CyberNews: 26/09/2025 Edition

Today’s roundup

Summary

Fortra's GoAnywhere MFT software suffered exploitation of a CVSS 10.0 vulnerability (CVE-2025-10035) starting September 10, 2025, a week before public disclosure. The UK NCSC confirmed Cisco ASA firewalls were compromised via zero-days (CVE-2025-20333/CVE-2025-20362) to deploy RayInitiator and LINE VIPER malware, prompting CISA to issue an emergency directive for federal agencies to mitigate by September 26. Salesforce patched a critical AI Agentforce vulnerability (CVSS 9.4) allowing CRM data theft via indirect prompt injection. Microsoft reported a macOS XCSSET malware variant targeting Firefox with enhanced encryption and clipboard hijacking. Vane Viper's infrastructure generated 1 trillion DNS queries to support global malvertising and ad fraud. Chinese APT UNC5221 deployed new Brickstorm backdoor variants on network edge devices lacking EDR protection. A LockBit ransomware variant with cross-platform capabilities emerged as its most dangerous iteration. Interpol's Operation Contender 3.0 led to 260 arrests targeting African BEC and romance scam networks. Attackers exfiltrated personal data of 8,000 children from Kido nurseries, with ransom demands confirmed by the BBC.

Want to dig deeper?

Vulnerabilities