🚨 OnePlus Alert: A CVE-2025-10184 flaw (CVSS 8.2) in OxygenOS lets any malicious app read your SMS—including MFA codes—without permission or warning.

Unpatched since OxygenOS 12 (2021). OnePlus says it’s investigating.

Protect your accounts now → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#texts-laid-bare

🚨🚨 New variant of XCSSET macOS malware spotted.

It can hijack crypto transactions by swapping wallet addresses, targets Firefox, and hides in shared Xcode projects with stronger persistence tricks.

Full details → https://thehackernews.com/2025/09/new-macos-xcsset-variant-targets.html

🚨 Important: Hackers quietly exploited Fortra GoAnywhere MFT a full week before anyone knew.

CVE-2025-10035 (CVSS 10.0) gave them pre-auth RCE to slip in an “admin-go” backdoor and drop payloads.

Patch now: 7.8.4 / 7.6.3.

Full story → https://thehackernews.com/2025/09/fortra-goanywhere-cvss-10-flaw.html

🚨 West Sussex man arrested over ransomware attack that crippled baggage & check-in systems at major European airports, including Heathrow.

Collins Aerospace confirms “HardBit” ransomware caused hundreds of flight delays.

NCA probe ongoing → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#basic-ransomware-big-chaos

⚡ Blue Report 2025:

• Data exfiltration stopped just 3% of the time
• 54% of attacker moves left no logs
• Only 14% triggered alerts

Dashboards don’t prove safety—BAS is the crash test that shows if your defenses really hold.

Read → https://thehackernews.com/2025/09/crash-tests-for-security-why-bas-is.html

⚠️ Two big cyber hits making waves:

🇷🇺 COLDRIVER hackers are tricking people with fake CAPTCHAs to drop a stealthy PowerShell backdoor that steals files and hides its tracks.

💥 At the same time, Bearlyfy ransomware is tearing through Russian companies—30+ victims so far, ransoms reaching €80K.

Full story → https://thehackernews.com/2025/09/new-coldriver-malware-campaign-joins-bo.html

🚨 Two fresh phishing campaigns, one big warning:

🇺🇦 Hackers posing as Ukraine’s National Police use SVG attachments to launch a chain that steals passwords & mines crypto.

🇻🇳 Another crew lures victims with fake copyright notices, ending in PureRAT backdoors for full remote control.

Full story → https://thehackernews.com/2025/09/researchers-expose-svg-and-purerat.html

🚨 CISA: Hackers exploited GeoServer CVE-2024-36401 RCE to breach a U.S. federal agency on July 11, 2024—moving laterally across servers and deploying China Chopper web shells & LotL tools.

Full advisory → https://thehackernews.com/2025/09/threatsday-bulletin-rootkit-patch.html#geoserver-hole-exploited

🚨 China-linked cyber groups are upgrading their weapons:

• PlugX: hides in the Mobile Popup app, decrypts payloads in memory with XOR-RC4-RtlDecompressBuffer, packs a keylogger.

• Bookworm: slips shellcode in UUID strings to dodge detection.

Full story → https://thehackernews.com/2025/09/china-linked-plugx-and-bookworm-malware.html

🚨 First real-world MCP server backdoor spotted!

A fake npm package postmark-mcp silently BCC’d every email to an attacker—over 1,600 downloads before removal.

⚠️ One line of code. Thousands of stolen emails.

Read now → https://thehackernews.com/2025/09/first-malicious-mcp-server-found.html

🚨 Microsoft warns — Hackers used LLM-generated code to hide malware in an SVG file disguised as a business dashboard, bypassing defenses with self-addressed emails + invisible scripts.

Details → https://thehackernews.com/2025/09/microsoft-flags-ai-driven-phishing-llm.html

🕵️‍♀️ Missed the action? Hackers didn’t rest—neither should you.

See the key security stories you might have missed.

Check full recap → https://thehackernews.com/2025/09/weekly-recap-cisco-0-day-record-ddos.html

🚨 SOCs are drowning: 40% of security alerts go uninvestigated, and 61% of the ones ignored later turn out to be critical.

Teams face 3,000+ daily alerts and 70-minute investigations—far slower than the 48 minutes attackers need to compromise.

Read → https://thehackernews.com/2025/09/the-state-of-ai-in-soc-2025-insights.html

🚨 EvilAI is live and global: Malware hidden inside “legit” AI & productivity apps is quietly invading manufacturing, healthcare, gov & tech across 🇮🇳 🇺🇸 🇫🇷 🇧🇷 and more.

🕵️‍♂️ Uses real code-signing certs, AES-encrypted C2, even NeutralinoJS tricks to slip past detection.

Read → https://thehackernews.com/2025/09/evilai-malware-masquerades-as-ai-tools.html

🚨 Linux/Unix alert: CISA just flagged a critical Sudo flaw (CVE-2025-32463, CVSS 9.3) now exploited in the wild.

Attackers can hijack sudo’s --chroot option to run arbitrary commands as root—even if not in sudoers.

Details → https://thehackernews.com/2025/09/cisa-sounds-alarm-on-critical-sudo-flaw.html

🚨 U.K. police just seized £5.5B ($7.4B) in crypto—the largest Bitcoin confiscation in history.

A Chinese fraudster duped 128,000 victims, laundered funds into 61,000 BTC, and tried to hide in London with fake IDs.

The twist? She was caught buying property.

Full story → https://thehackernews.com/2025/09/uk-police-just-seized-55-billion-in.html

🚨 Shadow AI is exploding inside enterprises. Employees are adopting LLM-powered apps without oversight—creating blind spots, supply chain risks, and data leaks.

Wing Security says traditional defenses can’t keep up. The fix? Real-time discovery + AI supply chain governance.

Read → https://thehackernews.com/2025/09/evolving-enterprise-defense-to-secure.html

🚨 A new Android banking trojan is here: Datzbro.

It doesn’t just steal logins—it recreates your screen in real time for full device takeover.

Victims? Seniors lured via fake “active trip” groups on Facebook.

Details → https://thehackernews.com/2025/09/new-android-trojan-datzbro-tricking.html

🔥 [New] VMware zero-day (CVE-2025-41244) exploited in the wild!

UNC5174 popped root by abusing a regex bug in get_version() — drop /tmp/httpd, open a socket, and you’re root.

Already active since Oct ’24.

Details → https://thehackernews.com/2025/09/urgent-china-linked-hackers-exploit-new.html