Latest Cybersecurity News and Articles
10 September 2025
Tel Aviv–based startup replaces vaults and secrets managers with just-in-time policies, aiming to eliminate credentials entirely.
The post Hush Security Emerges Stealth to Eliminate Credential Threats With No-Secrets Platform appeared first on SecurityWeek.
10 September 2025
Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air.
MIE, per the tech giant, offers "always-on memory safety protection" across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and
10 September 2025
The House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the People's Republic of China (PRC) amid contentious U.S.–China trade talks.
"These campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business
10 September 2025
High-severity vulnerabilities could lead to remote code execution, privilege escalation, information disclosure, and configuration tampering.
The post Fortinet, Ivanti, Nvidia Release Security Updates appeared first on SecurityWeek.
10 September 2025
Introduction
Managed service providers (MSPs) and managed security service providers (MSSPs) are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without managing cybersecurity themselves. Service providers must balance these growing demands with the
10 September 2025
Volodymyr Tymoshchuk allegedly hit hundreds of organizations with the LockerGoga, MegaCortex, and Nefilim ransomware families.
The post US Offers $10 Million Reward for Ukrainian Ransomware Operator appeared first on SecurityWeek.
10 September 2025
Designed to intercept cryptocurrency transactions, the malicious code reached 10% of cloud environments.
The post Highly Popular NPM Packages Poisoned in New Supply Chain Attack appeared first on SecurityWeek.
10 September 2025
Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses.
Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at
10 September 2025
Advisories have also been published by Siemens, Schneider Electric, Phoenix Contact and CISA.
The post ICS Patch Tuesday: Rockwell Automation Leads With 8 Security Advisories appeared first on SecurityWeek.
10 September 2025
A Georgia hospital experienced a data breach on May 30, 2024, but notified affected consumers on August 27, 2025.
09 September 2025
Adobe has warned of a critical security flaw in its Commerce and Magento Open Source platforms that, if successfully exploited, could allow attackers to take control of customer accounts.
The vulnerability, tracked as CVE-2025-54236 (aka SessionReaper), carries a CVSS score of 9.1 out of a maximum of 10.0. It has been described as an improper input validation flaw. Adobe said it's not aware of
09 September 2025
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files.
The vulnerabilities are listed below -
CVE-2025-42944 (CVSS score: 10.0) - A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious
09 September 2025
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.
09 September 2025
Microsoft has released patches for dozens of flaws in Windows and other products, including ones with ‘exploitation more likely’ rating.
The post Microsoft Patches 86 Vulnerabilities appeared first on SecurityWeek.
09 September 2025
Adobe has patched nearly two dozen vulnerabilities across nine of its products with its September 2025 Patch Tuesday updates.
The post Adobe Patches Critical ColdFusion and Commerce Vulnerabilities appeared first on SecurityWeek.
09 September 2025
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns, according to new findings from ReliaQuest.
"Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined," the cybersecurity company said in a
09 September 2025
Hackers mount the host’s file system into fresh containers, fetch malicious scripts over the Tor network, and block access to the Docker API.
The post Exposed Docker APIs Likely Exploited to Build Botnet appeared first on SecurityWeek.
09 September 2025
Research has identified a new Outlook backdoor linked to a Russian-linked persistent threat group.
09 September 2025
The critical-severity NetWeaver flaws could be exploited for remote code execution and privilege escalation.
The post SAP Patches Critical NetWeaver Vulnerabilities appeared first on SecurityWeek.
09 September 2025
Based on real-world insurance claims, Resilience’s midyear report shows vendor risk is declining but costly, ransomware is evolving with triple extortion, and social engineering attacks are accelerating through AI.
The post Ransomware Losses Climb as AI Pushes Phishing to New Heights appeared first on SecurityWeek.