Cyber security news September 2025

This posting is here to collect cyber security news in September 2025.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

13 Comments

  1. Tomi Engdahl says:

    Google Confirms Android Attacks—No Fix For 1 Billion Phones
    https://www.forbes.com/sites/zakdoffman/2025/09/04/google-confirms-android-attacks-no-fix-for-1-billion-phones/?utm_campaign=socialflowForbesMainFB&utm_medium=social&utm_source=ForbesMainFacebook&fbclid=IwdGRjcAMmm3BleHRuA2FlbQIxMQABHo41luLc2UARBasI4Mr0PXojpHEcsYLn60lf-Ei48SAXlPybYWNxcxpsZnWn_aem_kaeSsjrb21IyjIjTCkW5rA

    Google has issued a critical warning for all Android users, confirming that two separate vulnerabilities have been exploited in the wild. Such is the seriousness of its security update this month, that Google will quickly fix all eligible Pixel devices.

    The two high-severity vulnerabilities that have been exploited — CVE-2025-38352 and CVE-2025-48543 — affect the Android Kernel and Android Runtime respectively. As ever, Google has not issued any material detail at this early stage.

    Reply
  2. Tomi Engdahl says:

    New TP-Link zero-day surfaces as CISA warns other flaws are exploited
    https://www.bleepingcomputer.com/news/security/new-tp-link-zero-day-surfaces-as-cisa-warns-other-flaws-are-exploited/?fbclid=IwdGRjcAMmodFleHRuA2FlbQIxMQABHrRZJRSf_dOcb-pO9CSIVIFg5EajHLexoTlCNkMUbNvqK5AararYMet9Af1a_aem_oe0rk_tRs4K-T50uNKl5Rw

    TP-Link has confirmed the existence of an unpatched zero-day vulnerability impacting multiple router models, as CISA warns that other router flaws have been exploited in attacks.

    The zero-day vulnerability was discovered by independent threat researcher Mehrun (ByteRay), who noted that he first reported it to TP-Link on May 11, 2024.

    The Chinese networking equipment giant confirmed to BleepingComputer that it is currently investigating the exploitability and exposure of the flaw.

    Reply
  3. Tomi Engdahl says:

    Hackers exploited Sitecore zero-day flaw to deploy backdoors
    https://www.bleepingcomputer.com/news/security/hackers-exploited-sitecore-zero-day-flaw-to-deploy-backdoors/?fbclid=IwdGRzaAMmxitleHRuA2FlbQIxMQABHl0yym5aLggmX635agZLZNXuuCMCBLbZozwBrYBjtYQGr3-_pPw6tzjzYJEH_aem_Sk2ejT1N4eYmMmCujc00kA

    Reply
  4. Tomi Engdahl says:

    Hackers are likely succeeding because these probes often come from compromised end-of-life Cisco, Linksys, and Araknis Networks devices.

    #hack #cybersecurity #router

    Read more: https://cnews.link/surge-in-malicious-scans-for-outdated-routers/

    Reply
  5. Tomi Engdahl says:

    US puts $10M bounty on three Russians accused of attacking critical infrastructure
    Seven-year-old Cisco vuln that remains inexplicably unpatched is their way in
    https://www.theregister.com/2025/09/04/us_10m_bounty_fsb_attackers/

    The US State Department has put a $10 million bounty on the heads of three Russians accused of being intelligence agents hacking America’s critical infrastructure – primarily via old Cisco kit, it seems.

    The alert directly connects them to reports of the Russian Federal Security Service’s (FSB) Center 16 – aka Berserk Bear – accused of using a flaw (CVE-2018-0171) Cisco patched in 2018, but attackers recently exploited it in the Salt Typhoon hacking campaign, which the FBI warns stole data from ‘nearly every American,’ though investigators attribute the attack to the Chinese.

    Reply
  6. Tomi Engdahl says:

    OpenAI seuraa, mitä puhut ChatGPT:lle – ja ilmoittaa epäilyttävimmät tapaukset suoraan poliisille
    https://dawn.fi/uutiset/2025/09/02/openai-seuraa-chatgpt-keskusteluja

    Reply
  7. Tomi Engdahl says:

    https://cybersecuritynews.com/critical-next-js-framework-vulnerability/

    Reply
  8. Tomi Engdahl says:

    Nykyajan yhdistysaktiivin on hyvä tuntea verkossa vaanivat uhkatekijät. Kymmenen kohdan lista nostaa esiin keskeisimmät tavat, joilla voit pitää itsesi ja yhdistyksesi turvassa.

    https://www.vitec-avoine.com/blogi/10-tarkeinta-asiaa-jotka-kannattaa-muistaa-verkossa-toimiessasi/

    Reply
  9. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/technology/no-google-did-not-warn-25-billion-gmail-users-to-reset-passwords/

    Reply
  10. Tomi Engdahl says:

    https://thehackernews.com/2025/08/attackers-abuse-velociraptor-forensic.html

    Reply
  11. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/security/new-tp-link-zero-day-surfaces-as-cisa-warns-other-flaws-are-exploited/

    Reply
  12. Tomi Engdahl says:

    https://arstechnica.com/security/2025/09/mis-issued-certificates-for-1-1-1-1-dns-service-pose-a-threat-to-the-internet/

    Reply
  13. Tomi Engdahl says:

    https://www.forbes.com/sites/zakdoffman/2025/09/04/google-confirms-android-attacks-no-fix-for-1-billion-phones/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*