Latest Cybersecurity News and Articles
09 September 2025
SAP on Tuesday released security updates to address multiple security flaws, including three critical vulnerabilities in SAP Netweaver that could result in code execution and the upload arbitrary files.
The vulnerabilities are listed below -
CVE-2025-42944 (CVSS score: 10.0) - A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious
09 September 2025
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.
09 September 2025
Microsoft has released patches for dozens of flaws in Windows and other products, including ones with ‘exploitation more likely’ rating.
The post Microsoft Patches 86 Vulnerabilities appeared first on SecurityWeek.
09 September 2025
Adobe has patched nearly two dozen vulnerabilities across nine of its products with its September 2025 Patch Tuesday updates.
The post Adobe Patches Critical ColdFusion and Commerce Vulnerabilities appeared first on SecurityWeek.
09 September 2025
Threat actors are abusing HTTP client tools like Axios in conjunction with Microsoft's Direct Send feature to form a "highly efficient attack pipeline" in recent phishing campaigns, according to new findings from ReliaQuest.
"Axios user agent activity surged 241% from June to August 2025, dwarfing the 85% growth of all other flagged user agents combined," the cybersecurity company said in a
09 September 2025
Hackers mount the host’s file system into fresh containers, fetch malicious scripts over the Tor network, and block access to the Docker API.
The post Exposed Docker APIs Likely Exploited to Build Botnet appeared first on SecurityWeek.
09 September 2025
Research has identified a new Outlook backdoor linked to a Russian-linked persistent threat group.
09 September 2025
The critical-severity NetWeaver flaws could be exploited for remote code execution and privilege escalation.
The post SAP Patches Critical NetWeaver Vulnerabilities appeared first on SecurityWeek.
09 September 2025
Based on real-world insurance claims, Resilience’s midyear report shows vendor risk is declining but costly, ransomware is evolving with triple extortion, and social engineering attacks are accelerating through AI.
The post Ransomware Losses Climb as AI Pushes Phishing to New Heights appeared first on SecurityWeek.
09 September 2025
Attaullah Baig has filed a lawsuit against Meta and its executives, accusing them of retaliation over critical cybersecurity failures.
The post Ex-WhatsApp Security Chief Sues Meta Over Vulnerabilities, Retaliation appeared first on SecurityWeek.
09 September 2025
In May 2024, hackers stole names, Social Security numbers, financial information, and protected health information from the hospital’s systems.
The post 160,000 Impacted by Wayne Memorial Hospital Data Breach appeared first on SecurityWeek.
09 September 2025
A new Android malware called RatOn evolved from a basic tool capable of conducting Near Field Communication (NFC) attacks to a sophisticated remote access trojan with Automated Transfer System (ATS) capabilities to conduct device fraud.
"RatOn merges traditional overlay attacks with automatic money transfers and NFC relay functionality – making it a uniquely powerful threat," the Dutch mobile
09 September 2025
The attacker deployed multiple malware families, including two backdoors and a proxy tunneller, and various reconnaissance tools.
The post Threat Actor Connected to Play, RansomHub and DragonForce Ransomware Operations appeared first on SecurityWeek.
09 September 2025
Cybersecurity researchers have disclosed details of a phishing campaign that delivers a stealthy banking malware-turned-remote access trojan called MostereRAT.
The phishing attack incorporates a number of advanced evasion techniques to gain complete control over compromised systems, siphon sensitive data, and extend its functionality by serving secondary plugins, Fortinet FortiGuard Labs said.
"
09 September 2025
The industrial cybersecurity firm will become a wholly owned subsidiary of Mitsubishi Electric.
The post Mitsubishi Electric to Acquire Nozomi Networks for Nearly $1 Billion appeared first on SecurityWeek.
09 September 2025
Cybersecurity researchers have discovered a variant of a recently disclosed campaign that abuses the TOR network for cryptojacking attacks targeting exposed Docker APIs.
Akamai, which discovered the latest activity last month, said it's designed to block other actors from accessing the Docker API from the internet.
The findings build on a prior report from Trend Micro in late June 2025, which
09 September 2025
⚠️ One click is all it takes.
An engineer spins up an “experimental” AI Agent to test a workflow. A business unit connects to automate reporting. A cloud platform quietly enables a new agent behind the scenes.
Individually, they look harmless. But together, they form an invisible swarm of Shadow AI Agents—operating outside security’s line of sight, tied to identities you don’t even know exist.
09 September 2025
Hackers accessed emails, usernames, password hashes, and authentication data stored in a Plex database.
The post Plex Urges Password Resets Following Data Breach appeared first on SecurityWeek.
09 September 2025
It’s budget season. Once again, security is being questioned, scrutinized, or deprioritized.
If you're a CISO or security leader, you've likely found yourself explaining why your program matters, why a given tool or headcount is essential, and how the next breach is one blind spot away. But these arguments often fall short unless they're framed in a way the board can understand and appreciate.
09 September 2025
SentinelOne is buying Observo AI for a combination of cash and stock to boost its SIEM and data offerings.
The post SentinelOne to Acquire Observo AI in $225 Million Deal appeared first on SecurityWeek.