Best of CybersecuritySeptember 2025

  1. 1
    Article
    Avatar of thnThe Hacker News·30w

    How One Bad Password Ended a 158-Year-Old Business

    KNP Logistics, a 158-year-old UK transport company, was forced into administration after the Akira ransomware group gained access through a weak, easily guessed employee password. The attackers encrypted critical data, destroyed backups, and demanded £5 million ransom, leading to 700 job losses. The incident highlights how basic security failures can destroy established businesses, with 45% of compromised passwords being crackable within a minute. Strong password policies, multi-factor authentication, zero-trust architecture, and tested backup systems are essential defenses against such attacks.

  2. 2
    Video
    Avatar of fireshipFireship·32w

    The largest supply-chain attack ever…

    A massive supply chain attack compromised popular npm packages including Chalk, affecting over 2.5 billion weekly downloads. The attack began with a phishing email targeting maintainer Josh Junan, leading to malicious code that swapped cryptocurrency wallet addresses in web browsers. Despite the widespread impact across JavaScript ecosystems and CI/CD pipelines, attackers only stole about $50 worth of Ethereum before the community detected and neutralized the threat within 2 hours.

  3. 3
    Article
    Avatar of dev_clubDev Club·30w

    Help Needed!

    A call for community contributions to help create educational content for the WBM platform's new Academy section. The author is seeking experienced developers to write lessons for various modules, with details available in a GitHub issue.

  4. 4
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·32w

    AspGoat: The First Intentionally Vulnerable modern ASP.NET Core App for OWASP Top 10

    AspGoat is a new intentionally vulnerable web application built with ASP.NET Core MVC, SQLite, and Entity Framework Core. It addresses the gap in security training tools for modern ASP.NET Core applications, offering hands-on challenges for OWASP Top 10 vulnerabilities including XSS, SQL injection, CSRF, SSRF, and more. The project includes secure coding challenges and comes with official Docker support for easy deployment.

  5. 5
    Video
    Avatar of johnhammondJohn Hammond·29w

    EVERYTHING in cybersecurity (for free)

  6. 6
    Article
    Avatar of collectionsCollections·31w

    Using OSINT to Gather Information from WhatsApp Accounts

    A comprehensive guide demonstrating Open Source Intelligence (OSINT) techniques for gathering personal information from WhatsApp phone numbers. The process covers IP address capture using Wireshark, location tracking, cross-referencing public records, discovering linked accounts and passwords, and conducting reverse image searches. Emphasizes the importance of ethical considerations and legal compliance when using these powerful investigation techniques.

  7. 7
    Article
    Avatar of troyhuntTroy Hunt·29w

    Welcoming CERN to Have I Been Pwned

    CERN, the birthplace of the World Wide Web and home to the Large Hadron Collider, has joined Have I Been Pwned as the 41st intergovernmental organization. This partnership provides CERN with free access to query breach data across all their domains, helping protect their staff from online threats. The announcement highlights CERN's unique position as an intergovernmental organization that transcends national borders while facing the same cybersecurity challenges as sovereign governments.

  8. 8
    Article
    Avatar of kaliKali Linux·30w

    Kali Linux 2025.3 Release (Vagrant & Nexmon)

    Kali Linux 2025.3 introduces significant updates including refreshed HashiCorp Packer and Vagrant workflows, Nexmon support for Raspberry Pi Wi-Fi monitor mode and injection, 10 new security tools, and enhanced NetHunter mobile capabilities. The release also drops ARMel architecture support, adds configurable VPN IP panel plugin for Xfce, and includes CARsenal car hacking toolkit improvements with new automotive Metasploit modules.

  9. 9
    Article
    Avatar of krebsonsecurityKrebs on Security·31w

    Self-Replicating Worm Hits 180+ Software Packages – Krebs on Security

    A self-replicating worm called Shai-Hulud has infected over 180 NPM packages, stealing developer credentials and automatically spreading to other packages. The malware uses stolen NPM tokens to modify popular packages, creates public GitHub repositories to expose stolen secrets, and briefly compromised CrowdStrike packages. Security experts warn this represents a new type of supply chain attack that can lay dormant and restart spreading, calling for mandatory human-verified 2FA for all package publications.

  10. 10
    Article
    Avatar of tcTechCrunch·33w

    Venezuela’s president thinks American spies can’t hack Huawei phones

    Venezuela's president claimed that Huawei phones cannot be hacked by American intelligence agencies, but security experts disagree. Huawei's custom hardware and HarmonyOS operating system may actually make their devices more vulnerable due to newer, less-tested code compared to established platforms like iOS and Android. The NSA has a documented history of targeting Huawei infrastructure and devices, with leaked documents from 2014 revealing extensive penetration of the company's systems for espionage purposes.

  11. 11
    Article
    Avatar of infosecwriteupsInfoSec Write-ups·32w

    How to Ruin Your Weekend: Building a DIY EDR

    A detailed walkthrough of building a custom Endpoint Detection and Response (EDR) system called 'RottenTomato' from scratch. The project demonstrates kernel driver development, process monitoring through Windows callbacks, static analysis of executables, and DLL injection techniques for runtime monitoring. The implementation includes a kernel driver that intercepts process creation events, a static analyzer that examines binaries for suspicious characteristics, and a remote injector that performs user-space hooking to detect malicious memory allocations.

See all Cybersecurity archives