Major Incidents or Breaches

  • Apple has sent a fourth round of spyware notifications to users in France in 2025, with CERT-FR confirming a targeted spyware campaign against Apple device users in the country.
  • Dassault Systèmes DELMIA Apriso Manufacturing Operations Management (MOM) software is being actively exploited via a critical remote code execution vulnerability (CVE-2025-5086), with multiple advisories and warnings from CISA.
  • A payment system vendor (KioSoft) reportedly took over a year to patch a critical NFC card vulnerability that enabled infinite card top-ups, despite being notified in 2023.
  • A new ransomware group called Yurei was identified, with initial victim data published.

Newly Discovered Vulnerabilities

  • Samsung has patched a critical zero-day vulnerability (CVE-2025-21043) in its Android devices, which was exploited in the wild, including attacks reported via WhatsApp.
  • A new ransomware strain, HybridPetya, has been discovered. It is a Petya/NotPetya copycat that can bypass UEFI Secure Boot protections by exploiting CVE-2024-7344.
  • Academics have disclosed VMScape, a new Spectre variant attack capable of breaking cloud isolation by leaking arbitrary memory through speculative execution flaws.
  • DELMIA Apriso MOM software is affected by CVE-2025-5086, a deserialization of untrusted data flaw allowing remote code execution, currently under active exploitation.
  • Undocumented radios have been found in solar-powered devices used in US highway infrastructure, raising concerns about unreported communications capabilities.

Notable Threat Actor Activity

  • A new ransomware group, Yurei, was discovered on 5 September, with evidence of at least one victim being targeted.
  • HybridPetya ransomware demonstrates advanced capabilities by bypassing UEFI Secure Boot and targeting the EFI System Partition, indicating continued adaptation of malware based on known destructive strains.

Trends, Tools, or Tactics of Interest

  • AI-powered phishing and social engineering attacks are reported to be significantly more successful than traditional methods, contributing to increased ransomware losses.
  • HybridPetya’s use of a UEFI Secure Boot bypass highlights a trend towards targeting firmware-level security mechanisms.
  • The security of cloud-native applications is being challenged by the proliferation of containers, Kubernetes, and serverless technologies, with an increased emphasis on runtime visibility.
  • Bug bounty hunters are combining tools like Burp Suite Professional and HackerOne to uncover high-impact vulnerabilities more efficiently.
  • Agentic and AI-powered browsers are emerging, raising questions about their security implications.

Regulatory or Policy Developments Affecting the Security Industry

  • CISA announced a renewed focus for the CVE Program on improving the quality, trust, and responsiveness of vulnerability data.
  • Microsoft reminded customers that Windows 11 23H2 Home and Pro editions will reach end of support in 60 days, after which they will stop receiving security updates.