Welcome to your weekly cybersecurity briefing. In a digital panorama the place the one fixed is change, this previous week has been a stark reminder that vigilance isn’t just a finest follow, however a necessity for survival.
From company giants making strategic strikes to guard the cloud to stylish risk actors breaching the defenses of iconic manufacturers, the cyber battleground stays as lively as ever, demanding our full consideration.
This week, Palo Alto Networks made headlines by releasing an emergency patch for a vital zero-day vulnerability found in its PAN-OS software program, affecting its GlobalProtect gateways. The vulnerability allowed for unauthenticated distant code execution, sending ripples of urgency all through the trade as IT groups scrambled to use the repair.
Our deep dive explores the technical specifics of this exploit, the fast response from Palo Alto’s Unit 42, and the speedy steps safety groups should take to mitigate this important risk earlier than it may be extensively exploited within the wild.
On the proactive entrance, Zscaler countered the rising risk of AI-driven phishing assaults by unveiling a brand new suite of options for its Zero Belief Change. Their newest analysis report, additionally launched this week, highlights a considerable enhance in refined, context-aware phishing emails over the past quarter.
We’ll break down how Zscaler’s new AI-powered capabilities purpose to detect and block these evasive threats in real-time, providing a brand new layer of protection within the battle in opposition to social engineering and credential theft.
In a major blow to the automotive sector, Jaguar Land Rover (JLR) confirmed it suffered a significant information breach. The incident resulted within the exfiltration of delicate worker information and inner engineering paperwork.
Whereas JLR has acknowledged that buyer monetary info was not compromised, the breach raises critical questions on provide chain safety and the safety of mental property inside the manufacturing trade. We’ll analyze the assault vector, the potential fallout for JLR, and the teachings different organizations within the sector should study from this high-profile incident.
Past these main tales, we’re additionally monitoring a surge in DDoS assaults concentrating on monetary establishments and new warnings from CISA about state-sponsored actors concentrating on vital infrastructure. On this version, we offer in-depth evaluation of every of those occasions, providing knowledgeable commentary and actionable insights that can assist you fortify your group’s defenses.
Threats
Hackers Exploit E-mail Advertising and marketing Companies for Phishing
Cybercriminals are more and more utilizing reliable e-mail advertising platforms to bypass safety filters and ship malicious content material. By leveraging the trusted domains of those providers, attackers can disguise phishing makes an attempt and enhance the probability of their emails reaching inboxes. These campaigns typically use the platform’s personal click-tracking and URL redirection options to ship customers to dangerous web sites after they click on on a seemingly protected hyperlink. One notable incident concerned a knowledge breach at Mailchimp, the place hackers gained entry to buyer accounts and information. Learn Extra
macOS Safety Options Turned In opposition to Customers
A complicated assault development entails exploiting macOS’s built-in security measures to unfold malware. Attackers are discovering methods to abuse instruments like Keychain for credential theft, bypass System Integrity Safety (SIP) for persistent infections, and trick customers into granting permissions by means of Transparency, Consent, and Management (TCC). Different options being manipulated embrace Gatekeeper, which verifies downloaded apps, and File Quarantine, which flags recordsdata from the web. Learn Extra
Business Adware Distributors Are a Main Supply of Exploits
A report from Google’s Risk Evaluation Group (TAG) highlights the numerous function of economic spyware and adware distributors within the creation and distribution of refined surveillance instruments. These firms are answerable for numerous 0-day exploits that focus on merchandise from firms like Google and Apple. The report notes that the personal sector is now a significant participant in growing a few of the most superior cyber capabilities, promoting them as “turnkey espionage options” to authorities prospects. Learn Extra
New “TinyLoader” Malware Targets Home windows Methods
A stealthy malware loader referred to as TinyLoader is actively concentrating on Home windows customers. It spreads by means of shared community drives and misleading shortcut recordsdata, appearing as an preliminary entry level for extra harmful malware akin to RedLine Stealer and DCRat. TinyLoader can transfer laterally throughout networks and in addition infect programs by way of detachable media like USB drives. As soon as it positive aspects administrator rights, it might probably hijack file associations to make sure it runs each time a consumer opens a typical file kind, like a .txt file. Learn Extra
“NotDoor” Backdoor Deployed By means of Outlook
The Russian state-sponsored group APT28 (often known as Fancy Bear) is utilizing a brand new backdoor referred to as “NotDoor” to focus on organizations by means of Microsoft Outlook. The malware is disguised inside reliable Outlook macros and might exfiltrate information, add recordsdata, and execute instructions on an contaminated system. It achieves persistence by modifying Outlook’s registry settings to disable safety warnings and allow macros to run on startup. Learn Extra
“GhostRedirector” Manipulates Search Outcomes by way of IIS
A hacking group dubbed “GhostRedirector” has been compromising Home windows servers to govern search engine outcomes for monetary profit. The attackers deploy a malicious module for Microsoft’s Web Info Companies (IIS) internet server. This permits them to intercept and redirect internet visitors or inject undesirable content material into search outcomes. The malicious module could be tough to detect because it integrates deeply with the server’s reliable capabilities. Learn Extra
Pretend Microsoft Groups Websites Used to Distribute Malware
Risk actors are weaponizing faux Microsoft Groups web sites and even initiating Groups calls to trick customers into putting in malware. In some instances, attackers impersonate IT help workers throughout calls to persuade victims to execute malicious PowerShell instructions, resulting in the deployment of ransomware. One other marketing campaign makes use of a faux Groups web site to distribute the “Odyssey” information-stealing malware for macOS. Learn Extra
“GPUGate” Malware Leverages Google Advertisements and GPUs
A complicated malware marketing campaign named “GPUGate” is abusing Google Advertisements and GitHub to ship malware. The assault begins with malicious adverts in Google search outcomes for phrases like “GitHub Desktop”. A novel facet of this assault is its use of the pc’s Graphics Processing Unit (GPU) to carry out sure operations, which helps it evade detection by safety software program that primarily focuses on the CPU. Learn Extra
Cyber Assaults
File-Breaking 11.5 Tbps DDoS Assault Hits the Net
A large UDP flood Distributed Denial-of-Service (DDoS) assault has been recorded, reaching an unprecedented 11.5 terabits per second (Tbps). This assault highlights the escalating scale of DDoS threats going through organizations. Learn Extra
Hackers Weaponize Hexstrike-AI to Exploit Zero-Day Flaws
Risk actors at the moment are leveraging a brand new AI-powered offensive safety framework named Hexstrike-AI. The device is getting used to mechanically scan for and exploit beforehand unknown “zero-day” vulnerabilities, considerably rushing up the assault course of. Learn Extra
“Dire Wolf” Ransomware Emerges with Double Extortion Ways
A brand new and complex ransomware pressure, dubbed “Dire Wolf,” has impacted 16 corporations throughout the globe since Could 2025. This ransomware employs double extortion strategies, superior encryption, and anti-recovery techniques to strain victims into paying. Learn Extra
Colombian Risk Actors Use SWF and SVG Information to Evade Detection
A malware marketing campaign originating from Colombia is utilizing a multiphase assault that leverages Adobe Flash (SWF) and Scalable Vector Graphics (SVG) file codecs. This system permits the attackers to bypass conventional safety detection measures. Learn Extra
AI Platforms Exploited in Microsoft 365 Phishing Campaigns
Cybercriminals are more and more profiting from the belief that organizations place in synthetic intelligence platforms. These platforms are being utilized in refined phishing campaigns to steal Microsoft 365 credentials. Learn Extra
NightshadeC2 Botnet Employs “UAC Immediate Bombing”
A brand new botnet, recognized as NightshadeC2, has been noticed utilizing a novel approach referred to as “UAC Immediate Bombing.” This technique permits it to bypass Home windows Defender safety measures and was first seen in early August 2025. Learn Extra
Important SAP S/4HANA Vulnerability Beneath Energetic Exploitation
A vital safety flaw in SAP S/4HANA is being actively exploited by attackers. The vulnerability permits people with low-level consumer entry to escalate their privileges and achieve full management over the affected SAP programs. Learn Extra
Vulnerabilities
MediaTek Patches Dozens of Chipset Flaws
MediaTek launched its September 2025 safety bulletin, addressing a number of excessive and medium-severity vulnerabilities throughout greater than 60 chipsets. The issues, present in modem and firmware parts, might result in denial-of-service assaults or distant privilege escalation if exploited. The vulnerabilities embrace out-of-bounds writes, out-of-bounds reads, and use-after-free bugs. MediaTek confirmed that machine producers obtained the patches in July and there’s no proof of those vulnerabilities being exploited within the wild. Learn extra
Important Subsequent.js Flaw Permits Authorization Bypass
A vital vulnerability, CVE-2025-29927, has been found within the fashionable Subsequent.js internet growth framework. The flaw permits attackers to bypass authorization mechanisms and achieve entry to restricted areas, akin to admin panels. By manipulating the x-middleware-subrequest header, an attacker can trick an software into skipping safety checks. Vercel, the corporate behind Subsequent.js, has launched patches to deal with the problem, which is estimated to have an effect on over 300,000 providers. Learn extra
Azure Energetic Listing Flaw Exposes Delicate Credentials
A major vulnerability in Azure Energetic Listing (Azure AD) configurations permits for the publicity of software credentials, akin to ClientId ClientSecret. Attackers who get hold of these credentials can impersonate trusted purposes, entry delicate information throughout Microsoft 365 providers like SharePoint and OneDrive, and even deploy malicious apps to ascertain persistent backdoors. The problem stems from credentials being inadvertently uncovered in configuration recordsdata. Learn extra
MobSF Safety Device Susceptible to Malicious File Uploads
A vital flaw (CVE-2023-37576) was found within the Cell Safety Framework (MobSF), a extensively used open-source device for cell app safety testing. The vulnerability, present in model 4.4.0, was as a consequence of improper path validation, which allowed authenticated attackers to add and execute malicious recordsdata on the system operating MobSF. This path traversal vulnerability might flip the safety device right into a vector for system compromise. The problem has since been patched. Learn extra
PoC Exploit Launched for IIS Distant Code Execution Flaw
A proof-of-concept (PoC) exploit has been launched for a vital distant code execution (RCE) vulnerability (CVE-2025-53772) in Microsoft’s Web Info Companies (IIS) Net Deploy device. The vulnerability is attributable to the unsafe deserialization of HTTP header content material, permitting an authenticated attacker to execute arbitrary code. This follows different campaigns concentrating on older IIS vulnerabilities, akin to a buffer overflow flaw (CVE-2017-7269) in IIS 6.0 that was used to put in cryptocurrency miners. Learn extra
CISA Warns of Actively Exploited WhatsApp Zero-Day
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has issued a warning a few zero-day vulnerability in WhatsApp (CVE-2025-55177) that’s being actively exploited. The flaw, categorized as an incorrect authorization situation, permits attackers to govern the machine synchronization course of to ship malicious content material from a managed URL. This might result in information theft or machine compromise, probably by means of zero-click assaults. The vulnerability was added to CISA’s Identified Exploited Vulnerabilities (KEV) catalog, requiring federal companies to use patches. Learn extra
Google Releases Chrome 140 With Key Safety Fixes
Google has rolled out Chrome 140, which incorporates patches for six safety vulnerabilities. The fixes handle medium-severity flaws in parts just like the Toolbar (CVE-2025-9865), Extensions (CVE-2025-9866), and Downloads (CVE-2025-9867). These vulnerabilities might have led to sudden browser habits or safety dangers like privilege escalation. The replace was launched for Home windows, macOS, and Linux. Learn extra
New “Namespace Reuse” Vulnerability Hits Main AI Platforms
A novel AI supply-chain assault technique referred to as “Mannequin Namespace Reuse” has been found, affecting platforms like Microsoft Azure AI, Google Vertex AI, and Hugging Face. The vulnerability permits attackers to add a malicious AI mannequin utilizing the identical title as a reliable however deleted or deserted one. When a undertaking makes an attempt to drag the mannequin by title, it inadvertently downloads the malicious model, resulting in distant code execution (RCE) within the sufferer’s surroundings. Learn extra
Sitecore Zero-Day Vulnerability
Info concerning the “Sitecore zero-day vulnerability” from the offered hyperlink couldn’t be retrieved presently. Learn extra
Knowledge Breach
Palo Alto Networks, Zscaler, Cloudflare, and PagerDuty Hit by Provide Chain Assault
A complicated provide chain assault concentrating on the Salesloft Drift software has impacted a number of main know-how firms, together with Palo Alto Networks, Zscaler, Cloudflare, and PagerDuty. The attackers exploited compromised OAuth tokens to realize unauthorized entry to the businesses’ Salesforce buyer relationship administration (CRM) environments and exfiltrate information.
Palo Alto Networks confirmed that the incident was remoted to its CRM platform, and no firm services or products have been affected. The breach uncovered enterprise contact info and inner gross sales information. Learn Extra
Zscaler additionally confirmed a knowledge breach affecting buyer information saved in Salesforce, together with names, e-mail addresses, and cellphone numbers. Zscaler has acknowledged that its personal merchandise and infrastructure weren’t compromised. Learn Extra
Cloudflare disclosed that the attackers accessed buyer help case information between August 12 and August 17, 2025. The corporate warned that any delicate info shared by prospects in help tickets needs to be thought-about compromised. Learn Extra
PagerDuty reported that the breach uncovered buyer contact info saved in its Salesforce occasion. The corporate has discovered no proof that its personal platform or inner programs have been accessed. Learn Extra
Jaguar Land Rover Halts Manufacturing After Cyberattack
Luxurious automobile producer Jaguar Land Rover (JLR) was compelled to halt manufacturing at its Halewood plant after a major cybersecurity incident that impacted its international IT programs. The assault, which came about in early September 2025, brought on extreme disruptions to the corporate’s manufacturing operations. A bunch of hackers referred to as “Scattered Lapsus$ Hunters” has claimed duty for the assault. Learn Extra
Bridgestone Manufacturing Disrupted by Cyberattack
Tire big Bridgestone confirmed {that a} cyberattack in early September 2025 affected a few of its manufacturing services in North America, resulting in operational disruptions. The corporate acknowledged that it responded rapidly to comprise the incident and believes no buyer information was compromised. The complete extent of the impression on the provision chain remains to be being investigated. Learn Extra
Wealthsimple Discloses Buyer Knowledge Breach
Canadian monetary providers agency Wealthsimple introduced that it suffered a knowledge breach in late August 2025, leading to unauthorized entry to the non-public info of a small share of its purchasers. The corporate has assured prospects that their funds and account passwords stay safe. The breach was attributable to a compromised third-party software program package deal. Learn Extra
Different Information
Salesforce Bolsters Safety with New Forensic Investigation Information
Salesforce has launched a complete forensic investigation information to assist organizations detect, analyze, and reply to safety incidents inside their environments. The information focuses on three core pillars for an intensive investigation: analyzing exercise logs to trace consumer actions, understanding consumer permissions to find out the potential impression of a breach, and using backup information to establish information tampering. This initiative goals to offer a structured framework for firms to handle cyber incidents extra successfully, particularly after a collection of refined cyber campaigns. The information highlights instruments like Login Historical past, Setup Audit Path, and Occasion Monitoring to realize visibility into consumer actions. Learn Extra
Wireshark Releases Model 4.4.9 with Important Bug Fixes
The Wireshark workforce has launched model 4.4.9, a upkeep launch targeted on bettering stability and reliability. This replace for the favored community protocol analyzer addresses a number of vital bugs, together with a safety vulnerability within the SSH dissector that might trigger the applying to crash. The brand new model additionally consists of up to date help for numerous protocols and ensures a extra steady expertise for customers, resulting in extra environment friendly community evaluation. Learn Extra
Nmap Celebrates 28 Years of Community Safety Innovation
Nmap, the famend community scanner, lately marked its twenty eighth anniversary. Launched on September 1, 1997, as a easy port scanner, Nmap has developed into a necessary and complete community safety suite utilized by professionals worldwide. Through the years, it has integrated superior options like working system and repair model detection, the Nmap Scripting Engine (NSE) for automated duties, and complex host discovery strategies. Its steady evolution has solidified its place as a vital device for community discovery and safety auditing. Learn Extra
Microsoft to Discontinue Editor Browser Extensions
Microsoft has introduced the retirement of its Editor browser extensions for each Edge and Chrome, efficient October 31, 2025. The corporate plans to combine the AI-powered writing help options, akin to grammar and spelling checks, immediately into the native proofing instruments of the Microsoft Edge browser. This transfer is meant to streamline the consumer expertise and remove the necessity for a separate extension. Learn Extra
Mis-Issued TLS Certificates for 1.1.1.1 DNS Service Pose Safety Danger
A possible safety risk has emerged after it was found that three TLS certificates for the 1.1.1.1 DNS service, operated by Cloudflare and APNIC, have been mis-issued. The certificates have been issued in Could 2025 by a subordinate certificates authority however weren’t found till 4 months later. DNS over TLS (DoT) is a protocol that encrypts DNS queries to forestall eavesdropping and tampering, and the mis-issuance of certificates might undermine this safety measure. Learn Extra
Google Companies Expertise Widespread Outages
A number of Google providers, together with Gmail and YouTube, skilled important outages throughout elements of Europe and a few U.S. cities on Thursday morning. Monitoring websites reported a surge in complaints from international locations like Greece, Bulgaria, Serbia, and Romania. The disruptions affected each private {and professional} actions for a lot of customers. The reason for the outage has not but been publicly disclosed by Google. Learn Extra
Discover this Story Attention-grabbing! Comply with us on Google Information, LinkedIn, and X to Get Extra Instantaneous Updates.
