Latest news as of 9/22/2025, 8:09:05 AM
Bleeping Computer
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. [...]
Bleeping Computer
Starting in October, Microsoft will enforce multi-factor authentication (MFA) for all Azure resource management actions to protect Azure clients from unauthorized access attempts. [...]
Bleeping Computer
Microsoft has found no link between the August 2025 KB5063878 security update and customer reports of failure and data corruption issues affecting solid-state drives (SSDs) and hard disk drives (HDDs). [...]
The Hacker News
An abandoned update server associated with input method editor (IME) software Sogou Zhuyin was leveraged by threat actors as part of an espionage campaign to deliver several malware families, including C6DOOR and GTELAM, in attacks primarily targeting users across Eastern Asia. "Attackers employed sophisticated infection chains, such as hijacked software updates and fake cloud storage or login
The Hacker News
Amazon on Friday said it flagged and disrupted what it described as an opportunistic watering hole campaign orchestrated by the Russia-linked APT29 actors as part of their intelligence gathering efforts. The campaign used "compromised websites to redirect visitors to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft's device code
Dark Reading
Auditing must be seen for what it truly can be: a multiplier of trust, not a bottleneck of progress.
The Register
Up to 29,000 organizations and potentially 370,000 security and IT pros affected Australian development house Click Studios has warned users of its Passwordstate enterprise password management platform to update immediately if not sooner, following the discovery of an authentication bypass vulnerability that opens the doors to an emergency administration account with nothing more than a "carefully crafted URL."…
Dark Reading
Generating exploits with AI and large language models shrinks the time to target software flaws, giving security teams scant time to patch. Can enterprises adapt?
The Register
Senior officials summoned to science and tech committee to explain further Senior officials are being summoned to the UK's Science, Innovation and Technology Committee to explain why the government has not fully implemented the security recommendations made in a secret review following the 2021 Afghan data breach.…
The Hacker News
Generative AI platforms like ChatGPT, Gemini, Copilot, and Claude are increasingly common in organizations. While these solutions improve efficiency across tasks, they also present new data leak prevention for generative AI challenges. Sensitive information may be shared through chat prompts, files uploaded for AI-driven summarization, or browser plugins that bypass familiar security controls.