9/30/2025 September 30, 2025September 30, 2025 ~ The Cyber Beat ~ Leave a comment Phantom Taurus: New China-Linked Hacker Group Hits Governments With Stealth MalwareNorth Korea IT Worker Scheme Expanding to More Industries, Countries Outside of U.S. Tech SectorTile’s Lack of Encryption Could Make Tracker Owners Vulnerable to StalkingMicrosoft’s New Security Store Is Like an App Store for CybersecurityGoogle Releases AI-Powered Ransomware Detection Features for Cloud Files…Google’s Latest AI Ransomware Defense Only Goes So Far‘Trifecta’ of Google Gemini Flaws Turn AI Into Attack VehicleWhy Burnout Is a Growing Problem in CybersecurityIsraeli High-Tech Funding and M&A Gain in 2025 Despite Ongoing Gaza WarTrump Visa Curbs Push U.S. Firms to Consider Shifting More Work to IndiaSendit Sued by the FTC for Illegal Collection of Children DataCPPA Fines Tractor Supply Company $1.4 Million for Privacy ViolationsUK Police Just Seized £5.5 Billion in Bitcoin — The World’s Largest Crypto Bust of ‘Bitcoin Queen’Afghanistan Plunged Into Nationwide Internet Blackout, Disrupting Air Travel, Medical CareHarbor Mental Health Services Organization (OH) Investigating Data BreachSmishing Campaigns Exploit Cellular Routers to Target BelgiumNew MatrixPDF Toolkit Turns PDFs into Phishing and Malware LuresNew Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel EventsNew Android RAT Klopatra Targets Financial DataCritical WD My Cloud Bug Allows Remote Command Injection$50 Battering RAM Attack Breaks Intel and AMD Cloud Security ProtectionsNearly 50,000 Cisco Firewalls Vulnerable to Actively Exploited FlawsCISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix SystemsCISA Orders Federal Gov to Patch Critical Fortra File Transfer BugBroadcom Fixes High-Severity VMware NSX Bugs Reported by NSA…Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024Tech Companies Should Be Shielded From Spyware Lawsuits, Report SaysCyber Information-Sharing Law and State Grants Set to Go Dark as Congress Stalls Over Funding
9/29/2025 September 29, 2025November 16, 2025 ~ The Cyber Beat ~ Leave a comment Ukrainian Cops Spoofed in Fileless Phishing Attacks on KyivTile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers SayHow to Use a Password Manager to Share Your Logins After You DieUK Gov’t Backs Jaguar Land Rover (JLR) With £1.5 Billion Loan Guarantee After CyberattackChinese Scammer Pleads Guilty After UK Seizes Nearly $7 Billion in BitcoinUkraine’s Digital Chief Pushes for AI-First State Amid War and Cyber ThreatsEuropean AI Company’s ‘Reputation Reports’ Are Inaccurate and Illegal, Watchdog ClaimsLaw Enforcement Is Using AI to Synthesize Evidence. Is the Justice System Ready for It?‘You’ll Never Need to Work Again’: Criminals Offer Reporter Money to Hack BBCCanada’s WestJet Says Some Passenger Data Exposed in Cybersecurity BreachAsahi Runs Dry as Online Attackers Take Down Japanese BrewerEvilAI Malware Masquerades as AI Tools to Infiltrate Global OrganizationsMicrosoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email SecurityNational Cyber Authorities Launch OT Security GuidanceDHS, CISA Kick Off Cybersecurity Awareness MonthCISA to Furlough 65% of Staff if Government Shuts Down This Week
9/26-28/2025 September 28, 2025September 28, 2025 ~ The Cyber Beat ~ Leave a comment New COLDRIVER Malware Campaign Joins BO Team and Bearlyfy in Russia-Focused CyberattacksDutch Teens Arrested for Trying to Spy on Europol for RussiaChina-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN NetworksNetanyahu Broadcasts United Nations Message Into Gaza Accusing World Leaders of Appeasing ‘Evil’Trump Signs ‘Saving TikTok’ Order to Start Resolving Its Big Ban ProblemSingapore Threatens Meta With Fines Over Facebook Impersonation ScamsKrebs: Feds Tie ‘Scattered Spider’ Duo to $115M in RansomsInterpol Cracks Down on Large-Scale African Scamming Networks‘No Harm, No Foul:’ Courts Take Tougher Line on Data-Breach SuitsSalesforce Facing Multiple Lawsuits After Salesloft BreachAs Fraud Surges, UK Prepares to Replace Its Massively Broken Reporting ServicesDatacenter Fire Takes 647 South Korean Government Services OfflineA New Front Opens Between Zuckerberg and Musk Over RobotsHarrods Says Customers’ Data Stolen in It BreachVolvo North America Confirms Staff Data Stolen Following Ransomware Attack on It SupplierUnion County (OH) Suffers Ransomware Attack Impacting 45,000 PeopleFake Microsoft Teams Installers Push Oyster Malware via MalvertisingNew macOS XCSSET Variant Targets Firefox with Clipper and Persistence ModuleNew LockBit Ransomware Variant Emerges as Most Dangerous YetAkira Ransomware Breaching MFA-Protected SonicWall VPN AccountsArcaneDoor Threat Actor Resurfaces in Continued Attacks Against Cisco FirewallsCisco ASA Firewall Zero-Day Exploits Deploy RayInitiator and LINE VIPER MalwareFortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public DisclosureMicrosoft Edge to Block Malicious Sideloaded ExtensionsMicrosoft’s New AI Feature Will Organize Your Photos AutomaticallyEU Probes SAP Over Anti-Competitive ERP Support Practice
9/25/2025 September 25, 2025September 29, 2025 ~ The Cyber Beat ~ Leave a comment Microsoft Disables Some Cloud Services Used by Israel’s Defense MinistryDOGE Might Be Storing Every American’s SSN on an Insecure Cloud ServerPhishing Campaign Evolves into PureRAT Deployment, Linked to Vietnamese Threat ActorsVane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud NetworkTech Overtakes Gaming as Top DDoS Attack Target, New Gcore Radar Report FindsTeen Suspected of Vegas Casino Cyberattacks Released to ParentsEmpty Shelves, Empty Coffers: Co-Op Pegs Cyber Hit at £80MGoogle, Period-Tracking App to Pay Combined $56 Million to Settle Privacy ClaimsCallous Crims Break Into Preschool Network, Publish Toddlers’ DataJaguar Land Rover Restarts Some IT Systems as Suppliers Call for Urgent SupportMalicious Postmark MCP Server AI Agent Server Reportedly Steals EmailsExperts Warn of Global Breach Risk from Indian Third Party SuppliersMalicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads ConfirmedForcedLeak: Critical Vulnerability in Salesforce AI-Powered AgentForce ExposedUrgent: Cisco ASA Zero-Day Duo Under Attack; CISA Triggers Emergency Mitigation DirectiveAmazon Pays $2.5 Billion to Settle Prime Memberships Lawsuit from FTC
9/24/2025 September 25, 2025September 25, 2025 ~ The Cyber Beat ~ Leave a comment Chinese Hackers RedNovember Target Global Governments Using Pantegana and Cobalt StrikeUNC5221 Uses BRICKSTORM Backdoor to Infiltrate U.S. Legal and Technology SectorsCollins Aerospace Working on Restoring Software for Airlines Hit by CyberattackUK Arrests Man in Airport Ransomware Attack That Caused Delays Across EuropeKrebs: Feds Tie ‘Scattered Spider’ Duo to $115M in RansomsPolice Seizes $439 Million Stolen by Cybercrime Rings WorldwidePhone Spyware Scandal in Greece Moves to Court as Critics Claim Cover-upOpenAI is Testing a New GPT-5-Based AI agent “GPT-Alpha”Kali Linux 2025.3 Released With 10 New Tools, WiFi EnhancementsSenators Introduce Bill Directing FTC to Establish Standards for Protecting Consumers’ Neural DataVegas Gambling Giant Boyd Gaming Corporation Hit by Cyber Incident, Employee Data ExposedRhysida Ransomware Gang Known for Government Attacks Claims Maryland Transit IncidentCISA Urges Orgs to Review Software After ‘Shai-Hulud’ Supply Chain CompromiseNew YiBackdoor Malware Shares Major Code Overlaps with IcedID and LatrodectusGitHub Notifications Abused to Impersonate Y Combinator for Crypto TheftNew String of Phishing Attacks Targets Python DevelopersHackers Exploit Pandoc CVE-2025-51591 to Target AWS IMDS and Steal EC2 IAM CredentialsUnpatched Flaw in OnePlus Phones Lets Rogue Apps Text MessagesTwo Critical Flaws Uncovered in Wondershare RepairIt Exposing User Data and AI ModelsCisco Warns of iOS Zero-Day Vulnerability Exploited in Attacks
9/23/2025 September 23, 2025September 23, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Secret Service Agents Dismantle Network That Could Shut Down New York Cellphone System…Found Near UN General Assembly…300 SIM Servers, 100K Cards…‘SIM Farms’ Are a Spam PlagueCISA Says Hackers Breached Federal Agency Using Geoserver ExploitEuropean Airports Still Dealing With Disruptions Days After Ransomware AttackDrones and Cyber Outages Exposing Aviation Weak Spots Since 2017Critical Security Flaws Grow With AI Use, New Report ShowsAttacker Breakout Time Falls to 18 MinutesDeepfake Attacks Hit Two-Thirds of BusinessesDHS Has Been Collecting U.S. Citizens’ DNA for YearsWhatsApp Adds Message Translation to iPhone and Android AppsGitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security15 Years of Zero Trust: Why It Matters More Than EverCloudflare Mitigates New Record-Breaking 22.2 Tbps DDoS AttackJaguar Land Rover Extends Production Pause AgainSuspected Cyberattack Disrupts Circle K Chain’s Operations in Hong KongSouth Korea Probes Credit Card Company Lotte Card Data Breach Affecting 3 Million CustomersIranian Hacking Group Nimbus Manticore Expands European TargetingComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian CyberattacksBadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web ShellsShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire ServiceNPM Package ‘fezbox’ Caught Using QR Code to Fetch Cookie-Stealing MalwareTwo New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust SecurityLibraesva ESG Issues Emergency Fix for Bug Exploited by State HackersSolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution FlawSonicWall Releases SMA100 Firmware Update to Wipe Rootkit Malware
9/22/2025 September 22, 2025September 22, 2025 ~ The Cyber Beat ~ Leave a comment EU Agency Confirms Ransomware Attack Behind Airport Disruptions…Airport Chaos Highlights Rise in High-Profile Ransomware Attacks, Cyber Experts SayNew Plan Would Give Congress Another 18 Months to Revisit Section 702 Surveillance PowersDeal to Keep TikTok in U.S. Is Near. These Are the Details.Russia Steps up Disinformation Efforts to Sway Moldova’s Parliamentary Vote$100M Cyberattack on Vegas Strip Involved Teen Hacker, Police Say…Organizations Must Update Defenses to Scattered Spider Tactics, Experts UrgeMajor Cyber Threat Detection Vendors Pull Out of MITRE Evaluations TestCar Giant Stellantis Says Customer Data Nicked After Partner Vendor PwnedAmerican Archive of Public Broadcasting Fixes Bug Exposing Restricted MediaVerified Steam Game Steals Streamer’s Cancer Treatment DonationsLorain County (OH) Data Breach May Have Exposed Employee and Vendor Social Security, Bank InformationComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian CyberattacksNew EDR-Freeze Tool Uses Windows WER to Suspend Security SoftwareAs Scientists Show They Can Read Inner Speech, Brain Implant ‘Pioneers’ Fight for Neural Data Privacy, Access Rights
9/19-21/2025 September 21, 2025September 21, 2025 ~ The Cyber Beat ~ Leave a comment Russian State Hackers Gamaredon and Turla Collaborate in Attacks Against UkraineDPRK Hackers Use ClickFix to Deliver BeaverTail Malware in Crypto Job ScamsUNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE MalwareWhite House Outlines TikTok Deal That Would Give U.S. Control of Algorithm…China’s ByteDance Will Get 1 of 7 Board Seats for TikTok’s U.S. Operations, Official Says…Lachlan Murdoch, Michael Dell, Ellison Involved in TikTok Deal, Trump SaysFailed Stopgap Funding Bill Puts Key Federal Cybersecurity Legislation in JeopardyDOJ: Scattered Spider Took $115 Million in Ransoms, Breached a U.S. Court SystemCanada Dismantles TradeOgre Exchange, Seizes $40 Million in CryptoMI6 Launches Darkweb Portal to Recruit Foreign SpiesWatchdog Finds MrBeast Improperly Collected Children’s DataAirport Cyberattack Disrupts More and More Flights Across Europe…What We Know About the Cyberattack That Hit Major European AirportsRussia’s Main Airport in St. Petersburg Says Its Website Was HackedAttackers Abuse AI Tools to Generate Fake CAPTCHAs in Phishing Attacks17,500 Lighthouse and Lucid Phishing Domains Target 316 Brands Across 74 Countries in Global PhaaS SurgeLastPass Warns of Fake Repositories Infecting macOS with Atomic InfostealerIvanti EPMM Holes Let Miscreants Plant Shady Listeners, CISA SaysFortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT VulnerabilityTransforming Cyber Frameworks to Take Control of Cyber-RiskFBI Warns of Cybercriminals Using Fake FBI Online Crime Reporting PortalsChatGPT Search is Now Smarter as OpenAI Takes on Google Search
9/18/2025 September 18, 2025September 18, 2025 ~ The Cyber Beat ~ Leave a comment Senate Confirms Sutton as Pentagon Cyber Policy ChiefThis Microsoft Entra ID Vulnerability Could Have Been CatastrophicCybercriminals Have a Weird New Way to Target You With Scam TextsNCA Singles Out “The Com” as it Chairs Five Eyes Group‘Scattered Spider’ Teens Charged Over London Transportation HackCybersecurity Firm Netskope Notches $8.8 Billion Valuation as Shares Jump in Nasdaq DebutCrowdStrike Pops Nearly 13% on Upbeat Long-Term Guidance at Investor DayBrazil Enacts Sweeping Bill Requiring Online Age Verification, Safeguards for Children’s DataTaliban Bans Fiber-Optic Internet in Several Afghan Provinces to Curb ‘Immorality’Russian Regional Airline KrasAvia Disrupted by Suspected CyberattackCloudflare DDoSed Itself with React useEffect Hook BlunderCountLoader Broadens Russian Ransomware Operations With Multi-Version Malware LoaderSilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python DevelopersSystemBC Malware Turns Infected VPS Systems Into Proxy HighwayPyPi Invalidates Tokens Stolen in Ghostaction Supply Chain AttackWatchGuard Warns of Critical Vulnerability in Firebox FirewallsGoogle Patches Chrome Zero-Day CVE-2025-10585 as Active V8 Exploit Threatens MillionsOpenAI Fixes Zero-Click Shadowleak Vulnerability Affecting ChatGPT Deep Research Agent
9/17/2025 September 17, 2025September 17, 2025 ~ The Cyber Beat ~ Leave a comment House Lawmakers Move to Extend Two Key Cyber Programs, for NowItaly Enacts AI Law Covering Privacy, Oversight and Child AccessIsrael’s Glilot Capital Raises $500 Million for New AI and Cybersecurity InvestmentsFive Point-Backed WaterBridge Raises $634 Million in U.S. IPOAxiom Space Aims for Orbit With Its Orbital Data Center NodeTaskUs Employees Behind Coinbase Breach, U.S. Court Filing AllegesJudge Rejects Meta Attempt to Overturn Flo Privacy VerdictLabour Politician Charged Over ‘Honey Trap’ WhatsApp Messages Sent to MPsChinese TA415 Uses VS Code Remote Tunnels to Spy on U.S. Economic Policy ExpertsScattered Spider Resurfaces With Financial Sector Attacks Despite Retirement ClaimsShinyHunters Claims 1.5 Billion Salesforce Records Stolen in Drift HacksVC Firm Insight Partners Says Thousands of Staff and Limited Partners Had Personal Data Stolen in a Ransomware AttackTA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel AttacksShai-Hulud Worm Prowls npm to Steal Hundreds of SecretsSonicWall Warns Customers to Reset Credentials After Breach
9/16/2025 September 16, 2025September 16, 2025 ~ The Cyber Beat ~ Leave a comment A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized UsersKrebs: Self-Replicating Worm Hits 180+ Software PackagesMicrosoft Seizes 340 Websites Linked to Growing Phishing Subscription ServiceWe Set Out to Craft the Perfect Phishing Scam. Major AI Chatbots Were Happy to Help.OpenAI to Predict Ages in Bid to Stop ChatGPT From Discussing Self Harm With KidsWant to Foil an AI Deepfake? Tell It to Draw a Smiley FaceHow to Set Up and Use a Burner PhoneCrowdStrike to Buy AI Security Company PangeaIsraeli Cybersecurity Startup Vega Raises $65 Million, Valued at $400 MillionCybersecurity Provider Netskope Boosts IPO Range as It Tests Tech Hot StreakJaguar Land Rover (JLR) Stuck in Neutral as Losses Skyrocket Amid Cyberattack CleanupFifteen Ransomware Gangs, including Scattered Spider, ShinyHunters and Lapsus$, “Retire,” Future UnclearNew FileFix Variant Delivers StealC Malware Through Multilingual Phishing SiteUK: Tax Refund-Themed Phishing Slows in 2025SlopAds Fraud Ring Exploits 224 Android Apps to Drive 2.3 Billion Daily Ad BidsChaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster TakeoverApple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware AttackBreachForums Hacking Forum Admin Resentenced to Three Years in PrisonTikTok’s Journey From Global Sensation to Trump Target
9/15/2025 September 15, 2025September 15, 2025 ~ The Cyber Beat ~ Leave a comment Ukraine Claims Cyberattacks on Russian Election Systems; Moscow Confirms DisruptionsNew Zealand Sanctions Russian Military Hackers Over Cyberattacks on UkraineRussia Tests Hypersonic Missile at NATO’s Doorstep—And Shares the VideoMustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPsAI-Forged Military IDs Used in North Korean Phishing AttackGoogle Confirms Hackers Gained Access to Law Enforcement PortalFrance Threatens to Block Crypto Licence ‘Passporting’ in EU Regulatory FightU.S. National Charged in Finnish Psychotherapy Center ExtortionEuropol Adds Spanish Academic Suspected of Aiding Pro-Russian Hackers to Most Wanted ListGucci, Balenciaga and Alexander McQueen Private Data Ransomed by HackersUnion County (NC) Town Government Hacked in Recent Cyber AttackFinWise Insider Breach Impacts 689K American First Finance CustomersSEO Poisoning Targets Chinese Users with Fake Software SitesPhishing Campaigns Drop RMM Tools for Remote AccessNew Phoenix Attack Bypasses Rowhammer Defenses in DDR5 MemoryAI-Powered Villager Pen Testing Tool Hits 11,000 PyPI Downloads Amid Abuse ConcernsMicrosoft: Exchange 2016 and 2019 Reach End of Support in 30 DaysBuilding Highly Resilient IT Infrastructure Throughout the Enterprise From the Start
9/12-14/2025 September 14, 2025September 14, 2025 ~ The Cyber Beat ~ Leave a comment France Warns Apple Users of New Spyware CampaignPhilippine Military Company Spied Upon With New China-Linked MalwareCharlie Kirk Shooting Suspect Tyler Robinson Had ‘Leftist Ideology’ but Motive Unclear, Utah Gov. Says…‘Not Co-Operating’…Alleged Transgender Partner Is Cooperating and Not Believed to be InvolvedInside Our Investigation of Jeffrey Epstein’s Personal Yahoo AccountData Destruction Done Wrong Could Cost Your Company MillionsCompanies Are Competing for Employees With AI Skills. So Are Hackers.Man Gets Over 4 Years in Prison for Selling Unreleased MoviesHacker Convicted of Extorting 20,000 Psychotherapy Victims Walks Free During AppealDHS IG: CISA Mismanaged Multimillion-Dollar Employee Incentives ProgramVietnam Investigates Cyberattack on Creditors DataRansomware Attack Cancels School for Several Days at Uvalde Consolidated Independent School District (TX)Attackers Adopting Novel LOTL Techniques to Evade DetectionNew VoidProxy Phishing Service Targets Microsoft 365, Google Accounts‘WhiteCobra’ Floods VSCode Market with Crypto-Stealing ExtensionsFBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft AttacksCritical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues WarningNew HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 ExploitSamsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android AttacksCISA Official Calls on Lawmakers to Immediately Extend Cyber Info-Sharing Law
9/11/2025 September 12, 2025September 12, 2025 ~ The Cyber Beat ~ Leave a comment Chinese APT Actor Compromises Military Firm with Novel Fileless Malware ToolsetHow China’s Propaganda and Surveillance Systems Really OperateDidi Global’s $740 Million IPO Settlement Likely Ready Next Month, Plaintiffs’ Lawyer SaysKrebs: Bulletproof Host Stark Industries Evades EU SanctionsFour Years After Kaseya’s Nightmare Hack, a Cyber Turnaround Is UnderwaySwiss Government Looks to Undercut Privacy Tech, Stoking Fears of Mass SurveillanceFTC Opens Inquiry Into How AI Chatbots Impact Child Safety, PrivacyCyberattacks Against Schools Driven by a Rise in Student Hackers, ICO WarnsCalifornia Legislature Passes Bill Forcing Web Browsers to Let Consumers Automatically Opt Out of Data SharingFrance: Three Regional Healthcare Agencies Targeted by Cyber-AttacksPanama Ministry of Economy Discloses Breach Claimed by INC RansomwareDDoS Defender Targeted in 1.5 Bpps Denial-of-Service AttackFileless Malware Deploys Advanced RAT AsyncRAT via Legitimate ToolsFake Madgicx Plus and SocialMetrics Extensions Are Hijacking Meta Business AccountsNew VMScape Attack Breaks Guest-Host Isolation on AMD, Intel CPUsSonicWall SSL VPN Flaw and Misconfigurations Actively Exploited by Akira Ransomware HackersCISA Launches Roadmap for the CVE ProgramApple Warns Customers Targeted in Recent Spyware AttacksMicrosoft Adds Malicious Link Warnings to Teams Private Chats
9/10/2025 September 10, 2025September 10, 2025 ~ The Cyber Beat ~ Leave a comment China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 NegotiationsPoland Downs Drones in Its Airspace, Becoming First NATO Member to Fire During War in UkraineU.S. Warns Hidden Radios May Be Embedded in Solar-Powered Highway InfrastructureU.S. Investment in Spyware Is SkyrocketingApple Says the iPhone 17 Comes With a Massive Security UpgradeU.S. Senator Wyden Pushes FTC to Investigate Microsoft for ‘Gross Cybersecurity Negligence’Ransomware Payments Plummet in Education Amid Enhanced ResiliencyChinese Companies and Bosses to Face Major Fines Over Cybersecurity IncidentsNepal Lifts Social Media Ban After Deadly Youth ProtestsUkraine’s Ousted Cyber Chief Posts Bail in Corruption CaseOracle, OpenAI Sign Massive $300 Billion Cloud Computing DealKillSec Ransomware Hits Brazilian Healthcare IT VendorJaguar Land Rover Admits Hackers May Have Taken DataFlu Jab Email Mishap Exposes Hundreds of Students’ Personal DataResearchers Find Spyware on Phones Belonging to Kenyan FilmmakersEuropean Crypto Platform Swissborg to Reimburse Users After $41 Million TheftHackers Left Empty-Handed After Massive NPM Supply-Chain AttackCHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux SystemsCursor Autorun Flaw Lets Repositories Execute Code Without ConsentKrebs: Microsoft Patch Tuesday, September 2025 Edition…EoP Flaws Again Lead Microsoft Patch TuesdayMicrosoft Waives Fees for Windows Devs Publishing to Microsoft StorePixel 10 Fights AI Fakes With New Android Photo Verification Tech
9/9/2025 September 9, 2025September 9, 2025 ~ The Cyber Beat ~ Leave a comment House Lawmakers to Make Official Visit to China for the First Time Since 2019Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the WorldNew Cybersecurity Rules Land for Defense Department ContractorsDefense Dept Didn’t Protect Social Media Accounts, Left Stream Keys Out in PublicCyber Command, NSA to Remain Under Single Leader as Officials Shelve Plan to End ‘Dual Hat’New Cyber Director Cairncross Calls on Industry to Help Put ‘America First’ in CyberspaceKrebs: 18 Popular Code Packages Hacked, Rigged to Steal CryptoClaude’s New AI File Creation Feature Ships With Deep Security Risks Built InA New Platform Offers Privacy Tools to Millions of Public ServantsFormer WhatsApp Security Boss in Lawsuit Likens Meta’s Culture to a “Cult”Mitsubishi Electric to Buy Nozomi Networks in $1 Billion DealU.S. Charges Admin of LockerGoga, MegaCortex, Nefilim RansomwareKosovo Hacker Pleads Guilty to Running BlackDB Cybercrime MarketplacePlex Tells Users to Reset Passwords After New Data BreachNew York Blood Center Says Thousands Had Data Leaked in January Ransomware AttackNo Gains, Just Pains as 1.6m HelloGym Fitness Phone Call Recordings Exposed OnlineBrazil Lesbian Dating App Sapphos Shuts Down After Security Flaw Exposes Sensitive User DataSalty2FA Phishing Kit Unveils New Level of SophisticationThreat Actor Accidentally Exposes AI-Powered OperationsTOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIsRatOn Android Malware Detected With NFC Relay and ATS Banking Fraud CapabilitiesAdobe Patches Critical SessionReaper Flaw in Magento eCommerce PlatformSAP Fixes Maximum Severity NetWeaver Command Execution FlawMicrosoft September 2025 Patch Tuesday Fixes 81 Flaws, Two Zero-DaysWindows 10 KB5065429 Update Includes 14 Changes and FixesMicrosoft: Anti-Spam Bug Blocks Links in Exchange Online, Teams
9/8/2025 September 8, 2025September 8, 2025 ~ The Cyber Beat ~ Leave a comment Salt Typhoon Used Dozens of Domains, Going Back Five Years. Did You Visit One?Update: Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing TestRemote Access Abuse Biggest Pre-Ransomware IndicatorSilicon Valley’s Graying Workforce: Gen Z Staff Cut in Half at Tech Companies as the Average Age Goes up by 5 YearsSoFi Launches New AI-Themed ETF as Skepticism GrowsCyberattack on Jaguar Land Rover Threatens to Hit British Economic GrowthThe U.S. Government Has No Idea How Many Cybersecurity Pros It EmploysSports Streaming Piracy Service With 123M Yearly Visits Shut DownU.S. Sanctions Companies Behind Cyber Scam Centers in Cambodia, MyanmarNepal Social Media Ban Sparks Protests, Dozens InjuredQualys, Tenable Latest Victims of Salesloft Drift Hack…GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 CompaniesGhostAction Supply Chain Attack Compromises 3000+ SecretsWealthsimple Confirms Data Breach After Supply Chain AttackLovesac Confirms Data Breach After Ransomware Attack ClaimsVC Giant Insight Partners Notifies Staff and Limited Partners After Data BreachMostereRAT Targets Windows Users With Stealth TacticsHackers Hijack npm Packages With 2 Billion Weekly Downloads in Supply Chain AttackSurge in Networks Scans Targeting Cisco ASA Devices Raise ConcernsThe Critical Failure in Vulnerability ManagementSignal Adds Secure Cloud Backups to Save and Restore Chats
9/5-7/2025 September 7, 2025September 7, 2025 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Pretended to Be a Top U.S. Lawmaker During Trade TalksU.S. Says It Is Restricting Visas of Some Central American Nationals Over China TiesU.S. Is Increasingly Exposed to Chinese Election Threats, Lawmakers SayNoisy Bear Targets Kazakhstan Energy Sector With BarrelFire Phishing CampaignUkraine’s Cyber Chief on Russian Hackers’ Shifting Tactics, U.S. Cyber AidKrebs: GOP Cries Censorship Over Spam Filters That WorkQantas Penalizes Executives for July CyberattackRoblox to Verify Ages of All Gamers Who Use Chat and Text FeaturesEmbracing the Next Generation of Cybersecurity TalentWhy Threat Hunting Should Be Part of Every Security ProgramCISA Orders Federal Agencies to Patch Sitecore Zero-Day Following Hacking ReportsSchool District Five of Lexington & Richland Counties (SC) Data Breach Affects 31,000 PeopleNavy Federal Credit Union Data Breach Exposes Backup Files on Credit Union Serving Military MembersData Breach at American Credit Union Exposes Financial Data‘SEO Fraud-As-A-Service’ Scheme Hijacks Windows Servers to Promote Gambling WebsitesTAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware OperationsVirusTotal Finds 44 Undetected SVG Files Used to Deploy Base64-Encoded Phishing PagesiCloud Calendar Abused to Send Phishing Emails from Apple’s ServersmacOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple SecurityMalicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet KeysSAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
9/4/2025 September 5, 2025September 5, 2025 ~ The Cyber Beat ~ Leave a comment How North Korean Hackers Are Using Fake Job Offers to Steal Cryptocurrency‘Unrestrained’ Chinese Cyberattackers May Have Stolen Data From Almost Every AmericanCzech Cyber Agency Warns Against Using Services and Products That Send Data to ChinaGhostRedirector Emerges as New China-Aligned Threat ActorU.S. Says It Is Restricting Visas of Some Central American Nationals Over China TiesU.S. and 14 Allies Release Joint Guidance on Software Bill of MaterialsBritain Rules Out Backing for Global Defence BankGoogle Fined $379 Million by French Regulator for Cookie Consent ViolationsTexas Sues PowerSchool Over Breach Exposing 62M Students, 880K TexansUkraine’s Cyber Chief on Russian Hackers’ Shifting Tactics, U.S. Cyber AidBlast Radius of Salesloft Drift Attacks Remains UncertainChess.com Discloses Recent Data Breach via File Transfer AppTire Giant Bridgestone Confirms Cyberattack Impacts ManufacturingDelivery Giant OnTrac Data Breach Exposes 40,000 Personal RecordsAttackers Snooping Around Sitecore, Dropping Malware via Public Sample KeysCMS Provider Sitecore Patches Exploited Critical Zero DayCISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively ExploitedMicrosoft Says Recent Windows Updates Cause App Install IssuesEuropean Court Rejects Challenge to EU-U.S. Data Transfer Agreement
9/3/2025 September 3, 2025September 3, 2025 ~ The Cyber Beat ~ Leave a comment Russian APT28 Expands Arsenal with ‘NotDoor’ Outlook BackdoorU.S. Offers $10 Million Bounty for Info on Russian FSB HackersVenezuela’s President Thinks American Spies Can’t Hack Huawei PhonesIranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting DiplomatsAutomated Sextortion Spyware Takes Webcam Pics of Victims Watching PornIt Looks Like You’re Ransoming Data. Would You Like Some Help?How Passkeys Work—And How to Use ThemFinland’s IQM Quantum Computers Raises $320 Million in New Funding RoundIsrael’s Cato Networks Buys Aim Security, Raises Another $50 MillionMore Personal Injury Lawyers Are Chasing Data-Breach SettlementsPolice Disrupts Streameast, Largest Pirated Sports Streaming NetworkU.S. Sues Robot Toy Maker Apitor Technology for Exposing Children’s Data to Chinese DevsSalesloft Takes Drift Offline After OAuth Token Theft Hits Hundreds of OrganizationsSaaS Giant Workiva Discloses Data Breach After Salesforce AttackM&S Hackers ‘Scattered Lapsus$ Hunters’ Claim to Be Behind Jaguar Land Rover Cyber AttackMatrix.org Homeserver Grinds to a Halt After Raid MeltdownHackers Breach Fintech Firm Sinqia S.A. in Attempted $130M Bank HeistThreat Actors Abuse X’s Grok AI to Spread Malicious LinksMalicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto DevelopersMajor IPTV Piracy Network Uncovered Spanning 1100 DomainsThreat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of DisclosureAndroid Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under AttackWith Less Than a Month to Go, House Panel Votes to Extend Popular Cyber ProgramsCorruption Case Against Ousted Cyber Chief Is ‘Revenge,’ Ukraine’s Security Service Says
9/2/2025 September 2, 2025September 2, 2025 ~ The Cyber Beat ~ Leave a comment Lazarus Group Expands Malware Arsenal With PondRAT, ThemeForestRAT, and RemotePEMoscow Reportedly Hires Hackers Who Breached City’s School SystemUkrainian Network FDN3 Launches Massive Brute-Force Attacks on SSL VPN and RDP DevicesICE Reinstates Contract with Spyware Vendor ParagonWho Watches the Watchmen? Surveillanceware Firms Make Bank, Avoid OversightDisney Agrees to $10 Million Settlement for Collecting Data From ChildrenThat Supposed ‘Gmail Hack’: Google Says It’s False, but Watch Out for Phishing AnywayFBI, Cybersecurity Experts Warn of 3-Phase Scam That Is Draining Bank AccountsAI Chatbot Users Beware – Hackers Are Now Hiding Malware in the Images Served up by LLMsKrebs: The Ongoing Fallout from a Breach at AI Chatbot Maker SalesloftStolen OAuth Tokens Expose Palo Alto Customer DataCloudflare Hit by Data Breach in Salesloft Drift Supply Chain AttackCloudflare Blocks Largest Recorded DDoS Attack Peaking at 11.5 TbpsBritain’s Jaguar Land Rover Hit by Cyber Incident That Disrupts Production, SalesPennsylvania AG Says Recovery Continues After Office Refused to Pay Ransomware GangAzure AD Credentials Exposed in Public App Settings FileMalicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus WalletsResearchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy ControlHackers Are Sophisticated & Impatient — That Can Be Good
9/1/2025 September 1, 2025September 2, 2025 ~ The Cyber Beat ~ Leave a comment Silver Fox APT Exploits Signed Drivers to Deploy ValleyRAT BackdoorChina Is About to Show Off Its New High-Tech Weapons to the WorldNorth Korea’s Kim Inspects New Missile Production Line, KCNA SaysGoogle: Gmail’s Protections Are Strong and Effective, and Claims of a Major Gmail Security Warning Are FalseSpanish Government Cancels €10M Contract Using Huawei EquipmentLegalPwn: Tricking LLMs by Burying Badness in Lawyerly Fine PrintZscaler Data Breach Exposes Customer Info After Salesloft Drift CompromiseRansomware Attack on Pennsylvania’s AG Office Disrupts Court CasesAndroid Droppers Now Deliver SMS Stealers and Spyware, Not Just Banking TrojansHigh-Risk SQLi Flaw Exposes WordPress Memberships Plugin UsersDDoS Is the Neglected Cybercrime That’s Getting Bigger. Let’s Kill It OffProof-of-Concept in 15 Minutes? AI Turbocharges Exploitation