IT Security Weekend Catch Up – September 28, 2025

Comments
close searching

28.09.2025 | 20:46

IT Security Weekend Catch Up – September 28, 2025
avatar

badcyber

comments

IT Security Weekend Catch Up – September 28, 2025

Afraid of missing important security news during the week? We're here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. Children's names, pictures and addresses stolen in nursery chain hack
  2. Automaker giant Stellantis confirms data breach after Salesforce hack
  3. Feds tie ‘Scattered Spider’ duo to $115M in ransoms
  4. Threat actors spoofing the FBI IC3 website for possible malicious activity
  5. Man arrested in connection with cyber-attack on airports

For the more technical

  1. Kali Linux 2025.3 release (Vagrant & Nexmon)
  2. Old but gold, dumping LSASS with Windows Error Reporting on modern Windows 11
  3. Identify and mitigate potential compromise of Cisco devices
  4. CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass
  5. TOP 25 Model Context Protocol (MCP) vulnerabilities
  6. First malicious MCP in the wild: The Postmark backdoor that's stealing your emails
  7. AI vs. AI: Detecting an AI-obfuscated phishing campaign
  8. ShadowLeak: A zero-click, service-side attack exfiltrating sensitive data using ChatGPT’s Deep Research agent
  9. Malicious fezbox npm package steals browser passwords from cookies via innovative QR code steganographic technique
  10. FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography
  11. Large-scale attack targeting Macs via GitHub pages impersonating companies to attempt to deliver stealer malware
  12. ShadowV2: An emerging DDoS for hire botnet
  13. APT28 operation Phantom Net Voxel
  14. Countering Chinese state-sponsored actors cCompromise of networks worldwide to feed global espionage system (PDF)
  15. Another Brickstorm: Stealthy backdoor enabling espionage into tech and legal sectors
  16. Bookworm to Stately Taurus using the Unit 42 attribution framework
  17. The PLA goes back to school: Mapping new developments in China’s military cyber education system
  18. Inside Salt Typhoon: China’s state-corporate advanced persistent threat

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.


Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy! For the less technical Children’s names, pictures and addresses stolen in nursery chain hack Automaker giant Stellantis 2025-09-28T20:46:04+02:00

Comments