In partnership with
Critical SAP & Samsung zero-days, rising supply chain breaches, and telecom intrusions show why rapid patching and vendor vigilance matter.
🚨 Top Stories
Samsung Patches Actively Exploited Android Zero‑Day
Samsung’s September 2025 security update fixes CVE‑2025‑21043, an out‑of‑bounds write inlibimagecodec.quram.so(Android 13‑16) that allowed remote code execution and was exploited in the wild. The vulnerability was reported by Meta & WhatsApp. BleepingComputerCritical SAP S/4HANA Vulnerability Actively Exploited
CVE‑2025‑42957, a flaw in SAP S/4HANA discovered by SecurityBridge, allows an attacker with user privileges to inject arbitrary ABAP code via RFC, bypass authorization, and gain full system control. Active exploitation has been confirmed. SQ MagazineSenator Wyden Accuses Microsoft of Cybersecurity Negligence
Senator Ron Wyden has called on the FTC to investigate Microsoft, alleging default Windows configurations and outdated encryption protocols (notably RC4) left systems vulnerable, including in the 2024 Ascension breach affecting ~5.6 million people. Microsoft plans to disable RC4 in some Windows products by default starting in 2026. Reuters
🛠️ Vulnerability Spotlight
CVE-2025-42944 (SAP NetWeaver RMI-P4, CVSS 10.0) Insecure deserialization flaw allowing unauthenticated remote code execution via malicious payloads on open RMI-P4 ports. 🔗 SecurityWeek Coverage
💡 Key Takeaway: Block or restrict RMI-P4 ports, patch immediately, and segment SAP servers to minimize exposure.
CVE-2025-21043 (Samsung Android libimagecodec.quram.so) Actively exploited zero-day patched in September 2025. Allows remote code execution via crafted image files. Reported by Meta & WhatsApp. 🔗 Samsung Security Bulletin
💡 Key Takeaway: Deploy the September Samsung update across all affected Android 13–16 devices, especially those handling untrusted media.
CVE-2025-42922 & CVE-2025-42958 (SAP NetWeaver) Additional critical flaws patched in September’s SAP Patch Day, involving insecure file operations and missing authentication checks. 🔗 SAP Security Patch Day Notes
💡 Key Takeaway: Apply all September SAP fixes—attackers often chain multiple flaws once one system is exposed.
📊 Trend to Watch
Supply Chain Attacks Surge Among Retail & Telecom Infrastructure
Recent incidents in the UK targeting retailers (Marks & Spencer, Co‑op, Harrods) reveal attackers are using third‑party vendor relationships and social engineering to breach trusted networks, bypassing traditional perimeter defenses. TechRadar
Simultaneously, state‑sponsored groups like Salt Typhoon are intensifying attacks targeting backbone, provider edge, and customer edge routers in telecommunications, using known vulnerabilities to establish persistent access. Over 80 countries impacted. IT Pro
💡 Key Takeaway: Zero‑trust architectures, rigorous vendor risk assessments, continuous monitoring, and least‑privilege access controls are no longer optional—they’re essential in supply chain defense.
🔹 Policy & Regulation Watch
Department of Defense Finalizes New Cybersecurity Rule
The U.S. DoD has finalized a long‑awaited rule (Phase 1 effective Nov 10, 2025) aimed at improving contractor cybersecurity standards, incident reporting, and risk management. Organizations working with DoD contracts should begin aligning immediately. GovCon Insights
🧰 Tool / Resource of the Week
Hornetsecurity Monthly Threat Report – September 2025
Insightful breakdown of Microsoft 365 email‑based threats, phishing trends, and observed attacker tactics in August. Useful for security teams focusing on email security and identity-based defenses. Hornetsecurity
⚡ Quick Hits
Apple warns of four spyware campaigns using tools like Pegasus, Predator, Graphite, Triangulation targeting high‑profile ppl (journalists, lawyers, activists). TechRadar
A breach in Texas’s disaster grant system exposed ~44,500 individuals’ data—SSNs, medical and banking info—through software misconfiguration. San Antonio Express-News
Report: AI tools (including “shadow AI” used without oversight) are helping attackers scale ransomware and data exfiltration; lack of policy controls in many firms exacerbates risk. Kiplinger
Lawmaker pressure rising: FTC urged to probe Microsoft over default Windows settings and encryption shortcomings. Reuters
🔹 That’s it for this week — stay sharp. Share InfoSec.Watch with a teammate so they don’t fall behind.
Looking for unbiased, fact-based news? Join 1440 today.
Join over 4 million Americans who start their day with 1440 – your daily digest for unbiased, fact-centric news. From politics to sports, we cover it all by analyzing over 100 sources. Our concise, 5-minute read lands in your inbox each morning at no cost. Experience news without the noise; let 1440 help you make up your own mind. Sign up now and invite your friends and family to be part of the informed.