Samsung released its September 2025 security update to fix a critical zero-day vulnerability that hackers are actively exploiting. The flaw, tracked as CVE-2025-21043, affects Galaxy devices running Android 13-16 and allows remote attackers to execute malicious code by tricking users into processing specially crafted images.

Meta and WhatsApp security teams discovered and privately reported the vulnerability. Samsung confirmed exploits already exist in the wild, making immediate patching crucial. The update also fixes 24 other security flaws, including high-severity issues that could let local attackers run arbitrary code.

Users should install the update immediately through Settings > Software update > Download and install.

Source: Cybersecurity News

Jaguar Land Rover's production shutdown has stretched to 12 days following a devastating cyber attack, with manufacturing now delayed until at least Wednesday. The disruption affects all 34,000 UK workers across factories in Halewood, Solihull, and Wolverhampton, who remain at home on full pay.

The ripple effects are hitting hard across the supply chain. Six thousand workers at JLR suppliers, including Evtec and WHS Plastics, have been temporarily laid off. MPs are now demanding COVID-style financial support, warning that disruption could last "most of September."

A hacking group called Scattered Lapsus$ Hunters claimed responsibility for the attack. Unite union leader Sharon Graham is calling for an emergency furlough scheme to protect jobs in the automotive sector.

Source: Sky News

Cybercriminals are ramping up Akira ransomware attacks by exploiting a year-old vulnerability in SonicWall firewalls. About 40 attacks hit between mid-July and early August, with another wave following soon after. The attacks target CVE-2024-40766, which affects SSL VPN protocols in multiple SonicWall firewall versions.

Rapid7 reports handling multiple incidents weekly, while Australia's Cyber Security Centre warns of attacks on local organizations. Most victims had patched their systems but failed to reset default passwords during firewall migrations from Gen 6 to Gen 7 devices.

Akira ransomware has already impacted over 250 organizations, collecting $42 million in ransom payments. SonicWall has appeared 14 times on CISA's exploited vulnerabilities list since 2021.

Source: CyberScoop

Cybercriminals are using AI to create sophisticated malware disguised as legitimate productivity apps, infecting hundreds of organizations across manufacturing, government, and healthcare sectors in the US, UK, Germany, India, and beyond. The "EvilAI" campaign uses fake apps like Recipe Maker and Manual Finder that actually work as advertised while secretly mapping victim networks and disabling security software.

What makes this campaign particularly dangerous is its professional appearance. The malicious apps feature polished interfaces, real functionality, and valid digital signatures from newly registered companies. The AI-generated malware code is designed to evade traditional antivirus detection.

Trend Micro researchers warn this appears to be preparation for larger future attacks, possibly by initial access brokers setting the stage for ransomware or data theft operations.

Source: Dark Reading

CISA issued 14 security advisories Tuesday highlighting serious vulnerabilities in industrial automation systems from Rockwell and ABB. The flaws affect critical manufacturing infrastructure, including Rockwell's ThinManager software, FactoryTalk platforms, and various controllers, plus ABB's ASPECT, NEXUS, and MATRIX equipment.

The most severe issues include authentication bypasses allowing attackers to take full device control, remote code execution vulnerabilities, and buffer overflows that could crash systems. One Rockwell ThinManager flaw (CVE-2025-9065) scores 8.6 on the severity scale, while ABB vulnerabilities reach 9.8.

Both companies have released patches and recommend immediate updates. CISA emphasizes these systems should never be directly exposed to the internet and must use proper network segmentation and VPN access controls.

Source: Industrial Cyber

A Russia-linked hacking group dubbed "Noisy Bear" has targeted KazMunayGas, Kazakhstan's state-owned oil company and the country's largest corporation. The attackers used phishing emails disguised as urgent company business to trick employees into downloading malware that established hidden access to company systems.

The hackers compromised a finance department email account and sent fake messages about salary schedules and corporate policy changes. Their sophisticated malware bypassed Windows security features and created covert backdoors for long-term espionage.

While KMG claims this was just a security exercise, researchers found evidence linking the attack to sanctioned Russian hosting providers. The timing is significant as European countries seek alternatives to Russian energy amid ongoing geopolitical tensions.

Source: Dark Reading

Jaguar Land Rover has confirmed that hackers breached "some data" during a cyber attack that first emerged last week. The UK's biggest carmaker can't yet specify what information was stolen or whether customer and supplier data was compromised, but promises to contact anyone affected.

The attack has forced JLR to shut down production at factories in the Midlands and Merseyside until at least next Monday, with global facilities also paused. Suppliers and retailers are operating without normal computer systems, disrupting spare parts sourcing and vehicle registration.

A hacker group combining elements of Scattered Spider, Lapsus$, and ShinyHunters has claimed responsibility, posting screenshots of JLR's internal systems on Telegram. The India-owned Tata subsidiary is working with cybersecurity specialists to safely restart operations.

Source: The Guardian

Cybercriminals successfully hijacked 18 widely-used NPM packages after tricking maintainer Josh Junon with a phishing email that appeared to come from NPM support. The fake message directed him to update his two-factor authentication on a lookalike website.

The compromised packages, including popular tools like chalk and debug, collectively see over 2.5 billion weekly downloads. Attackers injected malicious code designed to steal cryptocurrency by intercepting transactions and replacing wallet addresses with their own.

NPM removed the poisoned packages within two hours of the attack being reported. Security firm Wiz estimates the malicious code reached 10% of cloud environments during that brief window, though actual financial damage appears minimal since the attack targeted test addresses rather than real wallets.

Source: Security Week

Cybercriminals are now using the Salty2FA phishing kit to launch attacks that rival legitimate enterprise software in sophistication. Researchers from Ontinue tracked a campaign that deployed advanced features including rotating subdomains, dynamic corporate branding that mimics six different MFA methods, and anti-debugging tactics to evade security teams.

The kit automatically customizes fake login pages based on victim email domains, creating convincing replicas of corporate authentication portals across healthcare, finance, and tech sectors. Attackers quickly set up campaigns using legitimate platforms like Aha.io to build trust before redirecting victims through Cloudflare's security challenges.

Security experts warn these enterprise-grade phishing tools are making even unskilled criminals dangerous, requiring organizations to adopt behavioral detection methods rather than relying on traditional warning signs.

Source: Dark Reading

Attaullah Baig, WhatsApp's former head of security, filed a federal lawsuit Monday claiming Meta endangered billions of users by ignoring critical cybersecurity flaws. Baig alleges 1,500 engineers had unrestricted access to user data without oversight, potentially violating a 2020 government order that cost Meta $5 billion.

The 115-page complaint details how over 100,000 accounts were hacked daily while executives prioritized growth over security fixes. Baig says he repeatedly warned senior leadership, including CEO Mark Zuckerberg, that engineers could steal user data "without detection."

Meta dismissed the claims as "distorted" and said Baig was fired for poor performance, not retaliation. The case adds pressure on Meta's data practices across its platforms serving billions globally.

Source: The Guardian