ICYMI: 2025-09-23
Latest Headlines
Two New Supermicro BMC Bugs Allow Malicious Firmware to Evade Root of Trust Security
Eurojust Arrests 5 in €100M Cryptocurrency Investment Fraud Spanning 23 Countries
U.S. Secret Service Seizes 300 SIM Servers, 100K Cards Threatening U.S. Officials Near UN
SolarWinds Releases Hotfix for Critical CVE-2025-26399 Remote Code Execution Flaw
Lean Teams, Higher Stakes: Why CISOs Must Rethink Incident Remediation
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security
BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells
‘SIM Farms’ Are a Spam Plague. A Giant One in New York Threatened US Infrastructure, Feds Say
Jaguar Land Rover Says Shutdown Will Continue Until at Least Oct 1 After Cyberattack
A Massive Telecom Threat Was Stopped Right As World Leaders Gathered at UN Headquarters in New York
Patch Bypassed for Supermicro Vulnerability Allowing BMC Hack
SolarWinds Makes Third Attempt at Patching Exploited Vulnerability
Unit 221B Raises $5 Million for Threat Intel Aiding Hacker Arrests
All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher
Top 25 MCP Vulnerabilities Reveal How AI Agents Can Be Exploited
New Malware in npm Package Steals Browser Passwords Using Steganographic QR Code
Zloader Malware Repurposed to Act as Entry Point Into Corporate Environments to Deploy Ransomware
Beware of Fake Online Speedtest Application With Obfuscated JS Codes
Defy Security Appoints Esteemed Cybersecurity Leader Gary Warzala to Its Board of Directors
Want to Validate Alerts Faster? Use Free Threat Intel from 15K SOCs
Nimbus Manticore Attacking Defense and Telecom Sectors With New Malware
Hackers Weaponizing SVG Files to Stealthily Deliver Malicious Payloads
Tata-Owned Jaguar Land Rover Delays Factory Reopening Following Major Cyber Attack
SonicWall Releases Urgent Update to Remove Rootkit Malware ‘OVERSTEP’ from SMA Devices
Boyd Gaming discloses data breach after suffering a cyberattack
Libraesva ESG issues emergency fix for bug exploited by state hackers
WhatsApp adds message translation to iPhone and Android apps
Cloudflare mitigates new record-breaking 22.2 Tbps DDoS attack
CISA says hackers breached federal agency using GeoServer exploit
Police dismantles crypto fraud ring linked to €100 million in losses
5 ways to streamline Identity Governance with this free tool
SolarWinds releases third patch to fix Web Help Desk RCE bug
SonicWall releases SMA100 firmware update to wipe rootkit malware
GitHub tightens npm security with mandatory 2FA, access tokens
NPM package caught using QR Code to fetch cookie-stealing malware
– MTZ