Russia’s APT28 Targets Microsoft Outlook With ‘NotDoor’ Malware darkreadingRob Wright
September 3, 2025

The notorious Russian state-sponsored hacking unit, also known as Fancy Bear, is abusing Microsoft Outlook for covert data exfiltration. The notorious Russian state-sponsored hacking unit, also known as Fancy Bear, is …


Cloudflare Holds Back the Tide on 11.5Tbps DDoS Attack darkreadingKristina Beek
September 3, 2025

It's the equivalent of watching more than 9,350 full-length HD movies or streaming 7,480 hours of high-def video nonstop in less than a minute. It's the equivalent of watching more than …


Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers The Hacker [email protected] (The Hacker News)
September 3, 2025

Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, …


Hacked Routers Linger on the Internet for Years, Data Shows darkreadingFahmida Y. Rashid
September 3, 2025

While trawling Internet scan data for signs of compromised infrastructure, researchers found that asset owners may not know for years their devices had been hacked. While trawling Internet scan data for …


Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086, (Wed, Sep 3rd) SANS Internet Storm Center, InfoCON: green
September 3, 2025

When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very …


WhatsApp Bug Anchors Targeted Zero-Click iPhone Attacks darkreadingElizabeth Montalbano, Contributing Writer
September 3, 2025

A "sophisticated" attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware. A "sophisticated" attack that also exploits an Apple zero-day flaw …


Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure The Hacker [email protected] (The Hacker News)
September 3, 2025

Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws. HexStrike AI, according to its website, is …


CISA Adds Two Known Exploited Vulnerabilities to Catalog AlertsCISA
September 3, 2025

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2023-50224 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability CVE-2025-9377 TP-Link Archer C7(EU) and TL-WR841N/ND(MS) …


CISA, NSA, and Global Partners Release a Shared Vision for Software Bill of Materials (SBOM) Guidance AlertsCISA
September 3, 2025

CISA, in collaboration with NSA and 19 international partners, released joint guidance outlining A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity. This marks a significant step forward …


Varonis Acquires Email Security Provider SlashNext to Enhance BEC Defenses darkreadingJeffrey Schwartz
September 3, 2025

Varonis plans to integrate SlashNext's advanced phishing, BEC, and social engineering attack protection capabilities into its data security platform. Varonis plans to integrate SlashNext's advanced phishing, BEC, and social engineering attack …