🚨 Two new flaws let attackers slip past Supermicro’s BMC Root of Trust!

Hackers can sneak in a fake signed firmware image (CVE-2025-7937 & CVE-2025-6198) and take over the BMC—then the whole server—permanently.

Full story → https://thehackernews.com/2025/09/two-new-supermicro-bmc-bugs-allow.html

⚠️ State-backed hackers just broke into Libraesva’s email security gateway.

A flaw (CVE-2025-59689) lets a single malicious email run commands on your server—and it’s already been exploited.

Update now before you’re next → https://thehackernews.com/2025/09/state-sponsored-hackers-exploiting.html

🚨 Researchers spotted real-world attacks exploiting a Linux flaw (CVE-2025-51591) in Pandoc to target AWS EC2 IMDS and steal IAM creds.

If you’re still on IMDSv1, you’re a sitting duck. Enforce IMDSv2 & sandbox Pandoc.

Details → https://thehackernews.com/2025/09/hackers-exploit-pandoc-cve-2025-51591.html

Cybersecurity is shifting—from chasing attacks to predicting them.

🔍 Threat-Informed Defense (MITRE-backed) helps teams find security gaps before hackers strike.

How to make your defenses bulletproof ↓ https://thehackernews.com/expert-insights/2025/09/turning-intelligence-into-action-with.html

🚨 49 merchants hit by a stealthy Stripe skimmer.

Hackers used pixel-perfect fake checkout iframes to steal credit card data—bypassing decades-old “secure by design” policies.

Old defenses like CSP & X-Frame-Options? Useless.

Active monitoring is now the only shield.

Learn more → https://thehackernews.com/2025/09/iframe-security-exposed-blind-spot.html

🚨 New cyber threat spotted: YiBackdoor

• Shares core code with IcedID & Latrodectus—same notorious developers.
• Executes commands, steals screenshots, loads stealthy plugins.
• Likely a test run for future ransomware attacks.

Details → https://thehackernews.com/2025/09/new-yibackdoor-malware-shares-major.html

💀 158 years in business—gone in days.

Hackers guessed ONE weak password, unleashed ransomware, wiped backups & bankrupted KNP Logistics.

700 jobs lost in days. Your password is all it takes.

Full story → https://thehackernews.com/2025/09/how-one-bad-password-ended-158-year-old.html

🚨 Researchers found critical authentication bypass flaws in Wondershare RepairIt (CVE-2025-10643/10644).

Hardcoded cloud tokens + no encryption exposed user data and let attackers swap AI models—turning updates into a supply chain backdoor.

Details → https://thehackernews.com/2025/09/two-critical-flaws-uncovered-in.html

🛑 China-backed hackers have silently breached top U.S. legal, SaaS & tech firms—hiding for 393 days with a custom backdoor called BRICKSTORM.

They’re stealing emails, cloning servers & staying invisible to security tools.

Read → https://thehackernews.com/2025/09/unc5221-uses-brickstorm-backdoor-to.html

⚠️ Chinese state hackers just breached defense contractors in the U.S.—plus gov agencies from Asia to Europe.

The RedNovember group hijacked VPNs & firewalls from Cisco, Palo Alto, Ivanti and more—using open-source backdoors to stay hidden.

Full story → https://thehackernews.com/2025/09/chinese-hackers-rednovember-target.html

🚨 Cisco flaw already under attack: CVE-2025-20352 lets remote hackers crash systems or run code as root via SNMP.

Cisco IOS & IOS XE devices with SNMP enabled are at risk—Meraki MS390 & Catalyst 9300 included. Patch to IOS XE 17.15.4a now.

Details → https://thehackernews.com/2025/09/cisco-warns-of-actively-exploited-snmp.html

🚨 Two fake Rust crates stole Solana & Ethereum wallet keys

faster_log & async_println racked up 8,424 downloads before crates[.]io killed them.

They cloned real code & sent private keys to a fake Solana endpoint.

Details → https://thehackernews.com/2025/09/malicious-rust-crates-steal-solana-and.html

🚨 DDoS attacks are exploding: up 41% YoY with a record-shattering 2.2 Tbps strike in early 2025.

Tech firms are now the #1 target, finance is climbing fast, and app/API attacks hit 38% of all incidents.

Read full report here → https://thehackernews.com/2025/09/tech-overtakes-gaming-as-top-ddos.html

🛡 [New] Threatsday Bulletin is live!

⚡ SonicWall rootkit patch
⚡ GeoServer federal breach
⚡ Scattered Spider confession
⚡ Shai-Hulud npm worm
⚡ …and more critical updates

Stay ahead of this week’s biggest cyber threats → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html

🚨 61% of new software flaws get stamped “critical” every year—yet only about 10% are truly dangerous.

Security teams are drowning in fake urgency while real threats slip through.

Gartner’s new Continuous Threat Exposure Management flips the script: prove which risks actually matter.

Read → https://thehackernews.com/2025/09/ctems-core-prioritization-and-validation.html

⚠️ North Korea’s hackers just unleashed a new backdoor—AkdoorTea.

Fake job interviews trick devs into running “camera fix” scripts that hijack Windows, macOS & Linux to steal crypto and drop miners.

Here’s what you need to know ↓ https://thehackernews.com/2025/09/north-korean-hackers-use-new-akdoortea.html

🔒 Learn to Secure Containers — Free Certification!

Master practical container security: choosing base images, scanning for vulnerabilities, and securing production.

🎓 Free, self-paced, certification included.

Start Free Course ↓ https://thn.news/docker-security-guide

🚨 Researchers found a 9.4-severity flaw called “ForcedLeak” that let hackers steal CRM data from Agentforce—by buying a $5 expired domain and slipping in a hidden prompt.

Salesforce patched it, but check your leads now.

Full story → https://thehackernews.com/2025/09/salesforce-patches-critical-forcedleak.html

🚨 1 TRILLION DNS queries.

Cybercriminal network Vane Viper exposed as an adtech-powered malware empire—60,000+ shady domains, push-notif abuse, and deep ties to PropellerAds & AdTech Holding.

It’s not an ad network—it’s a threat network.

Read → https://thehackernews.com/2025/09/vane-viper-generates-1-trillion-dns.html

🚨 WARNING: Cisco VPN gear under active attack!

Two zero-days (CVE-2025-20333, CVSS 9.9 & CVE-2025-20362) let hackers gain root access and bypass auth.

CISA issued an emergency directive—federal agencies have 24 hrs to patch.

Details → https://thehackernews.com/2025/09/urgent-cisco-asa-zero-day-duo-under.html