Infosec bits for 2025 week 39

Anele Siwela | Sept. 26, 2025, 6:10 p.m.

Cybersecurity News:

Cybersecurity centre warns of 'sophisticated' threat targeting Cisco equipment [Jim Bronskill, The Canadian Press]

What happens when a cybersecurity company gets phished? [Ross McKerchar, Sophos]

Cyber Security Authority Calls for Positive Digital Citizenship Among Youth [Jennifer Onyeagoro, TechAfrica News]

Breaches & Leaks:

Salesforce Patches Critical ForcedLeak Bug Exposing CRM Data via AI Prompt Injection [Ravie Lakshmanan, The hacker News]

A Wake-Up Call for Data Security: The Cell C Breach [Michael Pretorius, 2TS]

Major Cyber Attacks, Ransomware Attacks and Data Breaches: August 2025 []

Vulnerabilities & Patches:

Cisco ASA 0-Day RCE Vulnerability Actively Exploited in the Wild [Florence Nightingale, Cyber Security News]

CISA orders feds to patch Cisco flaws used to hack multiple agencie [Eric Geller, Cybersecurity Dive]

Malware :

SA denial of human risk element in cyber security a gaping vulnerability [Christopher Tredger, itweb]

Hackers Exploiting WordPress Websites With Silent Malware to Gain Admin Access [Tushar Subhra Dutta, Cyber Security News]

Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell [Ravie Lakshmanan, The Hacker News]

LastPass: Fake password managers infect Mac users with malware [Bill Toulas, Bleeping Computer]

Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware [Alex Delamotte, Vitaly Kamluk & Gabriel Bernadett-Shapiro, Sentinel Lab]