A US court ordered NSO Group to pay $167 million to WhatsApp due to a 2019 hacking campaign using Pegasus spyware that compromised over 1,400 users. WhatsApp confirmed the vulnerability was resolved and less than 200 users were affected.

Zscaler confirmed a data breach on August 31, 2025, due to a supply chain attack that compromised its Salesforce instance through Salesloft Drift. The breach exposed customer contact data, including names, emails, and job titles, due to compromised Salesforce credentials.

Web browsers, particularly Chrome and Firefox, are targeted by sophisticated attacks exploiting vulnerabilities for code execution and data breaches. Enterprises face high stakes amid remote work shifts, necessitating adaptive security measures.

Tenable reported multiple unpatched vulnerabilities in Linux distributions on August 31, 2025, including CVE-2025-38515, CVE-2025-38539, CVE-2025-38545, CVE-2025-38501, CVE-2025-38506, CVE-2025-38524, and CVE-2025-38517, all with high CVSS scores and no known solutions.

A critical vulnerability, CVE-2025-29927, in Next.js allows unauthenticated attackers to bypass authorization via the x-middleware-subrequest header. The flaw impacts multiple versions, enabling access to protected routes and admin interfaces.

Chris Wallis warns that API sprawl is turning small and mid-sized businesses (SMBs) into prime targets for cyberattacks. SMBs are particularly vulnerable due to limited cybersecurity resources and expanding attack surfaces from cloud adoption and API sprawl.

In September 2025, hackers demanded Google fire Austin Larsen and Charles Carmakal and halt its investigation, threatening to leak Google's data. The hackers gained access to a Google sales database through a third-party Salesforce system.

L'Ordine dei giornalisti del Lazio was targeted by a ransomware attack on 2025-09-01, attributed to “DragonForce”. The attack disabled systems and internet, potentially exposing data of over 20,000 members.

A serious security issue was discovered in the WordPress Paid Membership Subscriptions plugin, affecting versions 2.15.1 and below. The vulnerability, tracked as CVE-2025-49870, is an unauthenticated SQL injection flaw.

Debian reported a vulnerability (CVE-2025-54989) in firebird, causing denial of service. The flaw exists in XDR message parsing, and patched versions include 4.0.6.

A high-risk OS command injection vulnerability, CVE-2025-9752, was reported in D-Link DIR-852 1.00CN B09. The vulnerability involves the soapcgi_main function, allowing remote OS command injection.

A critical vulnerability, CVE-2025-54857, was reported in SkyBridge BASIC MB-A130 Ver.1.5.8 and earlier. A remote attacker could execute arbitrary OS commands with root privileges.

A critical security vulnerability, CVE-2025-57803, was discovered in ImageMagick, an open-source image processing software. The vulnerability could allow attackers to remotely execute arbitrary code and affects 32-bit builds.

NVD reported a vulnerability, CVE-2025-9755, in Khanakag-17 Library Management System. The vulnerability affects an unknown function of the /index.php file, leading to cross-site scripting, with a CVSS v4.0 score of 5.3.

NVD reported a vulnerability, CVE-2025-9749, in HKritesh009 Grocery List Management Web App. The vulnerability involves SQL injection with a CVSS 3.x base score of 7.3.

A critical client-side remote code execution (RCE) vulnerability in Google Web Designer exposes Windows users to full system compromise. The vulnerability, affecting versions prior to 16.4.0.0711, allows attackers to inject malicious CSS.

Tenable released Nessus plugin ID 260001 on August 31, 2025, to identify the unpatched vulnerability CVE-2025-8715 in Linux/Unix systems. This vulnerability involves improper handling of newlines in pg_dump within PostgreSQL, potentially allowing code injection.

Researchers reported a malvertising campaign on Meta targeting Android users with Brokewell spyware, which steals cryptocurrencies and bypasses 2FA. The malware is distributed through fraudulent social media ads promising free financial services, tricking users into downloading malicious applications.

Threat actors are exploiting Windows Search in an AnyDesk ClickFix attack to spread MetaStealer, a commodity infostealer. The attack begins with a phishing page mimicking an AnyDesk download, featuring a fake Cloudflare Turnstile human-verification prompt.