Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Patch Tuesday
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday

On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is that none of them are actively …

Plex Media Server
Plex tells users to change passwords due to data breach, pushes server owners to upgrade

Media streaming company Plex has suffered a data breach and is urging users to reset their account password and enable two-factor authentication. “An unauthorized third …

SAP
Attackers are exploiting critical SAP S/4HANA vulnerability (CVE-2025-42957)

A critical vulnerability (CVE-2025-42957) in SAP S/4HANA enterprise resource planning software is being exploited by attackers “to a limited extent”, the Dutch …

Android
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352)

Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.” …

Apple
macOS vulnerability allowed Keychain and iOS app decryption without a password

Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability (CVE-2025-24204) that allowed attackers to read the memory of any process, even with System Integrity …

Plex Media Server
300k+ Plex Media Server instances still vulnerable to attack via CVE-2025-34158

Over 300,000 internet-facing Plex Media Server instances are still vulnerable to attack via CVE-2025-34158, a critical vulnerability for which Plex has issued a fix earlier …

git
Git vulnerability leading to RCE is being exploited by attackers (CVE-2025-48384)

CVE-2025-48384, a recently patched vulnerability in the popular distributed revision control system Git, is being exploited by attackers. Details about the attacks are not …

russian flag
Russian threat actors using old Cisco bug to target critical infrastructure orgs

A threat group linked to the Russian Federal Security Service’s (FSB) Center 16 unit has been compromising unpatched and end-of-life Cisco networking devices via an old …

SAP
Exploit for critical SAP Netweaver flaws released (CVE-2025-31324, CVE-2025-42999)

A working exploit concatenating two critical SAP Netweaver vulnerabilities (CVE-2025-31324, CVE-2025-42999) that have been previously exploited in the wild has been made …

N-able N-central
Vulnerabilities in MSP-friendly RMM solution exploited in the wild (CVE-2025-8875, CVE-2025-8876)

Two vulnerabilities (CVE-2025-8875, CVE-2025-8876) in N-central, a remote monitoring and management (RMM) solution by N-able that’s popular with managed service …

ransomware
Croatian research institute confirms ransomware attack via ToolShell vulnerabilities

The Ruđer Bošković Institute (RBI), the largest Croatian science and technology research institute, has confirmed that it was the one of “at least 9,000 institutions …

world
Win-DDoS: Attackers can turn public domain controllers into DDoS agents

SafeBreach researchers have released details on several vulnerabilities that could be exploited by attackers to crash Windows Active Directory domain controllers (DCs), one …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools