September 2025 – Page 3 – Learn and Explore

September 26, 2025
Uncategorized

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

Cybersecurity company watchTowr Labs has disclosed that it has “credible evidence” of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer (MFT) software as early as September 10, 2025, a whole week before it was publicly disclosed. “This is not ‘just’ a CVSS 10.0...

September 26, 2025
Uncategorized

Cisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER Malware

The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER. “The RayInitiator and LINE VIPER malware represent a significant evolution on...

September 25, 2025
Uncategorized

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network

The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility. “Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation...

September 25, 2025
Uncategorized

Urgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation Directive

Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild. The zero-day vulnerabilities in question are listed below –...

September 25, 2025
Uncategorized

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection

Cybersecurity researchers have disclosed a critical flaw impacting Salesforce Agentforce, a platform for building artificial intelligence (AI) agents, that could allow attackers to potentially exfiltrate sensitive data from its customer relationship management (CRM) tool by means of an indirect prompt injection. The vulnerability has been codenamed ForcedLeak (CVSS score:...

September 25, 2025
Uncategorized

North Korean Hackers Use New AkdoorTea Backdoor to Target Global Crypto Developers

The North Korea-linked threat actors associated with the Contagious Interview campaign have been attributed to a previously undocumented backdoor called AkdoorTea, along with tools like TsunamiKit and Tropidoor. Slovak cybersecurity firm ESET, which is tracking the activity under the name DeceptiveDevelopment, said the campaign targets software developers across all...

September 25, 2025
Uncategorized

Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More

/* ===== Container ===== */ .td-wrap {} /* ===== Section ===== */ .td-section { } .td-title { margin: 16px 0 4px; font-size: 32px; line-height: 1.2; font-weight: 800; } .td-subtitle { margin: 0 0 24px; color: #64748b; font-size: 16px; } /* ===== Timeline ===== */ .td-timeline { position: relative; margin:...

September 25, 2025
Uncategorized

CTEM’s Core: Prioritization and Validation

Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail. Every day. Why? It’s not because security teams can’t see enough. Quite the contrary. Every security tool spits out thousands of findings. Patch this. Block that. Investigate this. It’s a...

September 25, 2025
Uncategorized

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered...

September 25, 2025
Uncategorized

Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed

Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code. The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads...