U.S. federal agencies to identify and mitigate potential compromises in all versions of Cisco Adaptive Security Appliances (ASA) and Cisco Firepower devices.CISA
September 27, 2025 – Criminals
Interpol Cracks Down on Large-Scale African Scamming Networks Full Text
Abstract
A major transnational cybercrime crackdown, Operation Contender 3.0, has led to the arrest of 260 individuals and the dismantling of 81 cybercrime infrastructures across 14 African countries.Infosecurity Magazine
September 25, 2025 – Outage
Ransomware gang says it hacked the Maryland Department of Transportation Full Text
Abstract
Rhysida ransomware group has claimed responsibility for a cyberattack on the Maryland Transit Administration (MTA), a division of the Maryland Department of Transportation. The attack specifically disrupted MobilityLink.Compari Tech
September 25, 2025 – Phishing
PSF Warns of Fake PyPI Login Site Stealing User Credentials Full Text
Abstract
A new phishing campaign is targeting developers using the Python Package Index (PyPI), aiming to steal user credentials through a spoofed login site. The phishing campaign begins with emails that appear to originate from PyPI administrators.Hack Read
September 25, 2025 – Vulnerabilities
Drupal security advisory (AV25-617) Full Text
Abstract
Security vulnerabilities were identified in multiple contributed modules for Drupal. These issues affect several modules including JSON Field, Plausible Tracking, Access Code, Umami Analytics, Currency, and Reverse Proxy Header.Government of Canada
September 24, 2025 – Vulnerabilities
Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack Full Text
Abstract
Supermicro has patched two critical Baseboard Management Controller bugs—CVE-2025-7937 and CVE-2025-6198—that allow malicious firmware updates. Although initially patched, the fix could be bypassed, prompting a new patch and CVE assignment.Security Week
September 24, 2025 – Vulnerabilities
22 Vulnerabilities Under Attack – And Another That Could Be Full Text
Abstract
Researchers have identified 22 vulnerabilities currently under active exploitation, with 12 detected via honeypot sensors and 10 exploited by ransomware groups. Notably, nine of these vulnerabilities are not listed in CISA’s KEV catalog.The Cyber Express
September 24, 2025 – Breach
Hidden WordPress Backdoors Creating Admin Accounts Full Text
Abstract
A recent investigation uncovered two stealthy backdoors on a compromised WordPress site: a fake plugin named DebugMaster Pro and a script named wp-user.php. These files maintained persistent administrative access and exfiltrated credentials.Sucuri
September 24, 2025 – Criminals
‘SIM Farms’ Are a Spam Plague. A Giant One in New York Threatened US Infrastructure, Feds Say Full Text
Abstract
A massive SIM farm operation discovered in the New York City area has raised serious concerns about the potential for large-scale disruption of US telecommunications infrastructure.Wired
September 24, 2025 – Malware
How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking Full Text
Abstract
A newly identified PlugX variant was deployed in a cyber-espionage campaign targeting telecommunications and manufacturing sectors in Central and South Asia. The campaign is attributed to the Chinese-speaking threat actor Naikon.Talos Intelligence
September 24, 2025 – Vulnerabilities
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks Full Text
Abstract
A critical security flaw in Wondershare RepairIt, an AI-powered image and video enhancement application, has exposed sensitive user data and created a high risk of supply chain attacks.Trend Micro
September 24, 2025 – Breach
Boyd Gaming discloses data breach after suffering a cyberattack Full Text
Abstract
Boyd Gaming Corporation, a major U.S. casino and gaming operator, has disclosed a data breach following a cyberattack that led to the unauthorized access and exfiltration of sensitive data.Bleeping Computer
September 23, 2025 – General
Cybercriminals are going after law firms’ sensitive client data Full Text
Abstract
Law firms are increasingly becoming prime targets for cybercriminals due to the sensitive nature of the data they handle, including client communications, financial records, and legal strategies.Help Net Security
September 23, 2025 – Breach
Automaker giant Stellantis confirms data breach after Salesforce hack Full Text
Abstract
Automotive giant Stellantis has confirmed a data breach affecting its North American customer service operations. The breach occurred through unauthorized access to a third-party service provider's platform integrated with Salesforce.Bleeping Computer
September 23, 2025 – Attack
New EDR-Freeze tool uses Windows WER to suspend security software Full Text
Abstract
A novel attack technique named EDR-Freeze has emerged, demonstrating the ability to suspend endpoint detection and response (EDR) and antivirus (AV) processes on Windows systems using only user-mode operations.Bleeping Computer
September 23, 2025 – Malware
Here’s how potent Atomic credential stealer is finding its way onto Macs Full Text
Abstract
A widespread malware campaign is targeting macOS users by impersonating a broad range of online services through malicious ads on search engines. The campaign aims to distribute the Atomic Stealer, a potent credential-stealing malware.Ars Technica
September 23, 2025 – Ransomware
GPT-4 Malware Generates Ransomware in Real Time Full Text
Abstract
MalTerminal is a newly discovered AI-powered malware that leverages GPT-4 to generate ransomware or reverse shell code in real time. The malware represents the first known instance of large language model (LLM)-enabled malware found in the wild.ESecurity Planet
September 23, 2025 – Hacker
Telecom exec: Salt Typhoon inspiring other hackers to use unconventional techniques Full Text
Abstract
Threat actors are increasingly adopting stealthy and unconventional techniques inspired by the Chinese APT group Salt Typhoon, which previously infiltrated major telecommunications providers.Cyber Scoop
September 23, 2025 – Vulnerabilities
Full Disclosure: Current Password not Required When Changing Password Full Text
Abstract
A flaw has been identified in FlatPress v1.4.1 that allows an administrator to change their password without providing the current password. This bug undermines standard authentication practices and could lead to unauthorized access.SecLists
September 23, 2025 – Vulnerabilities
Full Disclosure: libelf 0.8.12 Stack-based buffer overflow in gmo2msg (libelf) via unbounded sprintf of lang argument Full Text
Abstract
A stack-based buffer overflow vulnerability has been identified in `libelf` version 0.8.12, specifically within the `gmo2msg` utility. The flaw stems from unbounded `sprintf` operations on a fixed-size buffer when handling user-supplied input.SecLists
September 22, 2025 – Attack
Nimbus Manticore Deploys New Malware Targeting Europe Full Text
Abstract
Nimbus Manticore launched a sophisticated cyber-espionage campaign targeting aerospace, defense, telecommunications, and satellite sectors in Europe. The campaign employs MiniJunk and MiniBrowse malware.Check Point
September 22, 2025 – Criminals
Canada dismantles TradeOgre exchange, seizes $40 million in crypto Full Text
Abstract
Canadian authorities have dismantled the TradeOgre cryptocurrency exchange and seized over $40 million in digital assets believed to be linked to criminal activity. This also marks the largest asset seizure in Canadian history.Bleeping Computer
September 22, 2025 – Vulnerabilities
Cross-site scripting vulnerability in Lectora course navigation Full Text
Abstract
A cross-site scripting (XSS) vulnerability has been identified in Lectora Desktop versions 21.0–21.3 and Lectora Online versions 7.1.6 and older. The issue arises when courses are published with SPP enabled and Web Accessibility disabled.CERT
September 22, 2025 – Insider Threat
SonicWall Urges Urgent Credential Reset After Backup File Exposure Full Text
Abstract
SonicWall has issued an urgent advisory following the inadvertent public exposure of configuration backup files from MySonicWall. These files contained encrypted passwords, pre-shared keys, and TLS certificates used by SonicOS appliances.ESecurity Planet
September 22, 2025 – Vulnerabilities
[Control systems] ABB security advisory (AV25-605) Full Text
Abstract
Exploitation of these vulnerabilities could compromise the integrity, availability, or confidentiality of industrial control systems, potentially leading to operational disruptions or unauthorized access.Government of Canada
September 22, 2025 – Outage
Cyberattack Disrupts Airport Check-In Systems Across Europe Full Text
Abstract
A cyberattack targeting Collins Aerospace’s MUSE (Multi-User System Environment) software disrupted check-in systems across several major European airports, leading to widespread delays, flight cancellations, and manual fallback operations.HackRead
September 22, 2025 – Hacker
Two of the Kremlin’s most active hack groups are collaborating, ESET says Full Text
Abstract
Turla has been known for deploying stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations. These activities suggest a strategic alignment between the two groups to enhance operational effectiveness.Ars Technica
September 22, 2025 – Attack
A Cyberattack on Jaguar Land Rover Is Causing a Supply Chain Disaster Full Text
Abstract
The cyberattack, which began in early September, has led JLR to proactively shut down its systems to contain the threat. The production pause has now been extended to September 24 as forensic investigations continue.Wired
September 20, 2025 – Attack
Heathrow cyberattack: Delays after airport check-in system hit Full Text
Abstract
Heathrow is among several European airports hit by a cyberattack affecting an electronic check-in and baggage system. The airport warned of possible delays due to a "technical issue" affecting software provided by Collins Aerospace.BBC
September 20, 2025 – Ransomware
Qilin Remains Top Ransomware Group as New Threats Emerge Full Text
Abstract
The ransomware group Qilin emerged as the most dominant threat actor in August, claiming responsibility for 104 attacks during the month alone. Since April, Qilin has amassed a total of 398 victims, placing it more than 70% ahead of Akira.The Cyber Express
September 20, 2025 – Phishing
How AI-Native Development Platforms Enable Fake Captcha Pages Full Text
Abstract
A new wave of phishing campaigns is exploiting AI-native development platforms such as Vercel, Netlify, and Lovable to host fake CAPTCHA pages. These deceptive pages serve as a gateway to credential-harvesting phishing sites.Trend Micro
September 20, 2025 – Breach
Ransomware gang says it hacked Spartanburg County, SC Full Text
Abstract
Spartanburg County, North Carolina, experienced a ransomware attack in August, attributed to the Qilin ransomware group. The attackers claim to have exfiltrated 390 GB of sensitive data, including personal, financial, and law enforcement records.CompariTech
September 20, 2025 – Vulnerabilities
Schneider Electric Saitel DR & Saitel DP Remote Terminal Unit Full Text
Abstract
Two OS command injection vulnerabilities were identified in Schneider Electric’s Saitel DR and DP Remote Terminal Units (RTUs). These flaws could allow local attackers to execute arbitrary shell commands via the BLMon Console during SSH sessions.CISA
September 20, 2025 – Breach
Tiffany Data Breach Impacts Thousands of Customers Full Text
Abstract
A recent data breach at Tiffany & Co. has compromised the personal information of over 2,500 customers in the US, with potential impact on Canadian customers as well. The breach exposed sensitive gift card-related data.Security Week
September 19, 2025 – Vulnerabilities
Nokia security advisory (AV25-602) Full Text
Abstract
Nokia has released a security advisory addressing two critical vulnerabilities affecting CloudBand Infrastructure Software and Nokia Container Service. These bugs include an authentication bypass and a RCE flaw.Government of Canada
September 19, 2025 – Outage
Russian regional airline disrupted by suspected cyberattack Full Text
Abstract
A suspected cyberattack has disrupted digital services at KrasAvia, a regional Russian airline, marking another incident in a growing trend of cyber operations targeting the Russian aviation sector.The Record
September 19, 2025 – Vulnerabilities
Hitachi Energy Asset Suite Full Text
Abstract
Multiple critical vulnerabilities have been identified in Hitachi Energy's Asset Suite platform (versions 9.6.4.5 and prior), originating from embedded open-source components. These vulnerabilities could lead to RCE, DOS, and other security risks.CISA
September 19, 2025 – Vulnerabilities
Cognex In-Sight Explorer and In-Sight Camera Firmware Full Text
Abstract
Multiple critical vulnerabilities have been identified in Cognex In-Sight Explorer and In-Sight Camera Firmware, potentially allowing attackers to steal credentials, modify system configurations, or cause denial-of-service (DoS) conditions.CISA
September 19, 2025 – Vulnerabilities
Microsoft Patches Severe Entra ID Tenant Takeover Bug Full Text
Abstract
A critical vulnerability in Microsoft Entra ID exposed all Microsoft cloud tenants to potential full compromise. It allowed attackers to impersonate any user without detection.eSecurity Planet
September 18, 2025 – Disinformation
CopyCop Deepens Its Playbook with New Websites and Targets Full Text
Abstract
A Russian influence operation known as CopyCop has expanded its disinformation infrastructure in 2025, deploying over 300 websites to target democratic institutions and public opinion across the US, France, Canada, Germany, Armenia, and Moldova.Recorded Future
September 18, 2025 – General
AI made crypto scams far more dangerous Full Text
Abstract
The first half of 2025 witnessed a surge in AI-powered cryptocurrency scams, resulting in over $3.01 billion in stolen assets. These scams leverage artificial intelligence to automate and scale phishing, impersonation, and malware distribution.Help Net Security
September 18, 2025 – Ransomware
GOLD SALEM’s Warlock operation joins busy ransomware landscape Full Text
Abstract
GOLD SALEM, also known as the Warlock Group, is an emerging ransomware threat actor active since March. The group has targeted a wide range of organizations across North America, Europe, and South America, deploying its Warlock ransomware.Sophos
September 18, 2025 – Vulnerabilities
Jenkins security advisory (AV25-598) Full Text
Abstract
The vulnerabilities affect both Jenkins weekly and Jenkins LTS versions, potentially exposing systems to security risks if left unpatched. These issues may impact the integrity and availability of Jenkins-based CI/CD environments.Government of Canada
September 18, 2025 – Breach
New York Blood Center notifies 194,000 people of data breach Full Text
Abstract
New York Blood Center Enterprises (NYBCe) has disclosed a significant data breach affecting 193,822 individuals. The breach, which occurred in January 2025, exposed sensitive personal and health-related information.CompariTech
September 18, 2025 – Breach
VC giant Insight Partners warns thousands after ransomware breach Full Text
Abstract
Insight Partners, a prominent New York-based venture capital and private equity firm, has disclosed a ransomware attack that compromised sensitive data of 12,657 individuals. The breach involved a sophisticated social engineering attack.Bleeping Computer
September 18, 2025 – Malware
New Raven Stealer Malware Hits Browsers for Passwords and Payment Data Full Text
Abstract
Raven Stealer is a newly identified malware strain that targets web browsers such as Chrome and Edge to exfiltrate sensitive user data, including passwords, cookies, and payment information.HackRead
September 18, 2025 – Breach
Attack on SonicWall’s cloud portal exposes customers’ firewall configurations Full Text
Abstract
A cyberattack on MySonicWall.com has resulted in unauthorized access to customer firewall configuration files. Hackers conducted a series of brute-force attacks on individual accounts to access backup firewall preference files stored in the cloud.Cyber Scoop
September 17, 2025 – Outage
JLR Extends Production Halt After Cyber-Attack Full Text
Abstract
Jaguar Land Rover (JLR) has extended its production halt until at least September 24, 2025, following a significant cyber-attack that disrupted its operations and supply chain. The attack has had cascading effects on third-party suppliers.Infoseurity Magazine
September 17, 2025 – Policy and Law
BreachForums administrator given three-year prison stint after resentencing Full Text
Abstract
Conor Fitzpatrick, the founder and lead administrator of the notorious cybercrime marketplace BreachForums, has been resentenced to three years in prison following a judicial review that overturned a controversial early release.The Record
September 17, 2025 – Attack
Russian hackers target Polish hospitals and city water supply Full Text
Abstract
The Polish government is increasing its cybersecurity budget to €1bn this year, after Russian sabotage attempts targeted hospitals and urban water supplies. Poland was facing between 20 and 50 attempts to damage critical infrastructure every day.Financial Times
September 17, 2025 – Vulnerabilities
Threat Signal Report Full Text
Abstract
Multiple critical vulnerabilities have been identified in Citrix NetScaler ADC and NetScaler Gateway appliances, including a memory overflow flaw (CVE-2025-7775) that enables remote code execution (RCE) and denial of service (DoS).Fortinet
September 17, 2025 – Vulnerabilities
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover Full Text
Abstract
Multiple critical vulnerabilities were discovered in Chaos Mesh, an open-source chaos engineering platform for Kubernetes. These flaws, collectively named "Chaotic Deputy," allow unauthenticated in-cluster attackers to execute arbitrary commands.THe Hacker News
September 17, 2025 – Vulnerabilities
A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users Full Text
Abstract
The breach affected 439 intelligence products, which were accessed 1,525 times by users not cleared for such information, including private sector contractors and foreign nationals. The breach exposed sensitive national security data, including PII.Wired
September 17, 2025 – Attack
Self-replicating worm hits 180+ npm packages in (largely) automated supply chain attack Full Text
Abstract
A self-replicating JavaScript worm named Shai-Hulud has compromised over 180 npm packages in a rapidly evolving supply chain attack. The worm targets npm developers, leveraging stolen credentials to propagate itself and exfiltrate sensitive data.Help Net Security
September 17, 2025 – Vulnerabilities
Apple backports fix for actively exploited CVE-2025-43300 Full Text
Abstract
CVE-2025-43300 is a 0-day vulnerability in Apple’s ImageIO framework that enables memory corruption via malicious image files. The vulnerability was initially patched in August 2025. The issue was addressed by implementing improved bounds checking.Security Affairs
September 17, 2025 – Phishing
Old file types, new tricks: Attackers turn everyday files into weapons Full Text
Abstract
Phishing emails accounted for 61% of threats reaching endpoints. Archives were the top delivery method (40%), followed by scripts and executables (35%). Attackers used realistic invoice-themed emails with SVG and PDF attachments to lure victims.Help Net Security
September 16, 2025 – Attack
New FileFix attack uses steganography to drop StealC malware Full Text
Abstract
A new FileFix-based social engineering campaign is actively delivering the StealC infostealer malware by exploiting user trust and abusing the File Explorer address bar. This attack impersonates Meta support and uses steganography to evade detection.Bleeping Computer
September 16, 2025 – Attack
SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad Bids Full Text
Abstract
A large-scale mobile ad fraud operation dubbed SlopAds exploited 224 Android apps, amassing over 38 million downloads across 228 countries. The campaign generated up to 2.3 billion ad bid requests daily by leveraging hidden WebViews and steganographyThe Hacker News
September 16, 2025 – Business
Fraud Prevention Company SEON Raises $80 Million in Series C Funding Full Text
Abstract
Fraud prevention and AML compliance firm SEON today announced raising $80 million in Series C funding, which brings the total raised by the company to $187 million. The new investment round was led by Sixth Street Growth.Security Week
September 16, 2025 – Phishing
SEO Poisoning Targets Chinese Users with Fake Software Sites Full Text
Abstract
A sophisticated SEO poisoning campaign has been uncovered targeting Chinese-speaking Microsoft Windows users. The attackers manipulated search engine results to promote fraudulent websites mimicking legitimate software providers.Infosecurity Magazine
September 16, 2025 – Breach
FinWise insider breach impacts 689K American First Finance customers Full Text
Abstract
An insider data breach at FinWise Bank has compromised the personal information of approximately 689,000 customers of American First Finance (AFF). The breach occurred when a former employee accessed sensitive data after their employment had ended.Bleeping Computer
September 16, 2025 – Attack
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory Full Text
Abstract
Academic researchers have developed a new Rowhammer-based attack, dubbed Phoenix, that bypasses DDR5 memory protections, including Target Row Refresh (TRR). The Phoenix attack was able to flip bits on all 15 DDR5 memory chips tested.Bleeping Computer
September 16, 2025 – Breach
Google confirms fraudulent account created in law enforcement portal Full Text
Abstract
A threat actor group known as Scattered Lapsus$ Hunters has claimed unauthorized access to Google’s Law Enforcement Request System (LERS) and the FBI’s eCheck background check system.Bleeping Computer
September 16, 2025 – Breach
Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records Full Text
Abstract
A data breach has compromised the personal information of millions of customers from luxury fashion brands Gucci, Balenciaga, and Alexander McQueen. The breach was attributed to the cybercriminal group Shiny HuntersSecurity Affairs
September 15, 2025 – Phishing
AI-Forged Military IDs Used in North Korean Phishing Attack Full Text
Abstract
The phishing campaign involved emails impersonating a South Korean defense-related institution, claiming to manage ID issuance for military personnel. These emails contained malicious attachments.Infosecurity Magazine
September 15, 2025 – Attack
ShinyHunters Attack National Credit Information Center of Vietnam Full Text
Abstract
Vietnam’s National Credit Information Center suffered a cyberattack by the ShinyHunters group, exploiting an n-day vulnerability in unsupported software. The attackers accessed and leaked personal data, which was listed for sale on the dark web.Security Affairs
September 15, 2025 – General
AI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse Concerns Full Text
Abstract
A new AI-powered penetration testing tool named Villager has garnered nearly 11,000 downloads on PyPI. Villager’s AI-driven architecture enables large-scale, parallelized exploitation.The Hacker News
September 15, 2025 – Attack
Malicious MCP servers used in supply chain attacks Full Text
Abstract
A recent investigation has revealed how the Model Context Protocol (MCP), an open standard for integrating AI assistants with external tools, can be exploited as a supply chain attack vector.Secure List
September 15, 2025 – Breach
West Virginia Credit Union Notifying 187,000 People Impacted by 2023 Data Breach Full Text
Abstract
A significant data breach at Fairmont Federal Credit Union has compromised the sensitive personal, financial, and medical information of over 187,000 individuals. The compromised information includes: Full names and dates of birth, SSNs, and more.Security Week
September 15, 2025 – Botnet
Qrator Labs Mitigated Record L7 DDoS Attack from 5.76M-Device Botnet Full Text
Abstract
A record-breaking Layer 7 (L7) Distributed Denial of Service (DDoS) attack was successfully mitigated after being launched by a massive botnet comprising 5.76 million compromised devices.Hack Read
September 15, 2025 – Breach
600 GB of Alleged Great Firewall of China Data Published in Largest Leak Yet Full Text
Abstract
A massive 600 GB data leak allegedly tied to the Great Firewall of China has surfaced online, exposing a trove of internal documents, source code, and operational data. The leaked data is attributed to the hacktivist group Enlace Hacktivista.Hack Read
September 15, 2025 – Government
FBI Warns of Salesforce attacks by UNC6040 and UNC6395 Full Text
Abstract
The FBI has issued a FLASH alert warning organizations of ongoing malicious campaigns by cybercriminal groups UNC6040 and UNC6395. These groups are actively targeting Salesforce platforms to conduct data theft and extortion operations.Security Affairs
September 13, 2025 – Vulnerabilities
DELMIA Factory Software Vulnerability Exploited in Attacks Full Text
Abstract
A critical vulnerability (CVE-2025-5086) in DELMIA Apriso factory software is being actively exploited in the wild. The flaw, a deserialization of untrusted data issue, enables remote code execution and affects versions from 2020 through 2025.Security Week
September 13, 2025 – Breach
Vietnam, Panama governments suffer incidents leaking citizen data Full Text
Abstract
In Vietnam, the CIC was breached, with attackers claiming to have stolen 160 million records. In Panama, the Ministry of Economy and Finance (MEF) was targeted by the INC ransomware group, which claims to have exfiltrated 1.5 TB of data.The Record
September 13, 2025 – Phishing
Researchers warn VoidProxy phishing platform can bypass MFA Full Text
Abstract
A new phishing-as-a-service platform, VoidProxy, has emerged as a significant threat by enabling attackers to bypass multifactor authentication (MFA) and compromise high-value accounts.Cybersecurity Dive
September 13, 2025 – Ransomware
HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot Full Text
Abstract
HybridPetya mimics Petya/NotPetya and introduces the ability to bypass UEFI Secure Boot using CVE-2024-7344. Although not yet seen in the wild, it demonstrates a significant evolution in ransomware capabilities by targeting UEFI-based systems.Help Net Security
September 12, 2025 – Attack
Apple issues spyware warnings as CERT-FR confirms attacks Full Text
Abstract
These attacks are highly sophisticated, often leveraging zero-day bugs and requiring no user interaction. The primary targets include high-risk individuals such as journalists, lawyers, activists, politicians, and executives in strategic sectors.Security Affairs
September 12, 2025 – Vulnerabilities
Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS Full Text
Abstract
Cisco has addressed multiple high- and medium-severity vulnerabilities in its IOS XR software. These flaws include a DoS bug via ARP broadcast storms, an image verification bypass vulnerability, and an ACL bypass issue in the management interface.Security Affairs
September 12, 2025 – Vulnerabilities
Google fixes critical Chrome flaw, researcher earns $43K Full Text
Abstract
Google has released a critical security update for Chrome addressing two high-severity vulnerabilities: CVE-2025-10200 and CVE-2025-10201. These flaws could potentially allow remote code execution and compromise user systems.Security Affairs
September 12, 2025 – Malware
VMSCAPE Spectre vulnerability leaks cloud secrets Full Text
Abstract
VMSCAPE undermines the isolation between virtual machines and the hypervisor, allowing attackers to extract sensitive data such as cryptographic keys used for disk encryption.The Register
September 12, 2025 – Ransomware
Akira ransomware affiliates continue breaching organizations via SonicWall firewalls Full Text
Abstract
Akira ransomware affiliates continue to exploit SonicWall firewalls by leveraging a combination of vulnerabilities and misconfigurations. Despite the availability of a patch for CVE-2024-40766, many systems remain unpatched.Help Net Security
September 12, 2025 – General
Cyberattacks against schools driven by a rise in student hackers, ICO warns Full Text
Abstract
The ICO analyzed 215 insider threat breach reports from the education sector between January 2022 and August 2024 and identified a pattern of student involvement in cyber incidents. Approximately 57% of these breaches were caused by students.The Record
September 11, 2025 – Attack
Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT Full Text
Abstract
Threat actors are exploiting ConnectWise ScreenConnect to deploy AsyncRAT using fileless techniques, leveraging VBScript and PowerShell loaders, and maintain persistence through a fake Skype updater.Security Affairs
September 11, 2025 – Attack
France: Three Regional Healthcare Agencies Targeted by Cyber-Attacks Full Text
Abstract
Three French regional healthcare agencies—Hauts-de-France, Normandy, and Pays de la Loire—have been targeted in a coordinated cyber-attack campaign that compromised the personal data of patients across public hospitals.Infosecurity Magazine
September 11, 2025 – General
When typing becomes tracking: Study reveals widespread silent keystroke interception Full Text
Abstract
Researchers from multiple institutions analyzed 15,000 websites and found that 91% used JavaScript event listeners to monitor user interactions. Approximately 40% of websites captured keystrokes before users pressed submit.Help Net Security
September 11, 2025 – Breach
Vienna, VA discloses data breach that leaked SSNs, financial info Full Text
Abstract
The town of Vienna, Virginia, experienced a ransomware attack in August 2025, compromising the personal data of 811 individuals. The exposed data includes names, Social Security numbers, financial account details, and passport numbers.CompariTech
September 11, 2025 – Vulnerabilities
GitLab security advisory (AV25-584) Full Text
Abstract
GitLab issued a security advisory (AV25-584) addressing multiple vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). The affected versions include all releases before 18.3.2, 18.2.6, and 18.1.6.Government of Canada
September 11, 2025 – Vulnerabilities
Adobe security advisory (AV25-583) Full Text
Abstract
Adobe has released Security Advisory AV25-583 on September 9, 2025, addressing multiple vulnerabilities across a wide range of its products, including Acrobat, After Effects, Premiere Pro, ColdFusion, and Adobe Commerce.Government of Canada
September 11, 2025 – APT
Chinese APT Hits Philippine Military Firm with New EggStreme Fileless Malware Full Text
Abstract
A China-based advanced persistent threat (APT) group is actively targeting military organizations in the Asia-Pacific region, particularly the Philippines, using a newly discovered fileless malware framework named EggStreme.Hack Read
September 11, 2025 – Vulnerabilities
Cursor AI editor lets repos “autorun” malicious code on devices Full Text
Abstract
This vulnerability enables threat actors to execute arbitrary code, steal credentials and API tokens, modify files, or establish command-and-control channels without any user interaction.Bleeping Computer
September 11, 2025 – Malware
ChillyHell modular macOS malware OKed by Apple in 2021 Full Text
Abstract
ChillyHell is a modular macOS backdoor malware that remained undetected for four years after being notarized by Apple in 2021. Despite its malicious nature, the sample had passed Apple’s security checks and was publicly hosted on Dropbox since 2021.The Register
September 11, 2025 – Denial Of Service
DDoS defender targeted in 1.5 Bpps denial-of-service attack Full Text
Abstract
A European DDoS mitigation provider was recently targeted in a record-breaking distributed denial-of-service (DDoS) attack that peaked at an unprecedented 1.5 billion packets per second (Bpps).Bleeping Computer
September 10, 2025 – Vulnerabilities
AdaptixC2: A New Open-Source Framework Leveraged in Real-World Attacks Full Text
Abstract
AdaptixC2 is a modular, open-source command-and-control (C2) framework originally designed for red teaming but now actively exploited by threat actors. It supports extensive post-exploitation capabilities.Palo Alto Networks
September 10, 2025 – Vulnerabilities
Multiple Vulnerabilities in GitLab Patched, Blocking DoS and SSRF Attack Vectors Full Text
Abstract
GitLab has released critical security updates across multiple versions to address six significant vulnerabilities that could enable denial-of-service attacks, server-side request forgery, and information disclosure.GBHackers
September 10, 2025 – Breach
Ransomware attack at blood center: Org tells users their data’s been stolen Full Text
Abstract
The New York Blood Center suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a subset of files. This week NYBC has started notifying victims.Malware Bytes
September 10, 2025 – Breach
European crypto platform SwissBorg to reimburse users after $41 million theft Full Text
Abstract
SwissBorg, a European cryptocurrency platform, has announced that it will fully reimburse users affected by a recent cyber incident that resulted in the theft of approximately $41 million worth of Solana (SOL) tokens.The Record
September 10, 2025 – Malware
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems Full Text
Abstract
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.The Hacker News
September 9, 2025 – Malware
RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities Full Text
Abstract
A newly discovered Android banking trojan named RatOn demonstrates a significant leap in mobile malware sophistication. RatOn combines overlay attacks, NFC relay tactics, and an Automated Transfer System (ATS).The Hacker News
September 9, 2025 – Vulnerabilities
SAP security advisory – September 2025 monthly rollup (AV25-576) Full Text
Abstract
The vulnerabilities addressed affect critical SAP components and could potentially lead to unauthorized access, data compromise, or service disruption. CVE-2025-42957 is confirmed to be exploited in the wild, increasing the urgency for remediation.Government of Canada
September 9, 2025 – Government
Suspected Chinese operation aims to recruit former feds with job postings, research shows Full Text
Abstract
A suspected Chinese intelligence operation has been uncovered using fake job postings and fictitious consulting websites to recruit former and current U.S. federal employees, particularly those with security clearances or technical expertise.Next Gov
September 9, 2025 – Phishing
Ongoing malvertising campaign targets European IT workers with fake GitHub Desktop installers Full Text
Abstract
A sophisticated malvertising campaign, dubbed GPUGate, is actively targeting IT professionals in the EU by distributing fake GitHub Desktop installers. The campaign aims to gain initial access to enterprise environments for credential theft.Help Net Security
September 9, 2025 – General
Employees keep feeding AI tools secrets they can’t take back Full Text
Abstract
A significant number of employees are sharing sensitive data like customer records, financial results, and login credentials, with public AI platforms. This data is often submitted from unmanaged devices that security teams cannot monitor.Help Net Security
September 9, 2025 – General
Attackers test the limits of railway cybersecurity Full Text
Abstract
Railway systems are increasingly vulnerable to cyberattacks due to digital transformation, legacy infrastructure, and geopolitical tensions. A critical b dugiscovered in 2012 allows attackers to remotely trigger emergency brakes on American trains.Help Net Security
September 9, 2025 – Breach
Plex tells users to reset passwords after new data breach Full Text
Abstract
Media streaming platform Plex has issued a security advisory urging users to reset their passwords following a data breach. The breach occurred when a hacker accessed one of Plex’s databases and stole customer authentication data.Bleeping Computer
September 9, 2025 – Attack
45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage Full Text
Abstract
A set of 45 previously unreported domains linked to the China-affiliated threat actors Salt Typhoon and UNC4841 has been uncovered, revealing a longstanding cyber espionage campaign dating back to May 2020.The Hacker News
September 9, 2025 – Attack
Surge in networks scans targeting Cisco ASA devices raise concerns Full Text
Abstract
The scanning activity involved probing Cisco ASA login portals and Cisco IOS Telnet/SSH services. Notably, the scans used overlapping Chrome-like user agents, indicating a likely common origin among the scanning sources.Bleeping Computer
September 9, 2025 – Ransomware
LunaLock Ransomware threatens victims by feeding stolen data to AI models Full Text
Abstract
LunaLock ransomware introduced a novel and alarming extortion tactic by threatening to submit stolen digital artwork to AI training datasets. Its attack on the Artists&Clients platform involved data theft and encryption, with a $50,000 ransom demand.Security Affairs
September 8, 2025 – Breach
Georgia hospital notifies 160,000+ people of year-old data breach that leaked SSNs, credit cards, and medical records Full Text
Abstract
Wayne Memorial Hospital (WMH) in Jesup, Georgia, has notified 163,440 individuals of a ransomware attack that occurred between May 30 and June 3, 2024. Monti ransomware group claimed responsibility and listed WMH on its data leak site.CompariTech
September 8, 2025 – Phishing
MostereRAT Deployed AnyDesk/TightVNC for Covert Full Access Full Text
Abstract
A newly identified phishing campaign is deploying a sophisticated RAT dubbed MostereRAT, targeting Microsoft Windows systems. The campaign begins with phishing emails targeting Japanese users, impersonating legitimate business inquiries.Fortinet
September 8, 2025 – Breach
Canadian investment platform Wealthsimple disclosed a data breach Full Text
Abstract
The breach originated from a supply chain compromise involving a trusted third-party software package integrated into Wealthsimple’s systems. The unauthorized access occurred for a brief period and affected less than 1% of the platform’s clients.Security Affairs
September 8, 2025 – Phishing
iCloud Calendar abused to send phishing emails from Apple’s servers Full Text
Abstract
A sophisticated phishing campaign is exploiting Apple’s iCloud Calendar invite system to send callback phishing emails directly from Apple’s legitimate email servers. This abuse allows the phishing messages to bypass standard email security filters.Bleeping Computer
September 8, 2025 – Breach
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack Full Text
Abstract
An AI-powered supply chain attack, dubbed s1ngularity, has compromised 2,180 GitHub accounts and 7,200 repositories by exploiting the Nx open-source project. The attackers used a malicious NPM package to deploy credential-stealing malware.Bleeping Computer
September 8, 2025 – Phishing
VirusTotal finds hidden malware phishing campaign in SVG files Full Text
Abstract
VirusTotal has uncovered a stealthy phishing campaign that uses SVG (Scalable Vector Graphics) files to impersonate Colombia’s judicial system and deliver malware. The initial SVG file had zero antivirus detections.Bleeping Computer
September 8, 2025 – Breach
Nexar dashcam video database hacked Full Text
Abstract
The breach compromised sensitive video recordings, including footage with clearly visible faces and potentially identifiable individuals. Organizations and government entities that had access to Nexar’s data may also be indirectly affected.Malware Bytes
September 8, 2025 – General
Rogue AI Agents In Your SOCs and SIEMs – Indirect Prompt Injection via Log Files Full Text
Abstract
AI agents in SOCs and SIEMs are vulnerable to indirect prompt injection, where malicious inputs are embedded in log files. These log files, when ingested by the AI, can trigger unintended behaviors such as altering event classifications.Trust Wave
September 8, 2025 – Breach
GhostAction Attack Steals 3,325 Secrets from GitHub Projects Full Text
Abstract
The breach affected 327 developers and exposed thousands of secrets, posing a significant risk to software supply chains. Several companies reported that their entire SDK portfolios were tampered with, increasing the risk of downstream compromise.Hack Read
September 6, 2025 – Breach
Knock-on effects of software dev break-in hit schools trust Full Text
Abstract
A significant data breach at UK-based software developer Intradev has impacted the Affinity Learning Partnership, a trust operating seven schools and employing over 650 staff. The breach occurred on August 4.The Register
September 6, 2025 – Breach
South Carolina School District Data Breach Affects 31,000 People Full Text
Abstract
The breach affected 31,475 individuals and exposed sensitive data, including current and former names, dates of birth, Social Security numbers, financial account information, and state-issued ID information such as driver’s licenses and passports.Infosecurity Magazine
September 6, 2025 – General
The Good, the Bad and the Ugly in Cybersecurity – Week 36 Full Text
Abstract
Three Russian FSB officers are accused of orchestrating cyberattacks on U.S. critical infrastructure. Two malicious npm packages were using Ethereum smart contracts to conceal URLs for second-stage payload delivery.Sentinel One
September 6, 2025 – Hacker
TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations Full Text
Abstract
TAG-150 has been working on CastleRAT since March, with the threat actor leveraging a multi-tiered infrastructure comprising Tier 1 victim-facing C2 servers, as well as Tier 2 and Tier 3 servers that are mostly VPSes, and Tier 4 backup servers.The Hacker News
September 6, 2025 – Criminals
Two arrested in Egypt as authorities take down Streameast sports piracy platform Full Text
Abstract
The Alliance for Creativity and Entertainment (ACE) said it worked with Egyptian authorities to shut down the piracy network — which had more than 80 associated domains and logged more than 1.6 billion visits over the past year.The Record
September 6, 2025 – Government
CISA orders federal agencies to patch Sitecore zero-day following hacking reports Full Text
Abstract
Federal civilian agencies have until September 25 to patch a vulnerability in popular content management system Sitecore after incident responders said they disrupted a recent attack involving the bug.The Record
September 5, 2025 – Attack
Stealthy attack serves poisoned web pages only to AI agents Full Text
Abstract
This method enables attackers to serve malicious web content exclusively to AI agents while presenting benign pages to human users, thereby hijacking the agents’ behavior for malicious purposes.Help Net Security
September 5, 2025 – Attack
‘SEO fraud-as-a-service’ scheme hijacks Windows servers to promote gambling websites Full Text
Abstract
A newly identified threat actor group, GhostRedirector, has launched a global "SEO fraud-as-a-service" campaign targeting Windows servers to promote gambling websites. The campaign leverages two custom backdoors - Rungan and Gamshen.The Record
September 5, 2025 – Government
Ukraine’s cyber chief on Russian hackers’ shifting tactics, US cyber aid Full Text
Abstract
CERT-UA is currently tracking around 80 hacker groups, each with a code name and signature tactics. This intelligence enables Ukraine to anticipate attacks, inform partners, and develop timely countermeasures.The Record
September 5, 2025 – Criminals
$10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure Full Text
Abstract
Three Russian FSB officers are accused of a decade-long cyber espionage campaign targeting U.S. critical infrastructure and over 500 global energy firms. The U.S. State Department offers up to $10M for information on their identity or location.Security Affairs
September 4, 2025 – Denial Of Service
DDoS attacks serve as instruments of political influence and disruption Full Text
Abstract
In H1 2025, a total of 8,062,971 DDoS attacks were recorded globally, with the EMEA region experiencing the highest volume at 3.2 million attacks. Peak attack speeds reached 3.12 Tbps and 1.5 Gbps.HelpNet Security
September 4, 2025 – Denial Of Service
Cloudflare Mitigates Largest Ever Recorded DDoS Attack at 11.5 Tbps Full Text
Abstract
A record-breaking Distributed Denial-of-Service (DDoS) attack peaking at 11.5 terabits per second (Tbps) was successfully mitigated without service disruption. The attack lasted approximately 35 seconds.Hack Read
September 4, 2025 – Breach
South Carolina school district notifies 31,000 people of data breach that leaked SSNs and financial info Full Text
Abstract
School District 5 of Lexington and Richland Counties, South Carolina, experienced a ransomware attack in June 2025, compromising sensitive data of 31,475 individuals. The Interlock ransomware gang claimed responsibility.CompariTech
September 4, 2025 – Breach
SaaS giant Workiva discloses data breach after Salesforce attack Full Text
Abstract
A recent data breach at a major SaaS provider has exposed sensitive customer information following a compromise of a third-party CRM system. The breach is part of a broader campaign targeting Salesforce customers.Bleeping Computer
September 4, 2025 – Vulnerabilities
Android security advisory – September 2025 monthly rollup (AV25-560) Full Text
Abstract
A security bulletin was published on September 2, 2025, addressing two critical vulnerabilities in Android—CVE-2025-38352 and CVE-2025-48543. Both vulnerabilities are confirmed to be under limited, targeted exploitation.Government of Canada
September 4, 2025 – Vulnerabilities
Mis-issued certificates for 1.1.1.1 DNS service pose a threat to the Internet Full Text
Abstract
Three TLS certificates were mis-issued for 1.1.1.1, a DNS service operated by Cloudflare and APNIC. These certificates, issued in May 2025 by Fina RDC 2020, a subordinate CA under Fina Root CA, were only discovered four months later.Arts technica
September 4, 2025 – Malware
Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn Full Text
Abstract
A new variant of infostealer malware, Stealerium, introduces an automated sextortion feature that captures webcam images and browser screenshots when victims access NSFW content. This development marks a disturbing evolution in cybercrime.Wired
September 4, 2025 – Vulnerabilities
Threat actors abuse X’s Grok AI to spread malicious links Full Text
Abstract
Threat actors are exploiting X’s built-in AI assistant, Grok, to distribute malicious links by bypassing the platform’s link-posting restrictions. This abuse leverages Grok’s trusted status to amplify the reach and credibility of harmful content.Bleeping Computer
September 3, 2025 – Malware
Android droppers evolved into versatile tools to spread malware Full Text
Abstract
ThreatFabric researchers have identified a new dropper variant named RewardDropMiner. This staged dropper is capable of evading both Play Protect and the Pilot Program by delaying malicious activity until after installation.Security Affairs
September 3, 2025 – Malware
Fake AnyDesk Installer Spreads MetaStealer Through ClickFix Scam Full Text
Abstract
A new malware campaign is leveraging a fake AnyDesk installer and a deceptive ClickFix technique to distribute MetaStealer malware. This campaign uses a novel "FileFix" method to bypass traditional defenses by exploiting Windows File Explorer.Hack Read
September 3, 2025 – Vulnerabilities
Google patches two Android zero-days, 120 defects total in September security update Full Text
Abstract
Google has released its September 2025 Android security update, addressing a record-breaking 120 vulnerabilities. Notably, the update patches two actively exploited zero-day vulnerabilities affecting the Android kernel and runtime components.Cyber Scoop
September 3, 2025 – Attack
Ethereum smart contracts used to push malicious code on npm Full Text
Abstract
A novel software supply chain attack campaign has been uncovered involving malicious npm packages—colortoolsv2 and mimelib2—that use Ethereum smart contracts to deliver second-stage malware.Reversing Labs
September 3, 2025 – Government
U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog Full Text
Abstract
The CISA has added two actively exploited vulnerabilities—one in WhatsApp (CVE-2025-55177) and another in TP-Link TL-WA855RE Wi-Fi extenders (CVE-2020-24363)—to its Known Exploited Vulnerabilities (KEV) catalog.Security Affairs
September 3, 2025 – Criminals
Prolific Russian ransomware operator living in California enjoys rare leniency awaiting trial Full Text
Abstract
U.S. authorities have charged Ianis Aleksandrovich Antropenko, a Russian national, with multiple felonies related to the deployment of Zeppelin ransomware from 2018 to 2022. The charges include conspiracy to commit computer fraud and abuse.Cyber Scoop
September 3, 2025 – Breach
Hackers breach fintech firm in attempted $130M bank heist Full Text
Abstract
A major cyberattack targeted Sinqia S.A. in an attempted $130 million heist via Brazil’s Pix real-time payment system. The attackers attempted to execute unauthorized B2B transactions involving two financial institutions that are customers of Sinqia.Bleeping Computer
September 3, 2025 – Government
ICE Reinstates Contract with Paragon Full Text
Abstract
On August 30, 2025, the U.S. Immigration and Customs Enforcement (ICE) lifted a stop work order on a $2 million contract with Paragon Solutions, an Israeli spyware vendor now owned by a U.S. private investment firm.Infosecurity Magazine
September 2, 2025 – Outage
Jaguar Land Rover ‘severely disrupted’ by cybersecurity incident Full Text
Abstract
Jaguar Land Rover (JLR), a major British automotive manufacturer, has experienced a significant cybersecurity incident that has severely disrupted its global operations. The incident has impacted both production and retail systems.The Record
September 2, 2025 – Malware
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets Full Text
Abstract
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.The Hacker News
September 1, 2025 – APT
Amazon blocks APT29 campaign targeting Microsoft device code authentication Full Text
Abstract
Amazon has disrupted a sophisticated watering hole campaign orchestrated by the Russia-linked APT29 (also known as Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes).Security Affairs
September 1, 2025 – Criminals
Scammer steals $1.5 million from Baltimore by spoofing city vendor Full Text
Abstract
An impersonation scam has resulted in the City of Baltimore losing over $1.5 million through fraudulent vendor payments. The attacker exploited weaknesses in the city’s verification procedures to alter banking information in the Workday system.The Record