Sep 05, 2025Ravie LakshmananVulnerability / Enterprise Security A critical security vulnerability impacting SAP S/4HANA, an Enterprise Resource Planning (ERP) software, has come under active exploitation in the wild. The command injection vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), was fixed… Read More "SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild"
Sep 05, 2025Ravie LakshmananMalware / Cryptocurrency Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed… Read More "VirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing Pages"
Sep 04, 2025Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting TP-Link wireless routers to its Known Exploited Vulnerabilities (KEV) catalog, noting that there is evidence of them being… Read More "CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited"
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to… Read More "GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module"
Sep 04, 2025Ravie LakshmananCybersecurity / Malware The Russian state-sponsored hacking group tracked as APT28 has been attributed to a new Microsoft Outlook backdoor called NotDoor in attacks targeting multiple companies from different sectors in NATO member countries. NotDoor “is a… Read More "Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries"
Sep 04, 2025Ravie LakshmananGDPR / Data Privacy The French data protection authority has fined Google and Chinese e-commerce giant Shein $379 million (€325 million) and $175 million (€150 million), respectively, for violating cookie rules. Both companies set advertising cookies on… Read More "Google Fined $379 Million by French Regulator for Cookie Consent Violations"
Sep 04, 2025The Hacker NewsEndpoint Security / Application Security Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this… Read More "Simple Steps for Attack Surface Reduction"
Sep 04, 2025Ravie LakshmananArtificial Intelligence / Malware Cybersecurity researchers have flagged a new technique that cybercriminals have adopted to bypass social media platform X’s malvertising protections and propagate malicious links using its artificial intelligence (AI) assistant Grok. The findings were… Read More "Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions"
Sep 03, 2025Ravie LakshmananMalware / Social Engineering Cybersecurity researchers have discovered two new malicious packages on the npm registry that make use of smart contracts for the Ethereum blockchain to carry out malicious actions on compromised systems, signaling the trend… Read More "Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers"
Sep 03, 2025Ravie LakshmananMobile Security / Vulnerability Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited… Read More "Google Patches 120 Flaws, Including Two Zero-Days Under Attack"
