CyberNews: 10/09/2025 Edition

Published by Dunateo on 2025-09-10

Today’s roundup

  • Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs
  • China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations
  • Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises
  • Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts
  • SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws
  • Supply Chain Attack Targets npm, Exposing Over 2 Billion Weekly Downloads
  • Summary

    Microsoft patched 80 vulnerabilities in its September 2025 security update, including critical SMB privilege escalation and Azure CVSS 10.0 flaws. China-linked APT41 group targeted U.S. trade officials with cyber espionage during sensitive negotiations, per House Committee warnings. A new phishing kit called Salty2FA bypasses multifactor authentication across U.S. and EU enterprises, using real-time credential interception. Adobe disclosed critical Commerce/Magento flaw CVE-2025-54236 (CVSS 9.1) allowing account takeovers via improper input validation. SAP resolved three critical NetWeaver vulnerabilities scoring up to CVSS 10.0, including remote code execution risks. A massive npm supply chain attack impacted 20 packages with 2+ billion weekly downloads after maintainer credentials were phished.

    Want to dig deeper?

    Vulnerabilities

  • CVE-2025-54236