News
Entertainment
Science & Technology
Sport
Business & Money
Life
Culture & Art
Hobbies
8 | Follower
Security Affairs
15.09.2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape
Panama’s Ministry of Economy and Finance disclosed a security breach impacting a computer in its infrastructure.
A new round of the weekly Security Affairs newsletter is out! Every week, the best security articles from Security Affairs in your email box
UK ICO reports students caused over half of school data breaches, showing kids are shaping cybersecurity in unexpected ways.
Vietnam’s CIC was hit by a ShinyHunters cyberattack, with VNCERT confirming signs of unauthorized access to steal personal data.
14.09.2025
The U.S. FBI issued a flash alert to warn of malicious activities carried out by two cybercriminal groups tracked as UNC6040 and UNC6395.
HybridPetya ransomware bypasses UEFI Secure Boot to infect EFI partitions, echoing the infamous Petya/NotPetya attacks of 2016–2017.
13.09.2025
Cisco addressed multiple high-severity IOS XR vulnerabilities that can allow ISO image verification bypass and trigger DoS conditions.
LNER warns of a data breach via a third-party supplier, exposing customer contact details and other personal information.
Samsung fixed the remote code execution flaw CVE-2025-21043 that was exploited in zero-day attacks against Android devices.
12.09.2025
Kosovo man Liridon Masurica pleaded guilty to running the cybercrime marketplace BlackDB. He was arrested in 2024.
U.S. CISA adds Dassault Systèmes DELMIA Apriso vulnerability to its Known Exploited Vulnerabilities catalog.
Apple warned users of a spyware campaign; France’s cyber agency confirmed targeted iCloud-linked devices may be compromised.
Google addressed a critical use-after-free vulnerability in its Chrome browser that could potentially lead to code execution.
Researchers warn that Akira ransomware group is exploiting a year-old SonicWall firewall flaw, likely using 3 attack vectors
Hackers exploit ConnectWise ScreenConnect to drop AsyncRAT via scripted loaders, stealing data and persisting with a fake Skype updater.
11.09.2025
Pixel 10 adds C2PA to camera and Photos, helping users verify authenticity and spot AI-generated or altered images.
Adobe fixed a critical flaw in its Commerce and Magento Open Source platforms that allows an attacker to take over customer accounts.
Jaguar Land Rover confirms a cyberattack caused factory disruptions and led to a data breach, compromising sensitive information.
10.09.2025
KillSec Ransomware claimed responsibility for an attack on MedicSolution, a software solutions provider for the healthcare industry in Brazil
Microsoft Patch Tuesday security updates for September 2025 fixed 80 vulnerabilities, including two publicly disclosed zero-day flaws.
SAP issues 21 new and 4 updated security notes, fixing critical NetWeaver flaws enabling RCE and privilege escalation.
Multiple popular npm packages were compromised in a supply chain attack after a maintainer fell for a phishing attack.
09.09.2025
Venezuela’s President Maduro shows Huawei Mate X6 gift from China's President Xi Jinping, hailing it as “unhackable” by U.S. spies.
LunaLock, a new ransomware gang, introduced a unique cyber extortion technique, threatening to turn stolen art into AI training data.
Hackers breached Salesloft ’s GitHub in March, stole tokens, and used them in a mass attack on several major tech customers.
Wealthsimple reported a data breach affecting some customers due to a supply chain attack via a third-party software package.
08.09.2025
Czech's NUKIB warns of Chinese cyber threats to critical infrastructure, citing the cyberespionage group APT31 and risky devices.
07.09.2025
Qantas cut executive bonuses by 15% after a July cyberattack exposed data of 5.7M people, despite reporting $1.5B profit last fiscal year.
MeetC2 is a PoC C2 tool using Google Calendar to mimic cloud abuse, helping teams test detection, logging, and response.
06.09.2025
VirusTotal uncovered an undetected malware campaign using SVG files that impersonated the Colombian justice system.
U.S. CISA adds Sitecore, Android, and Linux vulnerabilities to its Known Exploited Vulnerabilities catalog.
Experts warn of an actively exploited vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), in SAP S/4HANA software.
05.09.2025
Hikvision HikCentral flaw allows unauthenticated users to gain admin rights, risking full control over configs, logs, and critical monitoring.
France’s data watchdog fined Google $379M (€325 million) and Shein $175 million (€150 million) for breaching cookie rules.
US offers $10M for Russian FSB officers accused of attacking US critical infrastructure and over 500 energy firms worldwide
04.09.2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog.
Threat actors abuse HexStrike AI, a new offensive security tool meant for red teaming and bug bounties, to exploit fresh vulnerabilities.