September 2025
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)
Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” …
CyberFlex: Flexible Pen testing as a Service with EASM
About CyberFlex CyberFlex is an Outpost24 solution that combines the strengths of its Pen-testing-as-a-Service (PTaaS) and External Attack Surface Management (EASM) solutions. …
LinkedIn expands company verification, mandates workplace checks for certain roles
LinkedIn is rolling out new verification rules to make it easier to confirm that people and companies are who they claim to be. The company will now require workplace …
macOS vulnerability allowed Keychain and iOS app decryption without a password
Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability (CVE-2025-24204) that allowed attackers to read the memory of any process, even with System Integrity …
Sitecore zero-day vulnerability exploited by attackers (CVE-2025-53690)
A threat actor is leveraging a zero-day vulnerability (CVE-2025-53690) and an exposed sample ASP.NET machine key to breach internet-facing, on-premises deployments of several …
New threat group uses custom tools to hijack search results
ESET Research has identified a new threat group called GhostRedirector. In June 2025, this group broke into at least 65 Windows servers, mostly in Brazil, Thailand, Vietnam, …
Cato Networks acquires Aim Security to bring AI protection into SASE Cloud
Cato Networks acquired Aim Security to further enhance the Cato SASE Cloud Platform, supporting secure enterprise adoption of AI agents and both public and private AI …
Cutting through CVE noise with real-world threat signals
CISOs are dealing with an overload of vulnerability data. Each year brings tens of thousands of new CVEs, yet only a small fraction ever become weaponized. Teams often fall …
Attackers are turning Salesforce trust into their biggest weapon
Salesforce has become a major target for attackers in 2025, according to new WithSecure research into threats affecting customer relationship management (CRM) platforms. The …
DDoS attacks serve as instruments of political influence and disruption
In the first half of 2025, there were 8,062,971 DDoS attacks worldwide, with EMEA taking the brunt at 3.2 million attacks, according to Netscout. Peak attacks reached speeds …
Everfox HSV-T protects data transfer between classified and unclassified networks
Everfox launched High Speed Verifier-Turnkey (HSV-T). This hardware-enforced secure data transfer solution enhances digital collaboration and interoperability between allied …
Veeam Software Appliance boosts data protection
Veeam Software announced its fully pre-built, pre-harden ed software appliance: the new Veeam Software Appliance. Built to give IT teams instant protection without complexity, …
Featured news
Resources
Don't miss
- Deepfakes are rewriting the rules of geopolitics
- Garak: Open-source LLM vulnerability scanner
- Fixing silent failures in security controls with adversarial exposure validation
- Plex tells users to change passwords due to data breach, pushes server owners to upgrade
- Fake npm 2FA reset email led to compromise of popular code packages