Weekly Cybersecurity Brief — [Week Ending: 2025-09-17]

by

Introduction

The past week highlighted a surge in critical vulnerabilities and active exploits targeting widely used platforms. Microsoft’s Patch Tuesday addressed over 80 flaws, including two zero-days, while Samsung and Google patched actively exploited vulnerabilities in Galaxy and Android devices. A massive npm supply chain attack compromised 18 JavaScript packages, and ransomware groups intensified attacks on critical infrastructure. Organisations face mounting pressure to patch swiftly and bolster runtime security as AI-driven threats and regulatory scrutiny grow.

TL;DR

  • Patch Microsoft Windows vulnerabilities (CVE-2025-55234, CVE-2025-44111) – actively exploited zero-days.
  • Update Samsung Galaxy devices for critical zero-day (CVE-2025-32100).
  • Apply Google Android patches for exploited flaws (CVE-2025-38352, CVE-2025-48543).
  • Mitigate npm supply chain attack affecting 18 JavaScript packages.
  • Strengthen runtime visibility to counter browser-based attacks.
  • Monitor SAP NetWeaver vulnerabilities (CVE-2025-42944, CVE-2025-42922).
  • Prepare for EU’s new vulnerability database initiative.

1. Major News

  • Microsoft Patch Tuesday Addresses 81 Vulnerabilities – September 2025 updates fixed 81 flaws across Windows, Office, and Azure, including two zero-day vulnerabilities actively exploited for privilege escalation and spoofing. Enterprises are urged to patch immediately to prevent breaches. Source
  • Samsung Patches Critical Zero-Day in Galaxy Devices – Samsung’s September 2025 update resolved a zero-day vulnerability (CVE-2025-32100) under active exploitation, alongside high-severity flaws in One UI Home and ContactProvider. Updates are rolling out to supported devices. Source
  • npm Supply Chain Attack Compromises 18 Packages – A sophisticated attack targeted over 18 JavaScript packages, leveraging social engineering to compromise developer credentials, affecting billions of weekly downloads. Immediate review of dependencies is recommended. Source
  • Google Patches Exploited Android Zero-Days – Google’s September 2025 Android Security Bulletin addressed two actively exploited vulnerabilities (CVE-2025-38352, CVE-2025-48543), targeting high-value individuals via spyware campaigns. Users must update devices promptly. Source
  • SAP Patches Critical NetWeaver Flaws – SAP addressed three critical vulnerabilities in NetWeaver, including CVE-2025-42944 (CVSS 10/10), enabling remote code execution. Organisations using NetWeaver should apply patches urgently. Source

2. New Vulnerabilities

CVE IDAffected ProductCVSS ScoreSummaryReference Link
CVE-2025-55234Windows Server Message Block (SMB)8.8Elevation of privilege flaw in Windows SMB protocol, actively exploited for relay attacks. Affects Windows 10, 11, and Server editions. Apply September 2025 Patch Tuesday updates.Microsoft
CVE-2025-44111Windows Installer7.8Zero-day privilege escalation vulnerability, actively exploited in enterprise environments. Affects Windows 10 and 11. Install Microsoft’s September 2025 patches immediately.Microsoft
CVE-2025-32100Samsung Galaxy DevicesNot specifiedHigh-severity zero-day in One UI, actively exploited for remote code execution. Affects multiple Galaxy models. Update to SMR Sep-2025 Release 1.Samsung
CVE-2025-38352Android Linux Kernel7.4Race condition in POSIX CPU timers allows local privilege escalation, actively exploited in spyware campaigns. Affects Android devices. Apply September 2025 Android Security Bulletin patches.Google
CVE-2025-42944SAP NetWeaver10.0Critical flaw enabling remote code execution and arbitrary file upload. Affects SAP NetWeaver versions. Apply SAP’s September 2025 patches immediately.SAP

3. Exploits & Attacks

  • Akira Ransomware Targets SonicWall Flaw – Akira ransomware group exploited a SonicWall vulnerability, increasing attack frequency on network devices. Impacts organisations with unpatched SonicWall appliances (MITRE ATT&CK: T1190). Apply vendor patches and monitor network traffic. Source
  • DELMIA Factory Software Under Attack – Attackers exploited a vulnerability in DELMIA Factory Software, targeting industrial control systems (ICS). Compromises could disrupt manufacturing (MITRE ATT&CK: T0816). Update software and segment ICS networks. Source
  • Browser-Based Attacks Surge – Phishing kits bypassing MFA, “ClickFix” malware tricks, and malicious browser extensions are increasingly used to steal data from platforms like Snowflake and Salesforce (MITRE ATT&CK: T1566). Enable runtime visibility and enforce strict extension policies. Source
  • npm Supply Chain Attack – Attackers used social engineering to compromise npm developer credentials, injecting malicious code into 18 packages (MITRE ATT&CK: T1195.002). Review package dependencies and enable two-factor authentication. Source

4. Security Tips

  • Apply Patches Promptly – Install Microsoft, Samsung, and Google patches for CVE-2025-55234, CVE-2025-32100, and CVE-2025-38352 to mitigate active exploitation. CISA
  • Enhance Runtime Visibility – Deploy cloud-native application protection platforms (CNAPPs) to detect browser-based attacks in production environments. The Hacker News
  • Review npm Dependencies – Audit JavaScript packages for malicious code following the npm supply chain attack. Use tools like npm audit. npm Documentation
  • Segment ICS Networks – Isolate industrial control systems to limit the impact of exploits like the DELMIA Factory Software attack. NCSC
  • Enforce Browser Extension Policies – Restrict unauthorised extensions to prevent malicious code execution in browsers. CISA

5. Industry & Regulatory Updates

  • EU Plans Vulnerability Database – The European Union tasked ENISA with developing a regional vulnerability database to address NVD’s overload issues, aiming for better CVE management. Source
  • Senator Wyden Probes Microsoft – US Senator Wyden urged the FTC to investigate Microsoft for cybersecurity negligence linked to ransomware incidents, highlighting accountability concerns. Source
  • Google Adds C2PA Support to Pixel 10 – Google introduced Content Credentials (C2PA) in Pixel 10 to verify AI-generated media authenticity, addressing deepfake concerns. Source
  • Quantum Computing Concerns Rise – Industry discussions highlighted quantum computing’s potential to disrupt encryption, urging preparation for post-quantum cryptography. Source

Conclusion

This week underscored the urgency of timely patching, with Microsoft, Samsung, and Google addressing actively exploited zero-days. The npm supply chain attack and browser-based exploits highlight the need for robust dependency management and runtime security. Organisations should prioritise updates, enhance network segmentation, and monitor regulatory shifts like the EU’s vulnerability database initiative. Next week, watch for updates on ransomware trends and quantum cryptography advancements.

References

Leave a Comment