Top Tech Headlines for September 22, 2025
From airport ransomware chaos to cybersecurity threats that exploit trusted platforms, today’s news cycle is packed with red flags for anyone who wants to stay secure in a digital-first world. Let’s dive into the day's must-know headlines.
Ransomware Hits European Airports, Causing Major Disruptions
Over the weekend, several major European airports experienced serious delays due to a ransomware attack targeting their check-in and boarding systems. According to reports, critical infrastructure such as baggage handling and passenger databases were impacted.
Key takeaway: This is yet another wake-up call that critical systems — even in aviation — are vulnerable without layered defense strategies.
Stellantis Confirms Data Breach after Salesforce-Related Attack
Automotive manufacturer Stellantis has confirmed a data breach affecting some North American customers. The breach stems from a compromise of Salesforce — a third-party platform used for data management.
Key takeaway: Third-party software vulnerabilities are increasingly becoming the Achilles’ heel of even the largest enterprises.
Firefox Extension Developers Can Now Roll Back Bad Updates
Mozilla has launched a welcome feature in its Firefox browser: add-on developers can now roll back to previously approved versions. This provides a quick fix path for critical bugs introduced in recent updates.
Key takeaway: Developers now have faster ways to respond to user feedback and security headaches.
New EDR-Freeze Tool Evades Windows Security Using WER
Researchers have demonstrated a proof-of-concept tool called EDR-Freeze that exploits Windows Error Reporting (WER) to suspend endpoint detection software — all from user mode.
Key takeaway: Even built-in features meant for diagnostics can be abused in hands of attackers. Another reminder to monitor for unusual behavior at the OS level.
LastPass Warns of Fake macOS Password Managers Delivering Malware
A new malware campaign is targeting Mac users with fake password manager apps hosted on malicious GitHub repositories. The malware mimics legit tools like 1Password and infects systems once downloaded.
Key takeaway: Always verify downloads — especially security tools — and stick to official sources only.
Microsoft Fixes Face Detection Bug Blocking Windows 11 Updates
Microsoft has lifted an update block that affected certain systems with built-in cameras due to a face detection bug in Windows 11 24H2. Impacted users can now resume installing the update.
Key takeaway: If you’re using facial recognition, your camera's firmware might have been temporarily standing in your update’s way.
American Archive of Public Broadcasting Quietly Fixed Media Leak
A vulnerability on the American Archive of Public Broadcasting’s site allowed unauthorized downloads of private media for years. The flaw was quietly patched, but not before years of unnoticed access.
Key takeaway: Legacy web systems must be regularly audited — especially when managing precious or protected content.
Verified Steam Game Used to Steal Cancer Donations
A streamer raising money for cancer treatment was scammed out of $32,000 after downloading a verified Steam game called Block Blasters. The game turned out to be a crypto wallet-draining malware.
Key takeaway: Security can’t be assumed — even on trusted platforms like Steam. Verification doesn’t always mean safety.
Microsoft Confirms DRM Video Playback Bug in Recent Update
If your apps are suddenly failing to play DRM-protected videos or live TV, you’re not alone. Microsoft says a recent update has caused this known issue, and a fix is underway.
Key takeaway: Not all updates go smoothly — have recovery options ready for mission-critical media systems.
Phishing Moves Beyond Email — Now Targets Browsers, Chat Apps & Social Media
Push Security warns that modern phishing attacks have gone multi-platform. Today’s attackers leverage social media, messaging apps, and even browser extensions to steal credentials.
Key takeaway: User awareness and browser-level security tools are more crucial than ever before.
Public Trust Major Barrier to AI Adoption, Study Finds
A new report highlights a significant "public trust deficit" toward AI technologies, despite government and corporate enthusiasm. Concerns around transparency, misuse, and regulation are driving public hesitation.
Key takeaway: Responsible and explainable AI will be key to building long-term confidence in emerging tech.
XZ Supply Chain Attack Underscores Open-Source Security Gaps
The recent XZ attack shows how backdoors can be injected into open-source software without raising alarms. The case illustrates how old habits — like blind trust in dependencies — still plague modern development.
Key takeaway: Developers must use better auditing and validation processes in the open-source ecosystem.
ComicForm Malware Campaign Targets Eurasian Systems
Threat groups ComicForm and SectorJ149 are deploying Formbook malware across Belarus, Kazakhstan, and Russia. These phishing attacks are carefully designed to avoid Microsoft Defender detection.
Key takeaway: Signature-based antivirus can't catch everything. Behavioral analysis is becoming more important than ever.
Microsoft Patches Critical Entra ID Flaw Enabling Cross-Tenant Admin Access
A critical vulnerability in Microsoft’s Entra ID (formerly Azure AD) was patched after researchers found it allowed cross-tenant admin impersonation. The flaw, rated CVSS 10.0, had major supply chain implications.
Key takeaway: Identity management systems remain high-value targets — and complexity introduces major risk.
Optus Network Outage in Australia Linked to Emergency Response Failures
An extended 13-hour outage at Optus cut communication lines for hundreds of users, including access to emergency services. At least three fatalities may be connected to the network failure.
Key takeaway: Resilience planning for telecom systems isn’t just a technical challenge — it’s a matter of national safety.
Agentic AI Needs Better Orchestration, McKinsey Says
According to McKinsey, the real challenge with enterprise AI isn't adoption, but orchestration. Their latest findings suggest that nearly 80% of companies use generative AI, but few extract meaningful ROI.
Key takeaway: Centralizing control and coordination will be critical for turning AI potential into business value.
Infobip Passes 10 Billion RCS Messages, Boosted by iOS 18 Adoption
Cloud communications platform Infobip has surpassed 10 billion RCS messages delivered, riding the momentum of Apple’s long-awaited RCS support in iOS 18.
Key takeaway: Businesses should prepare for richer messaging — and corresponding new attack vectors.
New Survey Shows DDoS Budgets Are Up, But Outages Still Hurt
Despite rising investments in DDoS mitigation, 42% of security leaders reported severe damage in recent attacks. Automation gaps and AI-powered threats are complicating containment strategies.
Key takeaway: Throwing money at the problem won't help unless defenses are agile, integrated, and proactive.
Threat-Informed Defense Moves from Reactive to Proactive
Security teams are shifting from reactive alert-handling to proactive, threat-informed frameworks using tools like the MITRE ATT&CK matrix. This strategic approach can detect up to 85% of ransomware before data is affected.
Key takeaway: Cyber defense strategies must evolve from fire-fighting to anticipation and automation.
Controlling AI Agents and Non-Human Identities: A Hidden Risk
AI agents and non-human identities now outnumber humans in some digital infrastructures — by 80 to 1. Without controls, they pose rising insider-style security risks.
Key takeaway: Identity management and monitoring must expand to include bots, APIs, and automated systems.