CyberNews: 10/09/2025 Edition

Published by Dunateo on 2025-09-10

Today’s roundup

Microsoft Fixes 80 Flaws — Including SMB PrivEsc and Azure CVSS 10.0 Bugs

China-Linked APT41 Hackers Target U.S. Trade Officials Amid 2025 Negotiations

Watch Out for Salty2FA: New Phishing Kit Targeting US and EU Enterprises

Adobe Commerce Flaw CVE-2025-54236 Lets Hackers Take Over Customer Accounts

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

Supply Chain Attack Targets npm, Exposing Over 2 Billion Weekly Downloads

Summary

Microsoft patched 80 vulnerabilities in its September 2025 security update, including critical SMB privilege escalation and Azure CVSS 10.0 flaws. China-linked APT41 group targeted U.S. trade officials with cyber espionage during sensitive negotiations, per House Committee warnings. A new phishing kit called Salty2FA bypasses multifactor authentication across U.S. and EU enterprises, using real-time credential interception. Adobe disclosed critical Commerce/Magento flaw CVE-2025-54236 (CVSS 9.1) allowing account takeovers via improper input validation. SAP resolved three critical NetWeaver vulnerabilities scoring up to CVSS 10.0, including remote code execution risks. A massive npm supply chain attack impacted 20 packages with 2+ billion weekly downloads after maintainer credentials were phished.

Want to dig deeper?

Vulnerabilities

CVE-2025-54236