TECHZONE™

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure https://thehackernews.com/2025/09/fortra-goanywhere-cvss-10-flaw.html Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed. "This is not 'just' a CVSS 10.0 flaw in a solution long favored by APT groups and ransomware operators – it is a

New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module https://thehackernews.com/2025/09/new-macos-xcsset-variant-targets.html Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks. "This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms," the Microsoft Threat Intelligence team said in a Thursday report. "It employs sophisticated encryption and obfuscation

Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware https://thehackernews.com/2025/09/cisco-asa-firewall-zero-day-exploits.html The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. "The RayInitiator and LINE VIPER malware represent a significant evolution on that used in the previous campaign, both in

Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive https://thehackernews.com/2025/09/urgent-cisco-asa-zero-day-duo-under.html Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild. The zero-day vulnerabilities in question are listed below - CVE-2025-20333 (CVSS score: 9.9) - An improper validation of user-supplied input

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network https://thehackernews.com/2025/09/vane-viper-generates-1-trillion-dns.html The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility. "Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade," Infoblox said in a technical report

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection https://thehackernews.com/2025/09/salesforce-patches-critical-forcedleak.html Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection. The vulnerability has been codenamed ForcedLeak (CVSS score: 9.4) by Noma Security,

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers https://thehackernews.com/2025/09/north-korean-hackers-use-new-akdoortea.html The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all operating systems, Windows,

CTEM's Core: Prioritization and Validation https://thehackernews.com/2025/09/ctems-core-prioritization-and-validation.html Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail. Every day. Why?  It’s not because security teams can't see enough. Quite the contrary. Every security tool spits out thousands of findings. Patch this. Block that. Investigate this. It's a tsunami of red dots that not even the most crackerjack team on

Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html /* ===== Container ===== */ .td-wrap {} /* ===== Section ===== */ .td-section { } .td-title { margin: 16px 0 4px; font-size: 32px; line-height: 1.2; font-weight: 800; } .td-subtitle { margin: 0 0 24px; color: #64748b; font-size: 16px; } /* ===== Timeline ===== */ .td-timeline { position: relative; margin: 0 !important;padding: 0!important; list-style: none; } /* spine */ .td-timeline:before {

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds https://thehackernews.com/2025/09/tech-overtakes-gaming-as-top-ddos.html The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target industries. Technology now overtakes gaming as the most

Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed https://thehackernews.com/2025/09/malicious-rust-crates-steal-solana-and.html Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code. The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain

Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software https://thehackernews.com/2025/09/cisco-warns-of-actively-exploited-snmp.html Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances. The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it "after local Administrator credentials were

iframe Security Exposed: The Blind Spot Fueling Payment Skimmer Attacks https://thehackernews.com/2025/09/iframe-security-exposed-blind-spot.html Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them. Download the complete iframe security guide here.  TL;DR: iframe Security Exposed Payment iframes are being actively exploited by attackers using

Hackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM Credentials https://thehackernews.com/2025/09/hackers-exploit-pandoc-cve-2025-51591.html Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS). The vulnerability in question is CVE-2025-51591 (CVSS score: 6.5), which refers to a case of Server-Side Request Forgery (SSRF) that allows attackers to

State-Sponsored Hackers Exploiting Libraesva Email Security Gateway Vulnerability https://thehackernews.com/2025/09/state-sponsored-hackers-exploiting.html Libraesva has released a security update to address a vulnerability in its Email Security Gateway (ESG) solution that it said has been exploited by state-sponsored threat actors. The vulnerability, tracked as CVE-2025-59689, carries a CVSS score of 6.1, indicating medium severity. "Libraesva ESG is affected by a command injection flaw that can be triggered by a malicious email containing a

Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security https://thehackernews.com/2025/09/two-new-supermicro-bmc-bugs-allow.html Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow attackers to bypass crucial verification steps and update the system with a specially crafted image. The medium-severity vulnerabilities, both of which stem from improper verification of a cryptographic signature, are

Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries https://thehackernews.com/2025/09/eurojust-arrests-5-in-100m.html Law enforcement authorities in Europe have arrested five suspects in connection with an "elaborate" online investment fraud scheme that stole more than €100 million ($118 million) from over 100 victims in France, Germany, Italy, and Spain. According to Eurojust, the coordinated action saw searches in five places across Spain and Portugal, as well as in Italy, Romania and Bulgaria. Bank accounts

U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN https://thehackernews.com/2025/09/us-secret-service-seizes-300-sim.html The U.S. Secret Service on Tuesday said it took down a network of electronic devices located across the New York tri-state area that were used to threaten U.S. government officials and posed an imminent threat to national security. "This protective intelligence investigation led to the discovery of more than 300 co-located SIM servers and 100,000 SIM cards across multiple sites," the Secret

SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw https://thehackernews.com/2025/09/solarwinds-releases-hotfix-for-critical.html SolarWinds has released hot fixes to address a critical security flaw impacting its Web Help Desk software that, if successfully exploited, could allow attackers to execute arbitrary commands on susceptible systems. The vulnerability, tracked as CVE-2025-26399 (CVSS score: 9.8), has been described as an instance of deserialization of untrusted data that could result in code execution. It affects

Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation https://thehackernews.com/2025/09/lean-teams-higher-stakes-why-cisos-must.html Big companies are getting smaller, and their CEOs want everyone to know it. Wells Fargo has cut its workforce by 23% over five years, Bank of America has shed 88,000 employees since 2010, and Verizon's CEO recently boasted that headcount is "going down all the time." What was once a sign of corporate distress has become a badge of honor, with executives celebrating lean operations and AI-driven