Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Industries, governments, and enterprises of all kinds have adopted large language models (LLMs) and generative AI (GenAI) into their operations and workflows, unlocking new possibilities for everything from customer interaction to complex data analysis. But with this innovation comes new challenges for security, observability, and data science teams.

Over night, starting at 01:16 UTC on September 9th, we were alerted to more packages being compromised, these included: These packages all had a new version 1.3.3 released (In the case of the wasm version, it was version 1.29.2), which contained the same malicious code as we saw in the compromise of packages with 2 billion+ downloads.

Delivering safe and reliable power around the clock is a huge challenge. A task made even more difficult by the sharp rise in cyberattacks on the energy and utilities sector. Recent research from Trustwave SpiderLabs found that cyber threats against the sector have surged by 80% year-over-year, costing organizations nearly half a million dollars more per breach than the cross-industry average of $4.8 million.

On September 9, 2025, SAP released its September 2025 Security Patch Day update with patches for 21 vulnerabilities. The most severe of these, CVE-2025-42944, is a maximum-severity deserialization vulnerability of untrusted Java objects in SAP NetWeaver that resides in the RMI-RP4 module. A remote unauthenticated threat actor can exploit this vulnerability by submitting a malicious payload to an open port to achieve arbitrary OS command execution.

A critical Server-Side Request Forgery (SSRF) vulnerability—CVE-2025-8085—has been discovered in the popular WordPress plugin “Ditty (News Ticker & Display Items)” for versions prior to 3.1.58. The issue resides in the displayItems REST API endpoint (wp-json/dittyeditor/v1/displayItems), which lacks authentication and authorization, allowing unauthenticated attackers to force the server to fetch arbitrary URLs—internal or external—via crafted JSON payloads.

Security analysts work on the front lines, responsible for protecting organizations every hour of the day from all threats. Our mission has always been to empower the SOC with end-to-end visibility to focus on what matters most and act with clarity, context and speed to resolve any attack.

By James Rees, MD, Razorthorn Security The Digital Operational Resilience Act (DORA) isn’t just another regulatory hurdle to clear. It’s fundamentally changing how financial institutions think about operational risk, particularly when it comes to the third party providers that now handle much of their critical technology infrastructure. DORA third party compliance has become a critical priority for EU financial institutions since the regulation came into force in January 2025.

Aviram Shmueli is a distinguished cybersecurity and cloud computing expert with a background steeped in 8200 and the Israeli Ministry of Defense. He has over 20 years of hands-on and senior managerial experience in engineering and product management. Yesterday, a critical supply chain attack impacting 18 widely used npm packages was disclosed. These packages collectively account for nearly 2 billion weekly downloads.

Ori Asias, Progressive Senior VP, guides global IT transformations, fostering growth, positive cultures, leveraging a BSc in Industrial Engineering, and pivotal roles in CIO, CISO, and DevOps. Security experts dedicated to shaping insightful editorial content, guiding developers and organizations toward secure cloud app development. Dive into a wealth of knowledge and experience in fortifying software integrity.

A new integration between 1Password Device Trust and Zscaler marks the first step in helping our shared customers implement Zero Trust practices. 1Password is proud to announce a new integration with Zscaler, a leading cloud-based solution for Zero Trust network access (ZTNA). This marks a shared commitment to helping our customers secure access, reduce their attack surface, manage AI app sprawl, and practice the principles of Zero Trust.