September Patch Tuesday handles 81 CVEs
The last round of fixes before Win 10’s final shout touches 15 product families, including Xbox
The last round of fixes before Win 10’s final shout touches 15 product families, including Xbox
Related
3 VMware Zero-Day Bugs Allow Sandbox Escape
The now-patched bugs are under active exploit and enable attackers to carry out a wide range of malicious activities, including escaping a virtual machine and gaining access to the underlying host.
NIST Finalizes Differential Privacy Rules to Protect Data
The National Institute of Standards and Technology (NIST) released updated differential privacy guidelines for organizations to follow to protect personally identifiable information when sharing data.
Threat Actors Use ‘Spam Bombing’ Technique to Hide Malicious Motives
Darktrace researchers detailed “spam bombing,” a technique in which threat actors bombard targets with spam emails as a pretense for activity like social engineering campaigns.
Black Basta Pivots to Cactus Ransomware Group
The future of the formerly fearsome cybercriminal group remains uncertain as key members have moved to a new affiliation, in fresh attacks that use novel persistence malware BackConnect.
Botnets Step Up Cloud Attacks Via Flaws, Misconfigurations
Infamous botnets like Mirai are exploiting Web-exposed assets such as PHP servers, IoT devices, and cloud gateways to gain control over systems and build strength.
Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp
Multiple suspected Russia-linked threat actors are “aggressively” targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device…