ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.
The Washington, D.C., Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 18th, 2025 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
Apple has released updates to fix a zero-day that was exploited in "an extremely sophisticated attack against specific targeted individuals," SecurityWeek reports. The vulnerability (CVE-2025-43300) is an out-of-bounds write issue that can allow malicious image files to result in memory corruption.
Patches are available for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later. Users are advised to update their Apple devices.
CyberArk is the leader behind the world’s most comprehensive machine identity security solution. With capabilities that span secrets, certificate management and workload identities, we enable customers to secure more machine identity use cases with the right level of privilege control. Find out exactly how we’re helping modern organizations secure their machine future.
The US FBI warned yesterday that threat actors tied to Russia's Federal Security Service (FSB) are targeting a 7-year-old vulnerability (CVE-2018-0171) in end-of-life networking devices running Cisco Smart Install. The activity is attributed to the FSB's Center 16, tracked by the cybersecurity industry as "Berserk Bear" or "Dragonfly."
The Bureau stated, "In the past year, the FBI detected the actors collecting configuration files for thousands of networking devices associated with US entities across critical infrastructure sectors. On some vulnerable devices, the actors modified configuration files to enable unauthorized access to those devices. The actors used the unauthorized access to conduct reconnaissance in the victim networks, which revealed their interest in protocols and applications commonly associated with industrial control systems."
The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 18, 2025 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.
20-year-old Noah Michael Urban of Palm Coast, Florida, has been sentenced to ten years in Federal prison after pleading guilty to his involvement with the Scattered Spider criminal gang, KrebsOnSecurity reports. Urban will also need to pay $13 million in restitution and undergo three years of supervised release after serving his sentence. Urban was accused of carrying out SMS and voice phishing attacks against more than 130 companies during the summer of 2022.
Krebs notes that Urban called the sentence "unjust" in a conversation on X, claiming that the judge was biased because another Scattered Spider member hacked the judge's email account during the trial. The prosecutors had initially asked for an eight-year sentence.
Today's issue includes events affecting , and Russia the United States.
Researcher Exposes Zero-Day Clickjacking Vulnerabilities in Major Password Managers (Socket) Hacker Demonstrates How Easy It Is To Steal Data From Popular Password Managers
"Scamlexity": When Agentic AI Browsers Get Scammed () We Put Agentic AI Browsers to the Test - They Clicked, They Paid, They Failed
Commonwealth Bank backtracks on AI job cuts, apologises for 'error' (ABC) CBA has apologised to 45 affected employees after finding customer service roles were not redundant despite introducing an AI-powered "voice-bot", but the union says the damage is done.
Tenable Names Matthew Brown as Chief Financial Officer (Tenable) Tenable names Matthew Brown its new CFO to advance its exposure management leadership and accelerate growth.
Frenos-N2K Partnership Delivers AI-Native OT Security, Expands Pathways for MSSPs (MSSP Alert) (Disclosure: N2K is the publisher of the CyberWire Pro Business Briefing.)
Home Depot Sued for 'Secretly' Using Facial Recognition Technology on Self-Checkout Cameras (PetaPixel) The Home Depot customer says he noticed the camera at a recent trip to the store.
For a complete running list of events, please visit the Event Tracker.
HackAICon 2025 (Lisbon, Portugal, Sep 25, 2025) The first conference dedicated to combining AI and Ethical Hacking. We're bringing together OffSec pros, hackers, and leading researchers to find practical ways of using AI to secure the internet. Learn about the latest AI Hacking cosmic trends and connect with fellow professionals in engaging conversations. We banned sales pitches from the event - just knowledge sharing, leadership and technical insights.
