Top Tech Headlines for September 10, 2025

Today’s headlines bring everything from massive DDoS storms to memory-hardened iPhones and newly patched vulnerabilities across systems. Here's your friendly roundup of what’s rocking the tech and cybersecurity world right now.

DDoS Defender Hit with 1.5 Bpps Attack

A European DDoS mitigation service provider found itself ironically under fire after facing one of the largest distributed denial-of-service attacks ever recorded—reaching 1.5 billion packets per second. This staggering traffic surge highlights the increasing scale and sophistication of cyberattacks targeting infrastructure meant to protect others.

Microsoft Waives Store Publishing Fees for Windows Devs

Big win for indie Windows developers: Microsoft is removing all publishing fees for individuals using the Microsoft Store. This change should spur more innovation and accessibility in the Windows app ecosystem—plus give smaller devs more reach, without burning a hole in their wallet.

Massive NPM Attack Fizzles Out Financially

The largest known supply-chain compromise in the NPM ecosystem impacted around 10% of cloud environments—but cybercriminals walked away empty-handed. While the breadth was alarming, the financial failure of the attack underscores the importance of securing the supply chain before attackers refine their playbook.

Google Pixel 10 Battles AI Deepfakes With C2PA

Google's upcoming Pixel 10 will integrate C2PA Content Credentials to verify image authenticity directly at capture and within Google Photos. With AI-generated media on the rise, this feature aims to help users distinguish between real and manipulated content—a step forward for trust in digital images.

Cursor AI Editor Poses Auto-Run Risk

Developers using the Cursor AI-powered code editor should beware: It may automatically execute code from a malicious repository just by opening it. The convenience of automation comes with high stakes, so proceed with caution while using AI-assisted dev tools.

Jaguar Land Rover Confirms Data Was Stolen

After a recent system shutdown and work stoppage order, Jaguar Land Rover has confirmed attackers stole sensitive data. The breach further illustrates how cyberattacks can impact both digital and physical operations in the automotive industry.

$380M Lost to Social Engineering: MFA Bypassed by Phone

Clorox suffered an estimated $380 million loss from a breach where attackers simply faked a support call to reset MFA credentials. This high-cost example reminds us that authentication protocols without proper verification can become the weakest link.

Microsoft Fixes Streaming & App Installation Issues

August’s security updates created headaches for Windows 10 and 11 users with streaming lag and UAC issues during app installations. Thankfully, Microsoft has issued patches resolving both problems—highlighting the importance of staying updated but cautiously.

LoRaWAN Deployment: Why Quality and Volume Both Matter

Concept13 emphasizes that reliable LoRaWAN deployment is not just about scale—it’s about consistent quality too. For successful IoT rollouts, balancing sensor coverage with network stability is key to meaningful data capture and system uptime.

EggStreme Malware Breaches Philippine Military Systems

A Chinese APT launched a sophisticated EggStreme malware campaign against the Philippine military, using fileless techniques for long-term espionage. This attack underscores persistent threats from nation-state actors targeting national security data streams.

CHILLYHELL and ZynorRAT Target macOS, Windows, Linux

Researchers have disclosed CHILLYHELL, a long-hidden macOS backdoor, and the ZynorRAT malware capable of striking across major operating systems. These threats underline the rising need for cross-platform security vigilance among everyday users and enterprises alike.

Microsoft Patches 80 Security Flaws in September Update

September’s round of Microsoft patches addresses a whopping 80 vulnerabilities, including a CVSS 10.0 flaw in Azure and a critical SMB elevation bug. Businesses and users should prioritize these updates to avoid exploit risks from these high-severity issues.

iPhone 17 Boosts Security with Memory Integrity Enforcement

Apple's newly announced iPhone 17 introduces Memory Integrity Enforcement via A19 chips—blocking buffer overflow attacks and improving resistance to spyware. It’s a major privacy-forward move without sacrificing performance for iOS users.

Automation Now Powers vCISO and Compliance Workflows

Service providers using tools like Cynomi report cutting virtual CISO workload by 68%, saving hours per task. As cybersecurity demands scale, automation is helping organizations keep up sustainably while meeting regulatory goals.

Salty2FA Phishing Kit Bypasses MFA in US & EU Attacks

A new phishing tool dubbed Salty2FA is actively bypassing two-factor authentication in enterprise attacks across North America and Europe. The kit is proof that even MFA isn't bulletproof—human error and phishing tactics remain the top threat vector.

APT41 Phishing Campaign Targets U.S. Trade Officials

Chinese state-linked group APT41 has targeted U.S. trade officials through phishing emails to access sensitive negotiation data. These espionage campaigns continue to blend cyber intelligence with global geopolitical pressure points.

Adobe Commerce CVE-2025-54236 Fixed After Account Hijack Risk

An Adobe Commerce flaw could allow attackers to hijack customer accounts—but a hotfix and WAF rules were deployed in time to patch it. Retailers using Adobe should update immediately to protect their user base from exploitation.

SAP Patches High-Risk NetWeaver and S/4HANA Bugs

SAP pushed critical fixes for NetWeaver and S/4HANA vulnerabilities with severity scores up to CVSS 10.0. Left unpatched, these flaws allow code execution and data exposure—so enterprise admins are urged to deploy updates without delay.

Want to stay ready for anything? From data recovery to bootable OS installs, our Ultimate USBs have your back. Check out our tools today.