CyberNews: 10/09/2025 Edition
Today’s roundup
Summary
Microsoft patched 80 vulnerabilities in its September 2025 security update, including critical SMB privilege escalation and Azure CVSS 10.0 flaws. China-linked APT41 group targeted U.S. trade officials with cyber espionage during sensitive negotiations, per House Committee warnings. A new phishing kit called Salty2FA bypasses multifactor authentication across U.S. and EU enterprises, using real-time credential interception. Adobe disclosed critical Commerce/Magento flaw CVE-2025-54236 (CVSS 9.1) allowing account takeovers via improper input validation. SAP resolved three critical NetWeaver vulnerabilities scoring up to CVSS 10.0, including remote code execution risks. A massive npm supply chain attack impacted 20 packages with 2+ billion weekly downloads after maintainer credentials were phished.