Latest CyberSec News by @thecyberpicker

SAP patches critical NetWeaver and S/4HANA flaws (CVSS 8.1–10.0), preventing code execution, file upload, and data loss.

Adobe Commerce CVE-2025-54236 allows account takeover; hotfix and WAF deployed to block attacks.

The top cyber official at the National Security Council said Tuesday that he’s dismayed by the lag in security technology embedded in critical infrastructure, saying it pales in comparison to the tech in modern smartphones.

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13…

The company is ahead of pace, disclosing about 100 more vulnerabilities at this point in the year than it did in 2024, according to a researcher.

SAP issues 21 new and 4 updated security notes, fixing critical NetWeaver flaws enabling RCE and privilege escalation.

The U.S. Department of the Treasury has sanctioned several large networks of cyber scam operations in Southeast Asia, which stole over $10 billion from Americans last year.

The Department of Justice unsealed an indictment against a Ukrainian national alleged to be central to a ransomware campaign affecting hundreds of companies worldwide.

Researchers found a host of vulnerabilities in the platforms run by RBI to service Burger King, Tim Horton's, and Popeyes.

Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products.

New York Blood Center submitted documents to regulators in Maine, Texas, New Hampshire and California that confirmed the cyberattack, which they said was first discovered on January 26.

A threat actor targeting exposed Docker APIs has updated its malicious tooling with more dangerous functionality that could lay the foundation for a complex botnet.

Attaullah Baig alleges that the social media giant fired him for raising security concerns about its WhatsApp messaging platform.

Volodymyr Tymoshchuk, currently a fugitive, was an administrator for multiple ransomware strains, including LockerGoga, said U.S. prosecutors in unsealing an indictment against the Ukrainian national.

Multiple popular npm packages were compromised in a supply chain attack after a maintainer fell for a phishing attack.

The Department of Justice’s Computer Crime and Intellectual Property Section (CCIPS) is pursuing funds taken from five victims between late October 2022 and March 2023, according to a news release.

Kosovo national Liridon Masurica has pleaded guilty to running BlackDB.cc, a cybercrime marketplace that has been active since 2018.

Microsoft has released Windows 11 KB5065426 and KB5065431 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues.

Today is Microsoft's September 2025 Patch Tuesday, which includes security updates for 81 flaws, including two publicly disclosed zero-day vulnerabilities.

King, a leading voice in the Senate on cybersecurity issues, honed in on the thousands of staffers and experts laid off by CISA, saying the agency has lost 30 percent of its staff and most of its seasoned leaders.

The tiremaker disclosed a cyberattack just days after Jaguar Land Rover was impacted by a major hack that also disrupted production at certain locations.

The agreement is part of a larger strategy for Mitsubishi to develop one-stop security capabilities in the OT space.

The U.S. Department of Justice has charged Ukrainian national Volodymyr Viktorovich Tymoshchuk for his role as the administrator of the LockerGoga, MegaCortex, and Nefilim ransomware operations.

The United States needs a “new, coordinated strategy” to counter its cyber adversaries and “shift the burden of risk in cyberspace from Americans to them,” National Cyber Director Sean Cairncross said Tuesday.

Frankfurt am Main, Germany, 9th September 2025, CyberNewsWire

Shadow assets don't care about your perimeter. EASM finds every internet-facing asset, surfaces unknowns, and prioritizes real risks—so you can fix exposures before attackers do. See how Outpost24 makes it easy.

Adobe is warning of a critical vulnerability (CVE-2025-54236) in its Commerce and Magento Open Source platforms that researchers call SessionReaper and describe as one of " the most severe" flaws in the history of the product.

A threat actor accidentally revealed their AI-powered methods by installing Huntress security software