Security Bundle.

September 12, 2025

"Without Federal Help, Cyber Defense is up to the rest of us."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 12 September 2025, 0234 UTC.

Content and Sources compiled by https://feedly.com

https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895

Please check URL or scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security News Bundle

326

Most popular

New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit
8 TTPs
•
100+The Hacker News / 13h
•
CVE-2024-7344
Cybersecurity researchers have discovered a new ransomware strain dubbed HybridPetya that resembles the notorious Petya/NotPetya malware, while also incorporating the ability to bypass the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems using a now-patched vulnerability disclosed earlier this year. Slovakian cybersecurity company ESET said the samples were uploaded
I built my own AirTag-like tracker with this Raspberry Pi alternative - how it works
ZDNet | Security / 9h
If you're into Raspberry Pi, or just starting out, this project is great to sink your teeth into.
Without Federal Help, Cyber Defense Is Up to the Rest of Us
Dark Reading / 10h
Together, we can foster a culture of collaboration and vigilance, ensuring that we are not just waiting for a hero to save us, but actively working to protect ourselves and our communities.

Today

I tried Apple's 2 big AI features announced at the iPhone 17 event - and both are game changers
ZDNet | Security / 1h
Apple focused on its cutting edge hardware for the iPhone 17 launch, but also unveiled a couple groundbreaking AI features. Both could make a big difference in daily use.
HybridPetya: More proof that Secure Boot bypasses are not just an urban legend
5 TTPs
•
The Register – Security / 3h
Although it hasn't been seen in the wild yet A new ransomware strain dubbed HybridPetya was able to exploit a patched vulnerability to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot on unrevoked Windows systems, making it the fourth publicly known bootkit capable of punching through the feature and hijacking a PC before the operating system loads.…
French Advisory Sheds Light on Apple Spyware Activity
Apple alerts French officials spyware targeted
•
Dark Reading / 6h
CERT-FR's advisory follows last month's disclosure of a zero-day flaw Apple said was used in "sophisticated" attacks against targeted individuals.
Samsung fixes Android 0-day that may have been used to spy on WhatsApp messages
CVE-2025-21043
•
The Register – Security / 6h
A similar vuln on Apple devices was used against 'specific targeted users' Samsung has fixed a critical flaw that affects its Android devices - but not before attackers found and exploited the bug, which could allow remote code execution on affected devices.…
FTC scrutinizes OpenAI, Meta, and others on AI companion safety for kids
ZDNet | Security / 7h
Seven tech companies are under investigation, following recent reports of AI companions behaving badly. Here's why.
Your Powerbeats Pro 2 are getting a serious upgrade - but there's a catch
Powerbeats Pro 2 gains heart rate tracking
•
ZDNet | Security / 7h
Apple says it's improved heart rate tracking features with Beats, which is great news for iPhone users, and not so much for Android fans.
This 'critical' Cursor security flaw could expose your code to malware - how to fix it
Cursor flaw enables unauthorized code execution
•
ZDNet | Security / 8h
A feature being disabled by default could leave users and their organizations vulnerable to commands that run automatically.
ChatGPT just saved me 25% off my dinner tonight - here's how
ZDNet | Security / 9h
You can use free ChatGPT or ChatGPT Plus to look for copuon codes. But one trick gets the best results.
All your vulns are belong to us! CISA wants to maintain gov control of CVE program
CISA seeks funding for CVE program
•
The Register – Security / 9h
Get ready for a fight over who steers the global standard for vulnerability identification The Cybersecurity and Infrastructure Security Agency (CISA) nearly let the Common Vulnerabilities and Exposures (CVE) program lapse earlier this year, but a new "vision" document it released this week signals that it now wants more control over the global standard for vulnerability identification.…
New HybridPetya ransomware can bypass UEFI Secure Boot
7 TTPs
•
36BleepingComputer / 9h
•
CVE-2024-7344
A recently discovered ransomware strain called HybridPetya can bypass the UEFI Secure Boot feature to install a malicious application on the EFI System Partition. [...]
CISA warns of actively exploited Dassault RCE vulnerability
IoC > 1 IP
•
27BleepingComputer / 10h
•
3 TTPs
•
CVE-2025-5086
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. [...]
Windows 11 23H2 Home and Pro reach end of support in 60 days
37BleepingComputer / 10h
Microsoft has reminded customers today that devices running Home and Pro editions of Windows 11 23H2 will stop receiving updates in November. [...]
Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks
CVE-2025-21042 & 1 other
•
34The Hacker News / 10h
Samsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks. The vulnerability, CVE-2025-21043 (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution. "Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to
Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms
51The Hacker News / 10h
Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part
Why the Samsung S95F is one of the best OLED TVs you can buy - especially at this price
ZDNet | Security / 11h
The Samsung S95F offers excellent picture and audio in one of the thinnest OLED TVs I've ever seen, making it perfect for users looking to stay on the cutting edge of entertainment.
This exclusive discount makes the best smart lock I've ever tested that much better
ZDNet | Security / 11h
The Lockly Visage Zeno Series is one of the smartest devices you can add to your smart home, especially when paired with this ZDNET-exclusive discount.
Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS
Security Affairs / 11h
Cisco addressed multiple high-severity IOS XR vulnerabilities that can allow ISO image verification bypass and trigger DoS conditions. Cisco addressed multiple vulnerabilities in IOS XR software as part of its semiannual Software Security Advisory Bundled Publication published on September 10, 2025. Below are the vulnerabilities addressed by the network giant: The following table identifies Cisco
I used Google Lens to identify my weirdest junk drawer items - here's how it did
ZDNet | Security / 11h
Think Google Lens is just for IDing flowers and landmarks? I tried it on random 3D printed parts, medical thingamajigs, and one oddly familiar object that almost tricked it.
These popular free VPNs all share the same shady security practices - here's why
ZDNet | Security / 11h
A new study revealed potential links between some of the most downloaded VPNs in the Google Play Store with deceptive practices and poor security standards.
Why IPVanish is going RAM-only - and what it means for your privacy and data
ZDNet | Security / 11h
The VPN's RAM-only servers are now available in 19 countries, including 10 US states.
1,200 undergrads hung out to dry after jailbreak attack on laundry machines
The Register – Security / 11h
Dorm management refuses to cover costs after payment system borked More than a thousand university students in the Netherlands must continue to travel to wash their clothes after their building management company failed to bring its borked smart laundry machines back online.…
The first three things you’ll want during a cyberattack
BleepingComputer / 12h
When cyberattacks hit, every second counts. Survival depends on three essentials: clarity to see what's happening, control to contain it, and a lifeline to recover fast. Learn from Acronis TRU how MSPs and IT teams can prepare now for the difference between recovery and catastrophe. [...]
In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research
13 TTPs
•
SecurityWeek / 12h
•
CVE-2024-7344
Noteworthy stories that might have slipped under the radar: Huntress research raises concerns, Google paid out $1.6 million for cloud vulnerabilities, California web browser bill. The post appeared first on SecurityWeek .
Undocumented Radios Found in Solar-Powered Devices
US warns of hidden radios in infrastructure
•
Dark Reading / 13h
The US Transportation Department reportedly warns that solar-powered devices used in highway infrastructure have undocumented radios. Is the risk real?
DELMIA Factory Software Vulnerability Exploited in Attacks
SecurityWeek / 13h
A deserialization of untrusted data in the MOM software allows attackers to achieve remote code execution. The post appeared first on SecurityWeek .
Critical CVE-2025-5086 in DELMIA Apriso Actively Exploited, CISA Issues Warning
IoC > 1 IP
•
24The Hacker News / 13h
•
17 TTPs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-5086, carries a CVSS score of 9.0 out of 10.0. According to
F5 to Acquire CalypsoAI for Advanced AI Security Capabilities
F5 acquires CalypsoAI for 180M
•
Dark Reading / 13h
F5 plans to use CalypsoAI's platform to provide real-time threat defense against attacks and help enterprises safeguard themselves as they adopt the latest AI technologies.
Apple just got FDA clearance for Hypertension Detection - does your watch support it?
ZDNet | Security / 14h
Hypertension Detection will roll out with WatchOS 26.
Can't hear TV dialogue? This soundbar fixed my audio problems for cheap
ZDNet | Security / 14h
If you're on a budget and still want quality audio, Creative has a space-saving option just for you.
The IT job market keeps shrinking, but not for everyone - or everywhere
ZDNet | Security / 14h
Along with AI, data, and cybersecurity skills, IT pros need to elevate their roles, resumes, and resilience.
Apple Sends Fresh Wave of Spyware Notifications to French Users
Apple alerts users to spyware threats
•
SecurityWeek / 14h
Apple this year sent at least four rounds of notifications to French users potentially targeted by commercial spyware. The post appeared first on SecurityWeek .
Samsung fixed actively exploited zero-day
2 TTPs
•
Security Affairs / 14h
•
CVE-2025-21042 & 1 other
Samsung fixed the remote code execution flaw CVE-2025-21043 that was exploited in zero-day attacks against Android devices. Samsung addressed the remote code execution vulnerability, tracked as CVE-2025-21043, that was exploited in zero-day attacks against Android users. The vulnerability is an out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1. A remote attacker can ex
Man gets over 4 years in prison for selling unreleased movies
26BleepingComputer / 14h
A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies. [...]
F5 to Acquire CalypsoAI for $180 Million
F5 acquires CalypsoAI for 180M
•
SecurityWeek / 15h
F5 is buying CalypsoAI for its adaptive AI inference security solutions, which will be integrated into its Application Delivery and Security Platform. The post appeared first on SecurityWeek .
AirPods Pro 3 vs. AirPods Pro 2: I compared both earbuds, here's who should upgrade
ZDNet | Security / 15h
The AirPods Pro 3 have plenty of exciting upgrades, but here's what you should know before spending another $250 on them.
CISA: CVE Program to Focus on Vulnerability Data Quality
CISA seeks funding for CVE program
•
SecurityWeek / 15h
CISA says it is time for the CVE Program to focus on improving trust, responsiveness, and the caliber of vulnerability data. The post appeared first on SecurityWeek .
Privacy activists warn digital ID won’t stop small boats – but will enable mass surveillance
The Register – Security / 16h
Big Brother Watch says a so-called BritCard could turn daily life into one long identity check – and warn that Whitehall can’t be trusted to run A national digital ID could hand the government the tools for population-wide surveillance – and if history is anything to go by,

Comments