Daily Security Briefing 004

September 9, 2025 | Read Online
Ivanti RCE Flaws, Microsoft Patch Tuesday, Ransomware Indictment, Code Package Crypto Theft

Executive Summary

Today’s cybersecurity landscape highlights multiple critical vulnerabilities in Ivanti products, underscoring the ongoing risks in enterprise endpoint and network security. Microsoft’s Patch Tuesday update addresses over 80 flaws but notably contains no zero-day exploits this month. Law enforcement continues to disrupt ransomware operations with the indictment of a Ukraine-based suspect linked to widespread attacks. Additionally, supply chain threats persist, as evidenced by compromised popular JavaScript packages rigged to steal cryptocurrency. Emerging malware like the RatOn Android trojan and Salat Stealer demonstrate increasing sophistication in automated fraud and credential theft.

Top Articles

New Cryptanalysis of the Fiat-Shamir Protocol
A recent research paper revisits the security of the Fiat-Shamir transformation, revealing theoretical attacks under unusual conditions. While these findings provide interesting academic insights, they are not expected to translate into practical cryptographic breaks in real-world systems. The topic has a long history of scrutiny, with new nuances continuing to emerge.
Schneier

Ivanti Endpoint Manager Vulnerabilities Allow Remote Code Execution by Attackers
Two critical flaws in Ivanti Endpoint Manager versions 2024 SU3 and 2022 SU8 permit remote code execution with minimal user interaction, originating from insufficient filename validation. These high-severity vulnerabilities could give attackers complete control over vulnerable endpoints, emphasizing the need for immediate patching.
GBHackers

Multiple Vulnerabilities Discovered in Ivanti Connect Secure, Policy Secure, and ZTA Gateways
Ivanti also disclosed 11 security issues affecting Connect Secure, Policy Secure, ZTA Gateways, and Neurons for Secure Access products. The flaws range in severity from medium to high and include missing authorization checks and CSRF vulnerabilities. No exploitation has been reported, but patches are available and should be applied promptly.
GBHackers

Microsoft Patch Tuesday, September 2025 Edition
Microsoft released security updates fixing more than 80 vulnerabilities in Windows and related software, including 13 critical issues. There are no known active zero-day exploits this month. Concurrently, Apple and Google addressed zero-day bugs in their recent updates, reflecting ongoing vendor efforts to strengthen device security.
KrebsOnSecurity

Salat Stealer Uses Advanced C2 Infrastructure to Exfiltrate Browser Credentials
The Go-based Salat Stealer exemplifies sophisticated malware with a complex command-and-control framework. It targets Windows systems to extract browser credentials, cryptocurrency wallets, and session data while employing multiple evasion techniques, highlighting growing threats to sensitive personal and financial information.
CyberPress

Police Body Camera Apps Transmitting Data to Chinese Cloud Servers via TLS Port 9091
Security analysis uncovered that low-cost police body camera apps transmit sensitive metadata over TLS port 9091 to cloud servers located in China. This practice raises concerns regarding data sovereignty, encryption validation, and the integrity of digital evidence, potentially impacting law enforcement data handling protocols.
CyberPress

U.S. Indicts Ukrainian National for Hundreds of Ransomware Attacks Using Multiple Variants
Volodymyr Viktorovych Tymoshchuk, allegedly behind prolific ransomware variants including Nefilim, LockerGoga, and MegaCortex, was indicted by the U.S. Department of Justice. These ransomware campaigns have impacted hundreds of companies worldwide, marking a significant step in international cybercrime disruption efforts.
CyberScoop

18 Popular Code Packages Hacked, Rigged to Steal Crypto
At least 18 widely used JavaScript packages, collectively downloaded billions of times weekly, were briefly compromised after a developer was phished. The injected malware aimed to steal cryptocurrency, illustrating ongoing threats in open-source supply chains and reinforcing the need for vigilant maintenance and security practices.
KrebsOnSecurity

Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Threat actors increasingly exploit the Axios HTTP client and Microsoft’s Direct Send feature to streamline sophisticated phishing campaigns. Axios-related suspicious activity surged 241% from June to August 2025, highlighting evolving tactics to bypass traditional multi-factor authentication protections.
TheHackerNews

Windows 10 KB5065429 Update Includes 14 Changes and Fixes
Microsoft’s KB5065429 cumulative update for Windows 10 22H2 and 21H2 resolves 14 issues, including fixes for unexpected user account control prompts and severe lag problems with NDI streaming software. Users are encouraged to install the update to improve system stability.
BleepingComputer

RatOn Android Malware Detected With NFC Relay and ATS Banking Fraud Capabilities
The RatOn malware for Android has evolved into a powerful remote access trojan combining NFC relay attacks with Automated Transfer System fraud, enabling seamless overlay attacks and automatic financial transactions. This hybrid approach represents a notable advancement in mobile banking malware sophistication.
TheHackerNews

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.