September 2025

Static feeds leave intelligence teams reacting to irrelevant or late data
Boards and executives are not asking for another feed of indicators. They want to know whether their organization is being targeted, how exposed they are, and what steps need …

Week in review: Salesloft Drift breach investigation results, malicious GitHub Desktop installers
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Salesloft Drift data breach: Investigation reveals how attackers got in The …

HybridPetya: (Proof-of-concept?) ransomware can bypass UEFI Secure Boot
ESET researchers have discovered HybridPetya, a bootkit-and-ransomware combo that’s a copycat of the infamous Petya/NotPetya malware, augmented with the capability of …

CISA looks to partners to shore up the future of the CVE Program
The US Cybersecurity and Infrastructure Security Agency (CISA) has affirmed its continuing support for the Common Vulnerabilities and Exposures (CVE) program. “If we …

HCL AppScan 360º 2.0 protects software supply chains
HCLSoftware launched HCL AppScan 360º version 2.0, a next-generation application security platform designed to help organizations regain control over their software supply …

Sublime Security enhances threat protection with AI agent
Sublime Security released the Autonomous Detection Engineer (ADÉ), an end-to-end AI agent that turns attack telemetry into transparent and auditable protection that security …

Your heartbeat could reveal your identity, even in anonymized datasets
A new study has found that electrocardiogram (ECG) signals, often shared publicly for medical research, can be linked back to individuals. Researchers were able to re-identify …

CISOs brace for a new kind of AI chaos
AI is being added to business processes faster than it is being secured, creating a wide gap that attackers are already exploiting, according to the SANS Institute. The scale …

Attackers are coming for drug formulas and patient data
In the pharmaceutical industry, clinical trial data, patient records, and proprietary drug formulas are prime targets for cybercriminals. These high-value assets make the …

Ransomware, vendor outages, and AI attacks are hitting harder in 2025
Ransomware, third-party disruptions, and the rise of AI-powered attacks are reshaping the cyber risk landscape in 2025. A new midyear analysis from Resilience shows how these …

New infosec products of the week: September 12, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Cynomi, DataLocker, Gigamon, Lookout, and Relyance AI. Cynomi simplifies vendor risk …

Akira ransomware affiliates continue breaching organizations via SonicWall firewalls
Over a year after SonicWall patched CVE-2024-40766, a critical flaw in its next-gen firewalls, ransomware attackers are still gaining a foothold in organizations by exploiting …