September 2025 – Page 11

CTEM’s Core: Prioritization and Validation

Despite a coordinated investment of time, effort, planning, and resources, even the most up-to-date cybersecurity systems continue to fail. Every day. Why?
It’s not because security teams can’t see enough. Quite the contrary. Every security tool spits out thousands of findings. Patch this. Block that. Investigate this. It’s a tsunami of red dots that not even the most crackerjack team on

Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More

/* ===== Container ===== */
.td-wrap {}

/* ===== Section ===== */
.td-section {
}
.td-title { margin: 16px 0 4px; font-size: 32px; line-height: 1.2; font-weight: 800; }
.td-subtitle { margin: 0 0 24px; color: #64748b; font-size: 16px; }

/* ===== Timeline ===== */
.td-timeline { position: relative; margin: 0 !important;padding: 0!important; list-style: none; }
/* spine */
.td-timeline:before {

Chinese Spies Lurked in Networks for 393 Days, Hunted for Zero-Day Intel

Google’s Threat Intelligence Group and Mandiant have shared findings on a recent BrickStorm campaign linked to UNC5221.

The post Chinese Spies Lurked in Networks for 393 Days, Hunted for Zero-Day Intel appeared first on SecurityWeek.

CSA Unveils SaaS Security Controls Framework to Ease Complexity

New framework from the Cloud Security Alliance helps SaaS customers navigate the shared responsibility model with confidence.

The post CSA Unveils SaaS Security Controls Framework to Ease Complexity appeared first on SecurityWeek.

Tech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report Finds

The latest Gcore Radar report analyzing attack data from Q1–Q2 2025, reveals a 41% year-on-year increase in total attack volume. The largest attack peaked at 2.2 Tbps, surpassing the 2 Tbps record in late 2024. Attacks are growing not only in scale but in sophistication, with longer durations, multi-layered strategies, and a shift in target industries. Technology now overtakes gaming as the most

Volvo Group Employee Data Stolen in Ransomware Attack

The Miljödata data breach has impacted numerous organizations, education institutions, and Swedish municipalities.

The post Volvo Group Employee Data Stolen in Ransomware Attack appeared first on SecurityWeek.

Cisco Patches Zero-Day Flaw Affecting Routers and Switches

The security defect allows remote attackers with administrative privileges to execute arbitrary code as the root user.

The post Cisco Patches Zero-Day Flaw Affecting Routers and Switches appeared first on SecurityWeek.

Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed

Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fast_log to steal Solana and Ethereum wallet keys from source code.
The crates, named faster_log and async_println, were published by the threat actor under the alias rustguruman and dumbnbased on May 25, 2025, amassing 8,424 downloads in total, according to software supply chain

Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software

Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances.
The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it “after local Administrator credentials were

New Supermicro BMC flaws can create persistent backdoors

Two vulnerabilities affecting the firmware of Supermicro hardware, including Baseboard Management Controller (BMC) allow attackers to update systems with maliciously crafted images. […]

Month: September 2025