Incident: Google patches sixth Chrome zero-day of 2025 (CVE-2025-10585) exploited in the wild
Date of Incident (ET): Unknown
Date of Disclosure/Publication (ET): Sept. 18, 2025
Summary: Google released Chrome 140.0.7339.185/.186 for Windows and macOS (140.0.7339.185 for Linux) to fix CVE-2025-10585, a V8 type confusion zero-day under active exploitation; immediate enterprise updates are recommended.
Source: chromereleases.googleblog.com/2025/09/s…
Incident: WatchGuard patches critical Firebox RCE (CVE-2025-9242)
Date of Incident (ET): Unknown
Date of Disclosure/Publication (ET): Sept. 18, 2025
Summary: WatchGuard disclosed an out-of-bounds write in Fireware OS iked enabling unauthenticated remote code execution when IKEv2 VPN features are exposed; updates and mitigations are available via PSIRT advisory.
Source: www.bleepingcomputer.com/news/secu…
Incident: Medical Associates of Brevard breach impacts 246,711 individuals; BianLian claimed January attack
Date of Incident (ET): Jan. 16, 2025
Date of Disclosure/Publication (ET): Sept. 18, 2025
Summary: Florida provider reported to authorities that nearly 250,000 people were affected by a January intrusion attributed to BianLian, with potential exposure of personal and protected health information.
Source: www.securityweek.com/nearly-25…
Incident: Insight Partners confirms ransomware data breach; 12,000+ notified
Date of Incident (ET): Jan. 16, 2025
Date of Disclosure/Publication (ET): Sept. 18, 2025
Summary: Venture capital firm Insight Partners said a ransomware incident resulted in data theft affecting over 12,000 people; notification letters and regulator filings are underway.
Source: www.securityweek.com/insight-p…
Incident: SilentSync RAT delivered via malicious PyPI packages targeting developers
Date of Incident (ET): Aug. 4, 2025
Date of Disclosure/Publication (ET): Sept. 18, 2025
Summary: Zscaler reported two typosquatted PyPI packages that install the SilentSync remote access trojan on Windows systems, enabling data exfiltration and backdoor access; package tokens should be rotated.
Source: thehackernews.com/2025/09/s…
Incident: ShinyHunters claims theft of 1.5 billion Salesforce records using Drift OAuth tokens
Date of Incident (ET): Aug. 8–18, 2025
Date of Disclosure/Publication (ET): Sept. 17, 2025
Summary: ShinyHunters posted samples allegedly from hundreds of Salesforce instances after intrusions abusing OAuth tokens tied to Salesloft Drift; prior advisories linked activity to UNC6395.
Source: www.bleepingcomputer.com/news/secu…
Incident: SonicWall breach exposed firewall configuration backups; customer credential resets urged
Date of Incident (ET): Unknown
Date of Disclosure/Publication (ET): Sept. 17, 2025
Summary: SonicWall confirmed attackers accessed its MySonicWall cloud backup service for firewalls, exposing configuration files; customers are advised to reset passwords, rotate keys and tokens, and review device settings.
Source: www.bleepingcomputer.com/news/secu…
Incident: “Shai-Hulud” self-replicating worm compromises 180+ npm packages in active supply chain attack
Date of Incident (ET): Sept. 16, 2025
Date of Disclosure/Publication (ET): Sept. 16, 2025
Summary: Unit 42 and others detailed a worm that steals developer credentials and republishes tainted npm packages, briefly impacting packages from multiple maintainers; enterprises should audit dependencies and rotate tokens.
Source: krebsonsecurity.com/2025/09/s…
Incident: Microsoft and Cloudflare disrupt RaccoonO365 phishing-as-a-service; 338 domains seized
Date of Incident (ET): Sept. 16, 2025
Date of Disclosure/Publication (ET): Sept. 16, 2025
Summary: Microsoft’s Digital Crimes Unit, with Cloudflare and a U.S. court order, dismantled infrastructure for RaccoonO365 used to steal Microsoft 365 credentials at scale across 94 countries.
Source: blogs.microsoft.com/on-the-is…
Compiled and verified by Generative AI.
