SonicWall Exploits, VMScape Attack, Siemens Flaws, and Rising Spyware Risks

Secure Your Business Now

The September 11, 2025 security roundup spotlights Akira ransomware exploiting a critical SonicWall SSL-VPN flaw, a new VMScape attack that breaks VM isolation on AMD and Intel chips, and severe Siemens UMC vulnerabilities enabling remote code execution. CISA added a Dassault Systèmes bug to its KEV catalog, while bulletproof host Stark Industries continues to dodge EU sanctions. Other developments include rising US investment in spyware, Apple warnings of targeted spyware campaigns, new ransomware abusing legitimate drivers, and fileless malware delivering AsyncRAT. Governments, schools, and enterprises faced major breaches and outages, while regulators advanced privacy and AI safety measures. Emerging tech news highlights Apple’s new iPhone security hardware, Microsoft Teams phishing protections, and OpenAI’s Developer Mode for ChatGPT.

Top 5 Critical Security Alerts

  • Akira ransomware exploiting critical SonicWall SSLVPN bug again ; The Akira ransomware group is actively exploiting a year-old critical vulnerability (CVE-2024-40766) in SonicWall SSL-VPN devices to gain initial access to networks. Read more
  • New VMScape attack breaks guest-host isolation on AMD, Intel CPUs ; A new Spectre-like side-channel attack named VMScape allows a malicious virtual machine to leak sensitive data, including cryptographic keys, from the underlying hypervisor on modern CPUs. Read more
  • Siemens User Management Component (UMC) ; Multiple critical vulnerabilities, including a stack-based buffer overflow (CVSS 9.8), have been found in Siemens UMC, allowing unauthenticated remote attackers to execute arbitrary code or cause a denial-of-service. Read more
  • CISA Adds One Known Exploited Vulnerability to Catalog ; CISA has added CVE-2025-5086, a deserialization vulnerability in Dassault Systèmes DELMIA Apriso, to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. Read more
  • Bulletproof Host Stark Industries Evades EU Sanctions ; A notorious bulletproof hosting provider linked to Kremlin cyber operations, Stark Industries, is successfully evading EU sanctions by rebranding and transferring assets to new corporate shells. Read more

Threat Intelligence

  • The US is now the largest investor in commercial spyware ; Reports indicate the United States has surpassed other nations to become the primary financial backer of the commercial spyware industry, raising national security and privacy concerns. Read more
  • Apple warns customers targeted in recent spyware attacks ; Apple has sent threat notifications to users targeted by new spyware attacks, a fact confirmed by the French national CERT, indicating ongoing sophisticated mobile threats. Read more
  • ‘Gentlemen’ Ransomware Abuses Vulnerable Driver to Kill Security Gear ; A new ransomware strain named ‘Gentlemen’ is weaponizing a legitimate driver, ThrottleStop.sys, to disable antivirus and EDR solutions before encryption. Read more
  • Fileless Malware Deploys Advanced RAT via Legitimate Tools ; A sophisticated fileless malware campaign is using legitimate system tools to deliver AsyncRAT directly into memory, evading traditional detection methods. Read more

Security Breaches & Incidents

  • Panama Ministry of Economy discloses breach claimed by INC ransomware ; Panama’s Ministry of Economy and Finance has acknowledged a potential cyberattack after the INC ransomware group claimed to have breached one of its computers. Read more
  • Cyberattacks against schools driven by a rise in student hackers, ICO warns ; The UK’s privacy regulator reports a worrying increase in cyberattacks against schools perpetrated by students motivated by dares, notoriety, or revenge. Read more
  • Microsoft investigates Exchange Online outage in North America ; Microsoft is currently investigating a major Exchange Online outage that is preventing customers across North America from accessing their email services. Read more

Security Tools & Best Practices

  • Apple’s latest iPhone security feature just made life more difficult for spyware makers ; Apple has launched a new hardware security feature for the iPhone 17 and iPhone Air designed to mitigate memory corruption bugs, making zero-day exploits more difficult. Read more
  • Microsoft adds malicious link warnings to Teams private chats ; Microsoft Teams will now automatically scan and display warnings for links in private chats that are identified as malicious, enhancing user protection against phishing. Read more
  • The Buyer’s Guide to Browser Extension Management ; A new guide details the risks posed by browser extensions, such as data exfiltration, and outlines strategies for gaining visibility and enforcing security policies. Read more

Security Standards & Frameworks

  • U.S. Senator accuses Microsoft of “gross cybersecurity negligence” ; Senator Ron Wyden has formally requested the FTC to investigate Microsoft for what he terms ‘gross negligence’ in its security practices, which he claims led to ransomware attacks on healthcare facilities. Read more
  • California legislature passes bill forcing web browsers to let consumers automatically opt out of data sharing ; A bill has passed in California that would require web browsers to honor universal opt-out signals for data sharing, strengthening consumer privacy rights. Read more
  • Swiss government looks to undercut privacy tech, stoking fears of mass surveillance ; A pending government proposal in Switzerland is causing alarm among secure email and VPN providers, who claim it would undermine user privacy and enable mass surveillance. Read more
  • FTC opens inquiry into how AI chatbots impact child safety, privacy ; The U.S. Federal Trade Commission has launched an inquiry to assess whether AI chatbot developers are implementing adequate safeguards to protect children’s safety and privacy. Read more

Emerging Security Technologies

  • OpenAI has launched Developer Mode for ChatGPT with full access to Model Context Protocol ; OpenAI has introduced a ‘Developer Mode’ for ChatGPT Plus and Pro users, granting them full read and write access to the Model Context Protocol (MCP) for advanced customization. Read more
  • Partnering with generative AI in the finance function ; Generative AI is poised to transform finance departments by automating mundane tasks, freeing up CFOs and their teams to focus on highvalue strategic work and advisory roles. Read more
  • Tech’s data double standard: scrape to train, block everyone else ; Investigations reveal that major tech companies scrape vast amounts of copyrighted data to train their AI models while their own terms of service strictly forbid others from doing the same. Read more
Contact Us for a FREE Security Consultation!
Picture of Chris Armour

Chris Armour

Director of Software Engineering at Grab The Axe, leads the development of secure, scalable software solutions that drive growth and innovation. With expertise in network security, coding, and AI, he aligns technology strategies with business goals while mentoring high-performing teams. He holds a Bachelor of Science degree in Network Security from the University of Advancing Technology and is dedicated to advancing digital security and software innovation.

YOU MIGHT ALSO LIKE

The $102 Million Password: A Case Study in Converged Security at the Louvre

Social Media Security

Strengthening Social Media Security: A Comprehensive Case Study

Animal Rescue Security

Enhancing Animal Rescue Security: A Comprehensive Case Study