"U.S. Cybersecurity Agency flags Wi-Fi Range Extender Vulnerability under active attack."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 03 September 2025, 2109 UTC.

Content and Source via email subscription from https://feedly.com.

 https://feedly.com/i/subscription/feed%2Fhttp%3A%2F%2Ffeeds.feedburner.com%2FSecurityweek

Please check subscription link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

SecurityWeek

91K followers33 articles per week

#security#tech

84

Today

US Cybersecurity Agency Flags Wi-Fi Range Extender Vulnerability Under Active Attack

by Ionut Arghire / 2h

Flaw allows attackers to reset and hijack TP-Link TL-WA855RE devices; CISA urges users to retire discontinued extenders. The post appeared first on SecurityWeek .

Google Patches High-Severity Chrome Vulnerability in Latest Update

by Ionut Arghire / 6h

Chrome's latest release addresses a high-severity use-after-free vulnerability in the V8 JavaScript engine that could be exploited for remote code execution. The post appeared first on SecurityWeek .

Cato Networks Acquires AI Security Firm Aim Security

Cato Networks acquires Aim Security

•

by Mike Lennon / 7h

Founded in 2022 to help organizations with the secure deployment of generative-AI utilities, Aim emerged from stealth in January 2024. The post appeared first on SecurityWeek .

Hacker Conversations: McKenzie Wark, Author of A Hacker Manifesto

by Kevin Townsend / 9h

Known for her seminal book, A Hacker Manifesto, Wark reframes hacking as a cultural force rooted in play, creativity, and human nature. The post appeared first on SecurityWeek .

Pennsylvania Attorney General Confirms Ransomware Behind Weeks-Long Outage

2 TTPs

•

by Ionut Arghire / 9h

•

Ransomware attack disrupts Pennsylvania AG

Attack disrupted email, phones, and websites for weeks, but officials say no ransom was paid. The post appeared first on SecurityWeek .

Jaguar Land Rover Operations ‘Severely Disrupted’ by Cyberattack

Jaguar Land Rover faces cyber disruption

•

by Ionut Arghire / 10h

The automotive company said it disconnected its systems, which severely impacted both retail and manufacturing operations. The post appeared first on SecurityWeek .

Yesterday

Security Firms Hit by Salesforce–Salesloft Drift Breach

Data theft targets Salesforce instances

•

by Ionut Arghire / 11h

Hackers accessed customer contact information and case data from Salesforce instances at Cloudflare, Palo Alto Networks, and Zscaler. The post appeared first on SecurityWeek .

Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers

by Ionut Arghire / 1d

Tracked as CVE-2025-57819 (CVSS score of 10/10), the bug is described as an insufficient sanitization of user-supplied data. The post appeared first on SecurityWeek .

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack

3 TTPs

•

by Ionut Arghire / 1d

•

11.5 Tbps DDoS attack thwarted

Part of a wave of DDoS attacks that lasted for weeks, the assault was a UDP flood mainly originating from Google Cloud. The post appeared first on SecurityWeek .

Varonis Acquires Email Security Firm SlashNext

Varonis acquires SlashNext for $150M

•

by SecurityWeek News / 1d

The transaction is valued up to $150 million, including performance-based retention awards, a Varonis spokesperson told SecurityWeek. The post appeared first on SecurityWeek .

Amazon Disrupts Russian Hacking Campaign Targeting Microsoft Users

Amazon disrupts APT29 campaign

•

by Ionut Arghire / 1d

The Midnight Blizzard cyberspies used compromised websites to trick users into authorizing devices they controlled. The post appeared first on SecurityWeek .

WhatsApp Zero-Day Exploited in Attacks Targeting Apple Users

by Ionut Arghire / 1d

The vulnerability (CVE-2025-55177) was exploited along an iOS/macOS zero-day in suspected spyware attacks. The post appeared first on SecurityWeek .

Aug 29, 2025

In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks

by SecurityWeek News / 5d

Noteworthy stories that might have slipped under the radar: communications of dozens of Iranian ships disrupted, only apps from verified developers will run on Android devices, and AI used across multiple phases of malicious attacks. The post appeared first on SecurityWeek .

VerifTools Fake ID Operation Dismantled by Law Enforcement

by Ionut Arghire / 5d

Authorities say VerifTools sold fake driver’s licenses and passports worldwide, enabling fraudsters to bypass KYC checks and access online accounts. The post appeared first on SecurityWeek .

Google Confirms Workspace Accounts Also Hit in Salesforce–Salesloft Drift Data Theft Campaign

Data theft targets Salesforce instances

•

by Ionut Arghire / 5d

Google says the same OAuth token compromise that enabled Salesforce data theft also let hackers access a small number of Workspace accounts via the Salesloft Drift integration. The post appeared first on SecurityWeek .

TransUnion Data Breach Impacts 4.4 Million

by Ionut Arghire / 5d

The credit reporting firm did not name the third-party application involved in the incident, only noting that it was used for its US consumer support operations. The post appeared first on SecurityWeek .

Nevada Confirms Ransomware Attack Behind Statewide Service Disruptions

Impact (Enterprise TA0040)

•

by Mike Lennon / 5d

•

Nevada state offices suspend services

State officials confirm ransomware forced office closures, disrupted services, and led to data theft, as Nevada works with CISA and law enforcement to restore critical systems. The post appeared first on SecurityWeek .

US Sanctions Russian National, Chinese Firm Aiding North Korean IT Workers

US sanctions North Korean fraud network

•

by Ionut Arghire / 5d

US Treasury sanctions Russian and Chinese entities tied to North Korea’s use of fake IT workers, who exploited stolen identities, AI, and malware to funnel millions back to Pyongyang. The post appeared first on SecurityWeek .

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks

Storm-0501 targets cloud-based ransomware

•

by Ionut Arghire / 5d

Storm-0501 has been leveraging cloud-native capabilities for data exfiltration and deletion, without deploying file-encrypting malware. The post appeared first on SecurityWeek .

Aug 28, 2025

China’s Salt Typhoon Hacked Critical Infrastructure Globally for Years

China's Salt Typhoon hacking alert

•

by Ionut Arghire / 6d

China-linked APT ‘Salt Typhoon’ exploited known router flaws to maintain persistent access across telecom, government, and military networks, giving Beijing’s intelligence services global surveillance reach. The post appeared first on SecurityWeek .

CrowdStrike to Acquire Onum to Fuel Falcon Next-Gen SIEM With Real-Time Telemetry

CrowdStrike acquires Onum for SIEM

•

by SecurityWeek News / 6d

CrowdStrike says the acquisition will bring valuable technology to enhance its Falcon Next-Gen SIEM. The post appeared first on SecurityWeek .

Webinar Today: Ransomware Defense That Meets Evolving Compliance Mandates

by SecurityWeek News / 6d

Join this live discussion to learn how organizations can strengthen ransomware defenses while staying ahead of tightening compliance requirements. The post appeared first on SecurityWeek .

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

2 TTPs

•

by Ionut Arghire / 6d

•

Nx build system compromised for theft

With more than 4 million weekly downloads, the Nx build platform became the first known supply chain breach where hackers weaponized AI assistants for data theft. The post appeared first on SecurityWeek .

Aug 27, 2025

Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect

by Kevin Townsend / 7d

AI-powered phishing attacks leverage ConnectWise ScreenConnect for remote access, underscoring their sophistication. The post appeared first on SecurityWeek .

Hundreds of Salesforce Customers Hit by Widespread Data Theft Campaign

by Ionut Arghire / 7d

Google says the hackers systematically exported corporate data, focusing on secrets such as AWS and Snowflake keys. The post appeared first on SecurityWeek .

China-Linked Hackers Hijack Web Traffic to Deliver Backdoor

3 TTPs

•

by Ionut Arghire / 7d

Google researchers say China-linked UNC6384 combined social engineering, signed malware, and adversary-in-the-middle attacks to evade detection. The post appeared first on SecurityWeek .

Nevada State Offices Closed Following Disruptive Cyberattack

by Ionut Arghire / 7d

State websites and phone lines were taken offline, but officials say emergency services and personal data remain unaffected. The post appeared first on SecurityWeek .

Infostealers: The Silent Smash-and-Grab Driving Modern Cybercrime

by Kevin Townsend / 7d

Competition among malware-as-a-service developers has transformed infostealers into refined, accessible tools for cybercriminals worldwide. The post appeared first on SecurityWeek .

Citrix Patches Exploited NetScaler Zero-Day

Citrix patches NetScaler zero-day vulnerabilities

•

by Ionut Arghire / 7d

Zero-day exploited in the wild forces Citrix and CISA to push emergency patch deadlines for federal agencies. The post appeared first on SecurityWeek .

PromptLock: First AI-Powered Ransomware Emerges

by Ionut Arghire / 7d

Proof-of-concept ransomware uses AI models to generate attack scripts in real time. The post appeared first on SecurityWeek .