Google Chrome Patches Critical Security Flaws in September 2025 Update
In early September 2025, Google released an important security update for its Chrome browser—version 140.0.7339.127—to patch two…
CISA Warns of Attacks on DELMIA Manufacturing Software Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a manufacturing operations management software vulnerability to its…
Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages
Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow…
New HybridPetya Weaponizing UEFI Vulnerability to Bypass Secure Boot on Outdated Systems
In late July 2025, a series of ransomware samples surfaced on VirusTotal under filenames referencing the notorious Petya and NotPetya attacks.…
HybridPetya: More proof that Secure Boot bypasses are not just an urban legend
A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI)…
CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access
Ddos September 12, 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory about a critical flaw in…
CISA Urges Immediate Patching: Critical Dassault Systèmes Flaw (CVE-2025-5086) Actively Exploited
Ddos September 12, 2025 The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical flaw in Dassault Systèmes DELMIA…
Fileless Malware Deploys Advanced RAT via Legitimate Tools
A sophisticated fileless malware campaign exploiting legitimate system tools has been uncovered by cybersecurity researchers. The attack…
12 Ways to Protect Your Business from Hackers During Remote Work
Michelle MooreUniversity of San Diego’sSeptember 11, 2025 Remote work is here to stay, with nearly a quarter of the U.S. workforce (22%)…
Wyden Urges FTC Investigation Over Ascension Ransomware Hack
US Senator Ron Wyden of Oregon has called on the Federal Trade Commission to investigate Microsoft for cybersecurity lapses linked to…
Palo Alto Networks User-ID Credential Agent Vulnerability Exposes password In Cleartext
A newly disclosed vulnerability in Palo Alto Networks’ User-ID Credential Agent for Windows, identified as CVE-2025-4235, could…
Chinese APT Actor Compromises Military Firm with Novel Fileless Malware Toolset
A Chinese APT group has compromised a Philippines-based military firm using a novel, sophisticated fileless malware framework dubbed…
Vulnerability Management – common understanding and language enable teamwork
Part of a series This Blog post is part of the series Vulnerability Management Series: 3D (Definition, Deep-Dive, and Difficulties) Part 1…
Microsoft Copilot to Be Powered by Two AIs: OpenAI and Now Anthropic
Ddos September 11, 2025 The Information has reported that Microsoft is preparing to announce, within the coming weeks, the integration of…
High-Severity Flaws in Sunshine for Windows Allow Privilege Escalation
The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of two critical local security flaws affecting Sunshine for…
Cursor Autorun Flaw Lets Repositories Execute Code Without Consent
A newly disclosed flaw in the Cursor extension allows repositories to automatically execute code when a folder is opened, even without a…
September 2025 Patch Tuesday: Two Publicly Disclosed Zero-Days and Eight Critical Vulnerabilities Among 84 CVEs
Microsoft has addressed 84 vulnerabilities in its September 2025 security update release. This month’s patches address two publicly…
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday
On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is…
Apple’s “Most Significant Upgrade” to iPhone Security Is Here
Ddos September 10, 2025 Apple Security Engineering and Architecture (SEAR) has unveiled Memory Integrity Enforcement (MIE), an always-on,…
Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges
Microsoft has issued an updated warning for a critical security vulnerability in Active Directory Domain Services, tracked as CVE-2025-21293.…
Two Zero-Days Among Patch Tuesday CVEs This Month
Microsoft issued updates to fix 81 vulnerabilities in this month’s Patch Tuesday yesterday, including two classed as zero-days which…
Critical Microsoft Office Vulnerabilities Let Attackers Execute Malicious Code
Microsoft has released patches for two significant vulnerabilities in Microsoft Office that could allow attackers to execute malicious code on…
Windows BitLocker Vulnerability Let Attackers Elevate Privileges
Microsoft has addressed two significant elevation of privilege vulnerabilities affecting its Windows BitLocker encryption feature. The flaws,…
This Patch Tuesday, SAP is the worst offender and Microsoft users can kinda chill
September’s Patch Tuesday won’t require Microsoft users to rapidly repair rancid software, but SAP users need to move fast to…
NVIDIA’s Newest Acquisition: The AI Programming Startup That’s Set to Reshape Development
Ddos September 10, 2025 NVIDIA has recently acquired Solver, an AI programming startup founded in 2022, as part of its strategy to strengthen…
Apple Watch Series 11: A New Era of Health and Connectivity
Ddos September 10, 2025 Apple has officially unveiled the Apple Watch Series 11, now equipped with a more scratch-resistant display glass, 5G…
Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no…
Microsoft Patch Tuesday September 2025 Fixes Risky Kernel Flaws
Three high-risk Windows kernel flaws were among the fixes included in Microsoft’s September 2025 Patch Tuesday updates released today.…
Innovator Spotlight: Xcape
Continuous Vulnerability Management: The New Cybersecurity Imperative Security leaders are drowning in data but starving for actionable…
The September 2025 Security Update Review
There’s a crispness in the air – at least here in North America – and with it comes the latest security patches from Adobe…
Microsoft September 2025 Patch Tuesday – 81 Vulnerabilities Fixed Including 22 RCE
Microsoft has released its September 2025 Patch Tuesday updates, addressing a total of 81 security vulnerabilities across its product suite.…
Zoom Security Update – Patch for Multiple Vulnerabilities in Clients for Windows and macOS
Zoom released a security update addressing multiple vulnerabilities in its software, including Zoom Workplace and various clients for Windows…
Axios User Agent Helps Automate Phishing on “Unprecedented Scale”
Security experts have warned of a huge uptick in automated phishing activity abusing the Axios user agent and Microsoft’s Direct Send…
Chinese Cyber Espionage Campaign Impersonates US Congressman
US lawmakers have accused the Chinese government of being behind a cyber espionage campaign that impersonated a prominent Congressman. The…
MostereRAT Targets Windows Users With Stealth Tactics
A phishing campaign delivering a new strain of malware, MostereRAT, has been uncovered by cybersecurity researchers. The Remote Access Trojan…
Remote Access Abuse Biggest Pre-Ransomware Indicator
Abuses of remote access software and services are the most common ‘pre-ransomware’ indicators, according to new research from…
Another Ryzen 9000 CPU Burnout: What’s Really Going On?
Ddos September 1, 2025 Earlier this year, reports emerged of Asrock motherboards paired with processors such as the 9800X3D suffering…
WhatsApp warns of 'attack against specific targeted users'
Infosec In brief A flaw in Meta’s WhatsApp app “may have been exploited in a sophisticated attack against specific targeted…
CVE-2024-58259: DoS Flaw in Rancher Manager Allows Unauthenticated Attackers to Crash Servers
Ddos September 1, 2025 The SUSE Rancher Security Team has issued a security advisory addressing a high-severity vulnerability in Rancher…
Weekly Cybersecurity News Recap : WhatsApp, Chrome 0-Day, AI Ransomware and Cyber Attacks
Welcome to your Weekly Cybersecurity News Recap. This week, the digital world faced a fresh wave of threats, underscoring the relentless…
Week in review: 300k+ Plex Media Server instances still vulnerable to attack, exploited Git RCE flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 300k+ Plex Media Server…
BadSuccessor (CVE-2025-53779) Technique Persists Despite Microsoft Patch
Ddos August 30, 2025 At DEF CON 2025, Akamai security researcher Yuval Gordon revealed the story of BadSuccessor (CVE-2025-53779), an Active…