🚨 Important: Hackers quietly exploited Fortra GoAnywhere MFT a full week before anyone knew.

CVE-2025-10035 (CVSS 10.0) gave them pre-auth RCE to slip in an “admin-go” backdoor and drop payloads.

Patch now: 7.8.4 / 7.6.3.

Full story → https://thehackernews.com/2025/09/fortra-goanywhere-cvss-10-flaw.html

🚨 West Sussex man arrested over ransomware attack that crippled baggage & check-in systems at major European airports, including Heathrow.

Collins Aerospace confirms “HardBit” ransomware caused hundreds of flight delays.

NCA probe ongoing → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#basic-ransomware-big-chaos

⚡ Blue Report 2025:

• Data exfiltration stopped just 3% of the time
• 54% of attacker moves left no logs
• Only 14% triggered alerts

Dashboards don’t prove safety—BAS is the crash test that shows if your defenses really hold.

Read → https://thehackernews.com/2025/09/crash-tests-for-security-why-bas-is.html

⚠️ Two big cyber hits making waves:

🇷🇺 COLDRIVER hackers are tricking people with fake CAPTCHAs to drop a stealthy PowerShell backdoor that steals files and hides its tracks.

💥 At the same time, Bearlyfy ransomware is tearing through Russian companies—30+ victims so far, ransoms reaching €80K.

Full story → https://thehackernews.com/2025/09/new-coldriver-malware-campaign-joins-bo.html

🚨 Two fresh phishing campaigns, one big warning:

🇺🇦 Hackers posing as Ukraine’s National Police use SVG attachments to launch a chain that steals passwords & mines crypto.

🇻🇳 Another crew lures victims with fake copyright notices, ending in PureRAT backdoors for full remote control.

Full story → https://thehackernews.com/2025/09/researchers-expose-svg-and-purerat.html

🚨 CISA: Hackers exploited GeoServer CVE-2024-36401 RCE to breach a U.S. federal agency on July 11, 2024—moving laterally across servers and deploying China Chopper web shells & LotL tools.

Full advisory → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#geoserver-hole-exploited

🚨 China-linked cyber groups are upgrading their weapons:

• PlugX: hides in the Mobile Popup app, decrypts payloads in memory with XOR-RC4-RtlDecompressBuffer, packs a keylogger.

• Bookworm: slips shellcode in UUID strings to dodge detection.

Full story → https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html

🚨 First real-world MCP server backdoor spotted!

A fake npm package postmark-mcp silently BCC’d every email to an attacker—over 1,600 downloads before removal.

⚠️ One line of code. Thousands of stolen emails.

Read now → https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html

🚨 Microsoft warns — Hackers used LLM-generated code to hide malware in an SVG file disguised as a business dashboard, bypassing defenses with self-addressed emails + invisible scripts.

Details → https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html

🕵️‍♀️ Missed the action? Hackers didn’t rest—neither should you.

See the key security stories you might have missed.

Check full recap → https://thehackernews.com/2025/09/weekly-recap-cisco-0-day-record-ddos.html

🚨 SOCs are drowning: 40% of security alerts go uninvestigated, and 61% of the ones ignored later turn out to be critical.

Teams face 3,000+ daily alerts and 70-minute investigations—far slower than the 48 minutes attackers need to compromise.

Read → https://thehackernews.com/2025/09/the-state-of-ai-in-soc-2025-insights.html

🚨 EvilAI is live and global: Malware hidden inside “legit” AI & productivity apps is quietly invading manufacturing, healthcare, gov & tech across 🇮🇳 🇺🇸 🇫🇷 🇧🇷 and more.

🕵️‍♂️ Uses real code-signing certs, AES-encrypted C2, even NeutralinoJS tricks to slip past detection.

Read → https://thehackernews.com/2025/09/evilai-malware-masquerades-as-ai-tools.html

🚨 Linux/Unix alert: CISA just flagged a critical Sudo flaw (CVE-2025-32463, CVSS 9.3) now exploited in the wild.

Attackers can hijack sudo’s --chroot option to run arbitrary commands as root—even if not in sudoers.

Details → https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html

🚨 U.K. police just seized £5.5B ($7.4B) in crypto—the largest Bitcoin confiscation in history.

A Chinese fraudster duped 128,000 victims, laundered funds into 61,000 BTC, and tried to hide in London with fake IDs.

The twist? She was caught buying property.

Full story → https://thehackernews.com/2025/09/uk-police-just-seized-55-billion-in.html

🚨 Shadow AI is exploding inside enterprises. Employees are adopting LLM-powered apps without oversight—creating blind spots, supply chain risks, and data leaks.

Wing Security says traditional defenses can’t keep up. The fix? Real-time discovery + AI supply chain governance.

Read → https://thehackernews.com/2025/09/evolving-enterprise-defense-to-secure.html

🚨 A new Android banking trojan is here: Datzbro.

It doesn’t just steal logins—it recreates your screen in real time for full device takeover.

Victims? Seniors lured via fake “active trip” groups on Facebook.

Details → https://thehackernews.com/2025/09/new-android-trojan-datzbro-tricking.html

🔥 [New] VMware zero-day (CVE-2025-41244) exploited in the wild!

UNC5174 popped root by abusing a regex bug in get_version() — drop /tmp/httpd, open a socket, and you’re root.

Already active since Oct ’24.

Details → https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.html

🛠 AI won’t fix your workflows—it might break them.

Learn how top teams actually blend humans + LLMs without over-engineering.

Secure, auditable, scalable.

📅 Join the webinar → https://thehacker.news/ai-automating-cybersecurity

🚨 Microsoft just made Sentinel an agentic SIEM.

Now GA: Sentinel data lake + preview of Graph & MCP server.

AI agents can retro-hunt, trace attack paths & plug into VS Code. From reactive to predictive defense.

Details → https://thehackernews.com/2025/09/microsoft-expands-sentinel-into-agentic.html

🚨 Google’s Gemini AI had a “Trifecta” of flaws that let attackers steal user data + hijack cloud assets.

The wildest part? Hackers could smuggle prompts inside HTTP headers to make Gemini expose IAM misconfigs & query Cloud APIs on their behalf.

Read → https://thehackernews.com/2025/09/researchers-disclose-google-gemini-ai.html