Daily Security Digest – 2025-09-30
🛡️ Security Feed Digest – 2025-09-30
Total Articles: 27 SMB Tagged: 27
High-Risk
- [SMB] Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024
https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.html
Tue, 30 Sep 2025 16:27:00 +0530
A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), a local privileg... - [SMB] Is your SIEM still serving You? Why it might be time to rethink your security stack
https://news.sophos.com/en-us/2025/09/30/rethink-siem-xdr-mdr
Tue, 30 Sep 2025 08:19:50 +0000
Security teams are under increasing pressure to detect and respond to threats in real time, especially as the median dwell time for ransomware attacks has dropped from weeks to a few days. Yet many organizations still rely on legacy Security Information and Event Management (SIEM) and Security Orche... - [SMB] Phishing Expands Beyond Email: Why New Tactics Demand New Defences
https://cysecurity.news/2025/09/phishing-expands-beyond-email-why-new.html
2025-09-30T11:18:00.000-04:00
Phishing has long been associated with deceptive emails, but attackers are now widening their reach. Malicious links are increasingly being delivered through social media, instant messaging platforms, text messages, and even search engine ads. This shift is reshaping the way organisations must think... - [SMB] Cyble Flags 22 Vulnerabilities Under Active Exploitation, Including Ransomware Attacks
https://cysecurity.news/2025/09/cyble-flags-22-vulnerabilities-under.html
2025-09-30T11:17:00.000-04:00
Cyble’s threat intelligence division also identified 10 vulnerabilities exploited by ransomware groups, tracked via open-source intelligence. Cybersecurity researchers at Cyble have revealed 22 vulnerabilities currently being exploited by threat actors, with nine of them missing from the U.S. C... - [SMB] Hackers Claim Data on 150000 AIL Users Stolen
https://cysecurity.news/2025/09/hackers-claim-data-on-150000-ail-users.html
2025-09-30T08:49:00.007-04:00
It has been reported that American Income Life, one of the world's largest supplemental insurance providers, is now under close scrutiny following reports of a massive cyberattack that may have compromised the personal and insurance records of hundreds of thousands of the company's customers. It has... - [SMB] Fezbox npm Package Uses QR Codes to Deliver Cookie-Stealing Malware
https://cysecurity.news/2025/09/fezbox-npm-package-uses-qr-codes-to.html
2025-09-30T08:49:00.001-04:00
A malicious npm package called fezbox was recently uncovered using an unusual trick: it pulls a dense QR code image from the attacker’s server and decodes that barcode to deliver a second-stage payload that steals browser cookies and credentials. Published to the npm registry and posing as a harmles... - [SMB] Misconfigurations Still Fuel Most Cloud Breaches in 2025
https://cysecurity.news/2025/09/misconfigurations-still-fuel-most-cloud.html
2025-09-30T08:48:00.006-04:00
Cloud misconfigurations persist as the foremost driver of cloud breaches in 2025, revealing deep-seated challenges in both technological and operational practices across organizations. While cloud services promise remarkable agility and scale, the complexity of modern infrastructure and oversig... - [SMB] Passkeys under threat: How a clever clickjack attack can bypass your secure login
https://cysecurity.news/2025/09/passkeys-under-threat-how-clever.html
2025-09-29T14:12:00.002-04:00
The attacker’s script controls the page’s Document Object Model (DOM) and applies CSS tricks. At DEF CON 33, independent security researcher Marek Tóth revealed a new class of attack called DOM-based extension clickjacking that can manipulate browser-based password managers and, in limited scenario... - [SMB] Microsoft Patch Tuesday, September 2025 Edition
https://krebsonsecurity.com/2025/09/microsoft-patch-tuesday-september-2025-edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known “zero-day” or actively exploited vulnerabilities in this month’s bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Micro... - [SMB] Storm-0501’s evolving techniques lead to cloud-based ransomware
https://microsoft.com/en-us/security/blog/2025/08/27/storm-0501s-evolving-techniques-lead-to-cloud-based-ransomware
2025-08-27T09:00:00-07:00
Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their pr...
Policy
- [SMB] Improving Risk Management Decisions with SBOM Data: A New Whitepaper from the OpenSSF SBOM Everywhere SIG
https://openssf.org/blog/2025/09/18/improving-risk-management-decisions-with-sbom-data-a-new-whitepaper-from-the-openssf-sbom-everywhere-sig
Thu, 18 Sep 2025 19:13:05 +0000
Why this whitepaper matters, and how to put it to work By Anita D’Amico, David A. Wheeler, Kate Stewart and Josh Bressers SBOMs are becoming part of everyday software practice, but many teams still ask the same question: how do we turn SBOM data into decisions we can trust? Our new whitepaper, “Im... - [SMB] Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
https://nist.gov/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
2025-09-30T12:00:00Z
Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers’ cyber...
Awareness
- [SMB] AI vs. AI: Detecting an AI-obfuscated phishing campaign
https://microsoft.com/en-us/security/blog/2025/09/24/ai-vs-ai-detecting-an-ai-obfuscated-phishing-campaign
2025-09-25T17:29:53-07:00
Microsoft Threat Intelligence recently detected and blocked a credential phishing campaign that likely used AI-generated code to obfuscate its payload and evade traditional defenses. Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, lever...
Emerging
- [SMB] Researchers Disclose Google Gemini AI Flaws Allowing Prompt Injection and Cloud Exploits
https://thehackernews.com/2025/09/researchers-disclose-google-gemini-ai.html
Tue, 30 Sep 2025 18:48:00 +0530
Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. "They made Gemini vulnerable to search-injection atta... - [SMB] Can Shadow AI Risks Be Stopped?
https://darkreading.com/cyber-risk/can-shadow-ai-risks-be-stopped
Tue, 30 Sep 2025 13:58:14 GMT
Agentic AI has introduced abundant shadow artificial intelligence (AI) risks. Cybersecurity startup Entro Security extends its platform to help enterprises combat the growing issue.... - [SMB] 'Trifecta' of Google Gemini Flaws Turn AI Into Attack Vehicle
https://darkreading.com/vulnerabilities-threats/trifecta-google-gemini-flaws-ai-attack-vehicle
Tue, 30 Sep 2025 10:20:14 GMT
Flaws in individual models of Google's AI suite created significant security and privacy risks for users, demonstrating the need for heightened defenses.... - [SMB] The AI Fix #70: AI behaves… until it knows you’re watching
https://grahamcluley.com/the-ai-fix-70
Tue, 30 Sep 2025 14:00:17 +0000
News and views from the world of artificial intelligence. In episode 70 of The AI Fix, our hosts learn that AI makes people more dishonest, Waymo’s robo-cars save lives but get outsmarted by a bathroom mirror, a “rescue” bot slurps up victims head-first, and China shows off a fusion robot arm that ... - [SMB] New OpenSSF Guidance on AI Code Assistant Instructions
https://openssf.org/blog/2025/09/16/new-openssf-guidance-on-ai-code-assistant-instructions
Tue, 16 Sep 2025 19:25:51 +0000
By Avishay Balter & David A. Wheeler AI code assistants are powerful tools. They can speed up development, suggest solutions, and help explore alternatives. But they also create security risks, because the results you get depend heavily on what you ask. These systems’ models are trained on vast amo...
Controls
- [SMB] Sophos named a Leader in the IDC MarketScape™: Worldwide Extended Detection and Response (XDR) Software 2025
https://news.sophos.com/en-us/2025/09/29/sophos-named-a-leader-in-the-idc-marketscape-worldwide-extended-detection-and-response-xdr-software-2025
Mon, 29 Sep 2025 19:47:51 +0000
We’re proud to announce that Sophos has been named a Leader in the IDC MarketScape™: Worldwide Extended Detection and Response (XDR) Software 2025. We believe this recognition reflects our commitment to delivering intelligent, integrated, and scalable security solutions that help organizations stay...
Other
- [SMB] Chinese hackers exploiting VMware zero-day since October 2024
https://bleepingcomputer.com/news/security/chinese-hackers-exploiting-vmware-zero-day-since-october-2024
Tue, 30 Sep 2025 10:54:44 -0400
Broadcom has patched a high-severity privilege escalation vulnerability in its VMware Aria Operations and VMware Tools software, which has been exploited in zero-day attacks since October 2024. While the American technology giant didn't tag this security bug (CVE-2025-41244) as exploited in the wil... - [SMB] VMware Certification Is Surging in a Shifting IT Landscape
https://bleepingcomputer.com/news/security/vmware-certification-is-surging-in-a-shifting-it-landscape
Tue, 30 Sep 2025 10:01:11 -0400
Across the IT industry, certification is on the rise. What was once a “resume boost” has become a requirement for navigating the complexity of hybrid infrastructure, multi-cloud operations, and modern security mandates. As both practitioners and enterprises look for ways to keep pace with change, c... - [SMB] Apple Patches Single Vulnerability CVE-2025-43400, (Mon, Sep 29th)
https://isc.sans.edu/diary/rss/32330
Mon, 29 Sep 2025 20:28:54 GMT
It is typical for Apple to release a ".0.1" update soon after releasing a major new operating system. These updates typically fix various functional issues, but this time, they also fix a security vulnerability. The security vulnerability not only affects the "26" releases of iOS and macOS, but also... - [SMB] AI-Powered Voice Cloning Raises Vishing Risks
https://darkreading.com/cyberattacks-data-breaches/ai-voice-cloning-vishing-risks
Tue, 30 Sep 2025 07:00:00 GMT
A researcher-developed framework could enable attackers to conduct real-time conversations using simulated audio to compromise organizations and extract sensitive information.... - [SMB] IoT Security Flounders Amid Churning Risk
https://darkreading.com/iot/iot-security-flounders-amid-churning-risk
Mon, 29 Sep 2025 21:45:13 GMT
The Internet of Things (IoT) has made everything more interconnected, but an important US government security initiative is stuck in limbo while threat actors step up attacks on everything from medical gear to printers.... - [SMB] Details of a Scam
https://schneier.com/blog/archives/2025/09/details-of-a-scam.html
2025-09-30T11:06:03Z
Longtime Crypto-Gram readers know that I collect personal experiences of people being scammed. Here’s an almost: Then he added, “Here at Chase, we’ll never ask for your personal information or passwords.” On the contrary, he gave me more information—two “cancellation codes” and a long case number w... - [SMB] Report: Addressing cybersecurity burnout in 2025
https://news.sophos.com/en-us/2025/09/30/report-addressing-cybersecurity-burnout-in-2025
Tue, 30 Sep 2025 10:00:00 +0000
What’s more: the problem is getting worse, with 69% of respondents reporting that cybersecurity fatigue and burnout increased from 2023 to 2024. The consequences of burnout Unsurprisingly, burnout has significant negative impacts on the individuals that experience it, with almost half (46%) report... - [SMB] Cookies and how to bake them: what they are for, associated risks, and what session hijacking has to do with it
https://securelist.com/cookies-and-session-hijacking/117390
When you visit almost any website, you’ll see a pop-up asking you to accept, decline, or customize the cookies it collects. Sometimes, it just tells you that cookies are in use by default. We randomly checked 647 websites, and 563 of them displayed cookie notifications. Most of the time, users don’t...