CyberNews: 12/09/2025 Edition

Published by Dunateo on 2025-09-12

Today’s roundup

  • Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories
  • Senator Wyden Urges FTC to Probe Microsoft for Ransomware-Linked Cybersecurity Negligence
  • 'Gentlemen' Ransomware Abuses Vulnerable Driver to Kill Security Gear
  • AI-Enhanced Malware Sports Super-Stealthy Tactics
  • Vidar Infostealer Back With a Vengeance
  • France Warns Apple Users of New Spyware Campaign
  • Fileless Malware Deploys Advanced RAT via Legitimate Tools
  • Bulletproof Host Stark Industries Evades EU Sanctions
  • U.S. CISA adds Dassault Systèmes DELMIA Apriso flaw to its Known Exploited Vulnerabilities catalog
  • Akira Ransomware exploits year-old SonicWall flaw with multiple vectors

    • Summary

    A critical vulnerability in Cursor AI code editor (CVE-2025-5086) allows silent code execution via malicious repositories due to disabled default security settings. Senator Ron Wyden called for an FTC probe into Microsoft's alleged cybersecurity negligence enabling ransomware attacks on U.S. healthcare networks. The 'Gentlemen' ransomware now weaponizes the ThrottleStop.sys driver to disable antivirus and EDR systems. AI-powered malware campaigns deploy Trojanized productivity apps with advanced evasion capabilities, while the Vidar infostealer resurfaces with improved covert data theft techniques. France's cybersecurity agency reported four Apple spyware campaigns targeting users in 2025. A fileless malware campaign uses legitimate tools to deploy AsyncRAT exclusively in memory. Sanctioned bulletproof host Stark Industries continues operations via Dutch and Moldovan shell companies, facilitating Russian cyber operations. CISA added a critical deserialization flaw (CVE-2025-5086) in Dassault Systèmes DELMIA Apriso software to its Known Exploited Vulnerabilities catalog, requiring federal patching by October 2025. The Akira ransomware group exploits CVE-2024-40766 in SonicWall firewalls through credential reuse and SSLVPN misconfigurations.

    Want to dig deeper?

    Vulnerabilities

  • CVE-2025-5086
  • CVE-2024-40766