Patch Tuesday notes.

Summary

By the CyberWire staff

Patch Tuesday notes.

Microsoft yesterday issued patches for 81 vulnerabilities, including two publicly disclosed zero-day flaws, BleepingComputer reports. One of the zero-days (CVE-2025-55234) affects Windows SMB Server and could allow attackers to perform relay attacks and elevate privileges. The other zero-day (CVE-2024-21907) is a denial-of-service flaw that could be exploited by a remote, unauthenticated attacker. While these flaws were publicly known before patches were available, there's been no evidence of active exploitation.

The Register warns that SAP has fixed four critical flaws, including one with a CVSS score of 10. The maximum-severity vulnerability (CVE-2025-42944) affects SAP NetWeaver and can allow an unauthenticated attacker to "exploit the system through the RMI-P4 module by submitting [a] malicious payload to an open port." This "deserialization of such untrusted Java objects could lead to arbitrary OS command execution."

SecurityWeek notes that Adobe, Fortinet, Ivanti, and Nvidia released patches for high- and medium-severity vulnerabilities affecting their products. The publication also has a roundup of ICS patches, with fixes from Rockwell Automation, Siemens, Schneider Electric, and Phoenix Contact.

Think your certificate security is covered? 47-day renewals will raise the stakes.

By March 2026, TLS certificate lifespans will be cut in half, meaning double today’s renewals. In 2029, certificates will expire every 47 days, demanding 8–12x the renewal volume. That’s exponential complexity, operational workload, and risk...unless you modernize your strategy. CyberArk — proven in identity security — is your partner in certificate security. We simplify lifecycle management with visibility, automation, and control at scale. Scan for vulnerabilities. Streamline operations. Scale security. Master the 47-day shift with CyberArk.

ChillyHell malware targets macOS.

Jamf has published a report on a strain of macOS malware dubbed "ChillyHell" that's been active since 2021. The malware was first observed by Mandiant in a 2022 campaign targeting Ukrainian government officials. Jamf notes, "Between its multiple persistence mechanisms, ability to communicate over different protocols, and modular structure, ChillyHell is extraordinarily flexible. Capabilities such as timestomping and password cracking make this sample an unusual find in the current macOS threat landscape. Notably, ChillyHell was notarized and serves as an important reminder that not all malicious code comes unsigned."

DMV Rising, D.C.’s Premier Conference for Cyber Execs.

The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 18, 2025 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.

US Justice Department charges alleged ransomware administrator.

The US Justice Department has unsealed an indictment charging a 28-year-old Ukrainian national for his alleged role as an administrator for the LockerGoga, MegaCortex, and Nefilim ransomware operations. Justice stated, "[B]etween December 2018 and October 2021, Tymoshchuk used the LockerGoga, MegaCortex, and Nefilim ransomware variants to encrypt computer networks in countries around the world, including in the Eastern District of New York, elsewhere in the United States, France, Germany, the Netherlands, Norway, and Switzerland. These ransomware attacks caused millions of dollars of losses, including damage to victim computer systems, remediation costs, and ransomware payments to the perpetrators."

Tymoshchuk is still at large, and the US is offering $11 million for information leading to his arrest. He's charged with "two counts of conspiracy to commit fraud and related activity in connection with computers, three counts of intentional damage to a protected computer, one count of unauthorized access to a protected computer, and one count of transmitting a threat to disclose confidential information."

Notes.

Today's issue includes events affecting , and Ukraine the United States.

Attacks, Threats, and Vulnerabilities

Salt Typhoon and UNC4841: Silent Push Discovers New Domains; Urges Defenders to Check Telemetry and Log Data (Silent Push) Silent Push has identified dozens of previously unreported domains, all aiming to obtain long-term, stealthy access to targeted organizations, used by the Chinese APT group, Salt Typhoon, along with some related People’s Republic of China (PRC) state-backed threat actors.

Not Safe for Work: Tracking and Investigating Stealerium and Phantom Infostealers | Proofpoint US (Proofpoint) Key findings Proofpoint researchers observed an increase in opportunistic cybercriminals using malware based on Stealerium, an open-source malware that is available “for educational

Technologies, Techniques, and Standards

A New Platform Offers Privacy Tools to Millions of Public Servants (WIRED) From data-removal services to threat monitoring, the Public Service Alliance says its new marketplace will help public servants defend themselves in an era of data brokers and political violence.

Legislation, Policy, and Regulation

Critical infrastructure security tech needs to be as good as our smartphones, top NSC cyber official says (CyberScoop) The top cyber official at the National Security Council said Tuesday that he’s dismayed by the lag in security technology embedded in critical infrastructure, saying it pales in comparison to the tech in modern smartphones.

UK Online Safety Act: What does it mean for online censorship? (Comparitech) “Big Brother is Watching You.” ― George Orwell, 1984 Since 2022, when the UK’s Online Safety Bill (OSA) was first discussed, you’d have been forgiven for thinking, “That’ll never happen.” But happen it did. And, like something out of a dystopian novel, UK residents now face restricted access to various forms of online content and […]

Industry Events

For a complete running list of events, please visit the Event Tracker.

Newly Noted Events

Open Source Security Summit 2025 (Virtual, Sep 25, 2025) The sixth annual Open Source Security Summit brings together business leaders, industry visionaries, and technology users to chart a path forward and highlight the future of open source security solutions at this free virtual event. Register now to explore advancements in open source security and how using open source tools can build trust with customers and consumers.

Events

DMV Rising '25 (Washington, DC, USA, Sep 18, 2025) Join us on September 18, 2025 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.

HackAICon 2025 (Lisbon, Portugal, Sep 25, 2025) The first conference dedicated to combining AI and Ethical Hacking. We're bringing together OffSec pros, hackers, and leading researchers to find practical ways of using AI to secure the internet. Learn about the latest AI Hacking cosmic trends and connect with fellow professionals in engaging conversations. We banned sales pitches from the event - just knowledge sharing, leadership and technical insights.

Don’t miss Jen Easterly, former CISA Director, headlining HIP Conf 25 (Charleston, SC, USA, Oct 7 - 9, 2025) Jen Easterly, former CISA Director, keynotes HIP Conf 2025. A globally recognized cybersecurity leader, Easterly brings unmatched insight into hybrid identity security and resilience. Register now for this must-attend event.

Uniting Women in Cyber 2025 (Crystal City, Virginia, USA, Oct 9, 2025) UWIC is the premier event for cybersecurity leaders, professionals, and aspiring practitioners. Connect with a vibrant community focused on emerging global trends, technological advancements, and workforce development. Attend UWIC 2025 to learn, share ideas, and expand your professional network!

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 09.10.25

Top stories.

Patch Tuesday notes.

ChillyHell malware targets macOS.

US Justice Department charges alleged ransomware administrator.

Notes.

Attacks, Threats, and Vulnerabilities

Technologies, Techniques, and Standards

Legislation, Policy, and Regulation

Newly Noted Events

Events