September 2025 – Page 33

Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks

Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks.
The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution.
“Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to

Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms

Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR).
The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part

In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research

Noteworthy stories that might have slipped under the radar: Huntress research raises concerns, Google paid out $1.6 million for cloud vulnerabilities, California web browser bill.

The post In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research appeared first on SecurityWeek.

The first three things you’ll want during a cyberattack

When cyberattacks hit, every second counts. Survival depends on three essentials: clarity to see what’s happening, control to contain it, and a lifeline to recover fast. Learn from Acronis TRU how MSPs and IT teams can prepare now for the difference between recovery and catastrophe. […]

DELMIA Factory Software Vulnerability Exploited in Attacks

A deserialization of untrusted data in the MOM software allows attackers to achieve remote code execution.

The post DELMIA Factory Software Vulnerability Exploited in Attacks appeared first on SecurityWeek.

Apple Sends Fresh Wave of Spyware Notifications to French Users

Apple this year sent at least four rounds of notifications to French users potentially targeted by commercial spyware.

The post Apple Sends Fresh Wave of Spyware Notifications to French Users appeared first on SecurityWeek.

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit

Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year.
Slovakian cybersecurity company ESET said the samples were uploaded

Man gets over 4 years in prison for selling unreleased movies

A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies. […]

F5 to Acquire CalypsoAI for $180 Million

F5 is buying CalypsoAI for its adaptive AI inference security solutions, which will be integrated into its Application Delivery and Security Platform.

The post F5 to Acquire CalypsoAI for $180 Million appeared first on SecurityWeek.

Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2025-5086, carries a CVSS score of 9.0 out of 10.0. According to

Month: September 2025