September 13, 2025

Hello all,

This past week was Patch Tuesday for Microsoft and a number of other vendors, when as usual, dozens and dozens of vulnerabilities and defects were announced. The clock is now ticking for threat actors to exploit them before defenders patch them. The race is on! The Salesloft Drift hack continues to be in the news with more companies reporting breaches, and an interesting report saying that Drift was hacked via a third-party supplier of theirs, making the subsequent Salesforce breaches a fourth-party breach.

This email and video commentary is from the RedDotSecurity.news website that contains a plethora of links to other items, not mentioned here, that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than what is provided in these opening comments. So, on to the headline news.

Headline NEWS:

• Adobe released updates for 9 products on Patch Tuesday, including one that they’d alerted on earlier in the week for Magento eCommerce dubbed, SessionReaper. Researchers are urging immediate patching to prevent abuse “via automation, at scale.”
• Cisco has plugged several defects in IOS XR, one of which could enable attackers to insert their own files into the ISO image, which could then be loaded into the devices. Cisco is not aware of any active exploitation. So, patch soon.
• Fortinet has fixed a maximum-severity vulnerability in FortiDDoS, a product that is designed to fight off Distributed Denial of Service attacks. This defect could allow an authenticated user to execute unauthorized commands and take over the system. Organizations are urged to update immediately.
• Ivanti Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access, are currently not so secure. Nine separate security defects have updates available. I still shudder when the name Ivanti shows up in the news, recalling their 2021 Pulse Secure breach that was devastating for so many clients worldwide. Patch soon.
• SAP fixed a maximum severity defect in NetWeaver. The Register news site described it as winning Patch Tuesday for the worst flaw. Multiple other SAP products received fixes, so check for updates immediately and patch quickly, especially since the worst one appears to be trivial to exploit.
• Salesloft Drift was apparently compromised via a March to June 2025 breach of their GitHub account by threat actor UNC6395. Hundreds of companies worldwide had their Salesforce accounts breached because of this fourth-party breach. It seems that you need to go pretty far down the rabbit hole to see the bottom in this evolving case.
• Microsoft Patch Tuesday was smaller than last month, with only 81 defects and two zero-day vulnerabilities receiving patches. Obviously, all of the fixes offered by Big Redmon are important, however, three of the items should be prioritized, the Windows SMB privilege escalation bug, a SQL Server defect in Newtonsoft.Json, and Microsoft Office needs updating due to a remote code execution defect.
• Zoom completes our A to Z parade of fixes with multiple vulnerabilities such as cross-site scripting, buffer overflow, and permission elevation. If you use Zoom, check for updates.

In Ransomware, Malware, and Vulnerabilities News:

• Ransomware, Malware and Vulnerability news was dominated by the Salesloft Drift breach for a second week. But there were some good news items, at least for defenders, such as the Czech Republic breaking up a Belarus spy network, Ukraine taking down a global hacking ring, the US charging a ransomware admin in court, and the admin of a cybercrime marketplace pleading guilty in US court. There were a ton of news items, so be sure to check out the full list of links at RedDotSecurity.news.

In Other News Events of Note and Interest:

• Google Chrome turned 17 years old. Addy Osmani, a Software Engineer with Google, wrote an excellent blog article about Google Chrome and how it came to be, and where it is now. What started out as a skunkworks project, is now the most used browser in the world. It is worth reading this post to understand the ubiquitous browser’s evolution and future direction.

Musings:

In the movie Forrest Gump, the main character famously tells someone sitting at a bus stop bench, “My mama always said, ‘Life is like a box of chocolates. You never know what you’re gonna get.'” The internet is like the ultimate box of chocolate, not only do you not know what you’re gonna get, but sometimes it is completely foreign or exactly what you needed, surprisingly beautiful or unbelievably ugly, interesting or boring, and sometimes it is lifegiving or deadly. Be careful what chocolates you choose, and where you get them from.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Adobe patches critical SessionReaper flaw in Magento eCommerce platform
• SessionReaper, a critical bug in Magento & Adobe Commerce
• Cisco Patches High-Severity IOS XR Vulnerabilities
• FortiDDoS OS Command Injection Vulnerability Let Attackers Execute Unauthorized Commands
• Multiple Vulnerabilities Discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways
• Patch Tuesday – SAP fixes maximum severity NetWeaver command execution flaw
• SAP ‘wins’ Patch Tuesday with worse flaws than Microsoft
• SAP warns of high-severity vulnerabilities in multiple products
• Salesloft Drift Breach Traced to GitHub Compromise and Stolen OAuth Tokens
• Salesloft says Drift customer data thefts linked to March GitHub account hack
• GitHub Account Compromise Led to Salesloft Drift Breach Affecting 22 Companies
• Microsoft September 2025 Patch Tuesday fixes 81 flaws, two zero-days
• Critical Flaws in Microsoft Office Enable Remote Code Execution by Attackers
• Zoom Security Update – Patch for Multiple Vulnerabilities in Clients for Windows and macOS 

Ransomware, Malware, and Vulnerabilities News

• CISA pushes final cyber incident reporting rule to May 2026
• CISA ‘fired up’ to chart new vision for CVE program
• FBI Warns of UNC6040 and UNC6395 Targeting Salesforce Platforms in Data Theft Attacks
• Pentagon publishes final cybersecurity rules for contractors
• TIME’s Kid of the Year Is Protecting Seniors From Cybercrime
• Cybersecurity research is getting new ethics rules, here’s what you need to know
• Czech Republic and allies break up Belarus spy network across Europe
• Czech cybersecurity agency warns against Chinese solar inverters
• Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure
• Ukraine cracks global hacking ring behind billions in damages
• Kosovo hacker pleads guilty to running BlackDB cybercrime marketplace
• US charges admin of LockerGoga, MegaCortex, Nefilim ransomware
• S. places $11 million bounty on Ukrainian ransomware mastermind
• An Attacker’s Blunder Gave Us a Look Into Their Operations
• Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence
• Study shows mandatory cybersecurity courses do not stop phishing attacks
• Chrome Security Update Patches Critical Remote Code Execution Vulnerability
• Google Drive Desktop for Windows Vulnerability Grants Full Access to Another User’s Drive
• Palo Alto User-ID Credential Agent: Cleartext Exposure of Service Account password
• Bank Hacking Has Doubled Since 2023 And Investors Are Getting Spooked
• RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities
• Why You Should Never Use Free Online PDF Converters
• Identity management was hard, AI made it harder
• Undocumented Radios Found in Solar-Powered Devices
• Surge in networks scans targeting Cisco ASA devices raise concerns
• New VMScape attack breaks guest-host isolation on AMD, Intel CPUs
• Chinese cyber spies impersonated key U.S. lawmaker
• Hackers hide behind Tor in exposed Docker API breaches
• GPUGate Malware Uses Google Ads and Fake GitHub Commits to Target IT Firms
• Google, Microsoft account takeover made easy via VoidProxy
• Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
• Salty2FA Takes Phishing Kits to Enterprise Level
• SpamGPT – AI-powered Email Attack Tool Used By Hackers To Launch Massive Phishing Attack
• npm Author Qix Compromised via Phishing Email in Major Supply Chain Attack
• Ledger CTO warns users to halt onchain transactions amid massive NPM supply chain attack
• More npm packages poisoned, but would-be thieves get little
• Oops, No Victims: The Largest Supply Chain Attack Stole 5 Cents
• Massive NPM Supply Chain Hack Targets Crypto Wallets but Nets Just $50
• Over 6,700 Private Repositories Made Public in Nx Supply Chain Attack
• Hackers steal 3,325 secrets in GhostAction GitHub supply chain attack
• DuckDB NPM packages 1.3.3 and 1.29.2 compromised with malware
• Max severity Argo CD API flaw leaks repository credentials
• iCloud Calendar abused to send phishing emails from Apple’s servers
• ChillyHell’ backdoor hid in notarized Mac apps for four years
• Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance
• Samsung patches actively exploited zero-day reported by WhatsApp
• PgAdmin Vulnerability Lets Attackers Gain Unauthorized Account Access
• Windows Defender Vulnerability Allows Service Hijacking and Disablement via Symbolic Link Attack
• GhostRedirector Hackers Compromise Windows Servers With Malicious IIS Module To Manipulate Search Results
• 71% of CISOs hit with third-party security incident this year
• What the Salesloft Drift breaches reveal about 4th-party risk
• ‘MostereRAT’ Blends In, Blocks Security Tools
• AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto
• New Buterat Backdoor Malware Found in Enterprise and Government Networks
• ZynorRAT Attacking Windows and Linux Systems to Gain Remote Access
• New Android RAT uses Near Field Communication to automatically steal money from devices
• NVIDIA NVDebug Tool Vulnerability Let Attackers Escalate Privileges
• Sophos Wireless Access Points Vulnerability Let Attackers Bypass Authentication
• Escaping the Confines of Port 445
• Windows BitLocker Vulnerability Let Attackers Elevate Privileges
• Microsoft Windows Defender Firewall Vulnerabilities Let Attackers Escalate Privileges
• Microsoft Warns of Active Directory Domain Services Vulnerability, Let Attackers Escalate Privileges
• NT OS Kernel Information Disclosure Vulnerability
• TransUnion reveals breach of 4.4 million Americans’ data
• Workday Confirms Data Breach – Hackers Accessed Customers Data and Case Information
• SwissBorg hacked for $41M in Solana after Kiln API compromise
• Dark Web Vendor Claims Breach of Anuvu: AWS & Employee Data
• Plex tells users to reset passwords after new data breach
• VC giant Insight Partners notifies staff and limited partners after data breach
• Major blood center says thousands had data leaked in January ransomware attack
• Tenable Data Breach Confirmed -Customer Contact Details Compromised
• Tenable Confirms Data Breach – Hackers Accessed Customers Contact Details
• Lazarus APT Hackers Using ClickFix Technique to Steal Sensitive Intelligence Data
• Elastic Security Incident: Hackers Accessed Email Account Contains Valid Credentials
• Call audio from gym members, employees in open database
• Jaguar Land Rover says data stolen in disruptive cyberattack
• Kids in the UK are hacking their own schools for dares and notoriety
• Update on Middletown, Ohio, cybersecurity attack
• Nueces County, TX update on cyber attack: Nearly $2M in losses
• Somerset County, PA files accessed by cyber criminals to gain personal information
• City of St. Joseph hit by cyberattack, data potentially acquired in breach
• Data breach hits Texas disaster grant system
• Panama Ministry of Economy discloses breach claimed by INC ransomware
• Akira ransomware crims abusing trifecta of SonicWall flaws
• Akira Ransomware Attacks Fuel Uptick in Exploitation of SonicWall Flaw
• ‘Gentlemen’ Ransomware Abuses Vulnerable Driver
• 80% of ransomware attacks now use artificial intelligence
• Ransomware Losses Climb as AI Pushes Phishing to New Heights
• New HybridPetya Ransomware Bypasses UEFI Secure Boot
• Lovesac confirms data breach after ransomware attack claims
• LunaLock Ransomware threatens victims by feeding stolen data to AI models
• CyberVolk Ransomware Targets Windows Systems in Critical Infrastructure and Research Institutions
• Scattered Lapsus$ Hunters Hacker Group Announces Shutdown 

Other News Events of Note and Interest

• Cool Tool: ‘Near Telepathic’ Wearable Lets You Communicate Silently With Devices
• This Tool Installs Windows 11 on Incompatible Devices, Removes AI Fluff
• Eviction Strategies Tool – CISA
• Tiny Vinyl is a new pocketable record format for the Spotify age
• FBI Raids 12 Year Old’s Nuclear Lab – Memphis Boy Achieves Fusion in Bedroom as Agents Test Radiation Levels
• If Microsoft wins this UK court case it might spell the end of second-hand Windows licenses
• Building the Future U.S. Cyber Force
• Space Force Building Tools to Detect Cyberattacks on Satellites
• Brussels faces privacy crossroads over encryption backdoors
• iPhone 17, iPhone Air, AirPods Pro 3, and everything else announced at Apple’s hardware event
• Addy Osmani.com – Google Chrome at 17 – A history of our browser
• E-Paper Display Refresh Rate Reaches New Heights
• Elon Musk: Neuralink could restore partial vision to the blind next year
• Is the Browser Becoming the New Endpoint?
• LLMs are the users now
• Claude can now create and use files
• Data Shows That AI Use Is Now Declining at Large Companies
• Why language models hallucinate
• Google finally details Gemini usage limits
• Citrix products sold under old licenses to get glitchy
• 35 percent of VMware workloads expected to migrate elsewhere by 2028
• Oracle, OpenAI Sign $300 Billion Cloud Deal
• OpenAI and Oracle reportedly ink historic cloud computing deal
• Vimeo to be acquired by Bending Spoons for $1.38 billion
• Medicare Will Start Using AI to Help Make Coverage Decisions Next Year
• Meta might have access to your camera roll. Here’s how to check.
• Microsoft’s Copilot set to transform US government
• Microsoft releases official ISO media for Windows 11 25H2
• Microsoft is discontinuing legacy web components in Windows
• Microsoft will have to sell Teams separately from the rest of 365, or face a huge fine
• Microsoft slips unscathed through EU competition probe after promising to unbundle Teams
• Microsoft: Anti-spam bug blocks links in Exchange Online, Teams
• Microsoft adds malicious link warnings to Teams private chats
• Microsoft testing new AI features in Windows 11 File Explorer
• Microsoft shares Windows 11 24H2, Server 2025 new Registry key and Group Policies for NTLM
• Microsoft fixes streaming issues triggered by Windows updates
• Microsoft fixes app install issues caused by August Windows updates
• Windows 11 KB5065426 & KB5065431 cumulative updates released
• Windows 11’s September patch secretly deletes two programs.
• Windows 10 KB5065429 update includes 14 changes and fixes