Top Tech & Cybersecurity Headlines for September 08, 2025

Happy Monday, tech crew! 🚀 Today’s roundup is packed with critical cybersecurity alerts, powerful new AI models, and big moves in connectivity and privacy. Let’s dive into what you need to know to stay ahead of the digital curve.

🔍 Spike in Scans on Cisco ASA Devices Sparks Alarm

Security researchers are warning of large-scale network scans targeting Cisco ASA devices. This sudden surge in activity could signal attackers prepping to exploit an undisclosed vulnerability. Network admins should keep a close eye and apply any available firmware updates immediately.

👻 GhostAction: GitHub Supply Chain Attack Exposes 3,325 Secrets

A new attack dubbed “GhostAction” has compromised thousands of secrets stored in GitHub, including AWS keys, npm and DockerHub tokens. This supply chain hit is another reminder to audit access and rotate secrets often—especially for open-source ecosystems.

💬 Signal Rolls Out Encrypted Cloud Backups

Signal has launched a secure, opt-in cloud backup feature, finally allowing users to restore their private messages if their device gets lost or damaged. The backups maintain Signal’s end-to-end encryption, bringing peace of mind without compromising your privacy.

🛋️ Lovesac Discloses Breach After Ransomware Attack

Furniture company Lovesac has confirmed a data breach following a ransomware incident that may have exposed personal customer data. If you've recently purchased from them, it might be time to monitor your accounts and consider a credit freeze.

⚽ Illegal Sports Streaming Giant Shut Down

Calcio, a piracy-based sports streaming platform drawing over 120 million visits annually, was shut down by DAZN and the Alliance for Creativity and Entertainment. This marks a major crackdown on illegal sports broadcasting networks.

📦 npm Packages Hijacked in Historic Supply Chain Attack

In what’s shaping up to be the largest supply chain attack ever, hackers compromised npm packages downloaded over 2.6 billion times weekly. The attack began with spear-phishing maintainers—highlighting the risk of social engineering in developer ecosystems.

📉 Salesloft GitHub Breach Leads to Salesforce Attacks

A March breach of Salesloft's GitHub account led to widespread OAuth token theft and consequential data breaches across Salesforce clients. This underscores the importance of securing developer credentials and repositories with multi-factor authentication.

🛠️ Time to Move Beyond WSUS? Action1 Offers Cloud Patch Management

As Microsoft WSUS enters deprecation, Action1 steps in with a modern patching platform offering cloud-native management, zero infrastructure, and 3rd-party software support. IT teams might want to take a closer look at simplifying their patch strategies.

🤖 Google Makes AI Mode the Default Search Experience

Google aims to replace traditional “10 blue links” with AI Mode as the new default search experience. This shift will make AI-generated summaries mainstream—expect a web search experience that's faster but also potentially less transparent.

🧠 ChatGPT Frees Up “Projects” and Adds Chat Splitting

OpenAI is unlocking the “Projects” feature for all users, making it easier to manage ongoing workflows. A new toggle now lets you split conversations—super handy for brainstorming without losing context.

🎧 Alibaba’s Qwen3 Boosts AI Speech Transcription

Alibaba’s Qwen team introduced Qwen3-ASR-Flash, a high-speed AI model aiming to revolutionize real-time speech transcription. Expect major improvements in voice-to-text tools, especially for multilingual and enterprise use cases.

🚗 Qualcomm Eyes the Connected Car Market

Qualcomm just announced partnerships with BMW, Google, and Mercedes-Benz to power next-gen connected cars. As vehicles become smarter, secure firmware and rapid update capabilities will only grow in importance.

📡 SpaceX Buys Spectrum for Starlink “Direct to Cell” Service

Starlink is stepping into mobile with the purchase of spectrum from Echostar, gearing up to launch its “Direct to Cell” service. This could be a massive step forward in bringing mobile coverage to underserved areas.

🛡️ Booking.com’s AI Jumps Into the Cyber Ring

Siddhartha Choudhury from Booking.com details how AI is actively thwarting fraud and securing traveler data. Their approach showcases how machine learning can go beyond detection and into prevention.

🌐 Red Sea Cable Cuts Disrupt Internet in Asia & Middle East

Multiple submarine cable cuts in the Red Sea have significantly slowed internet access across countries like India, Kuwait, and Pakistan. It's another wake-up call about the fragility of global internet infrastructure.

💰 HashKey to Launch $500M Crypto Treasury Fund

Hong Kong’s HashKey exchange plans to bridge crypto with traditional finance via a $500 million multi-currency treasury fund. As digital assets mature, expect more hybrid products connecting both financial worlds.

💥 Drift Breach Fallout Spreads to 22 Companies

The recent GitHub breach has now affected at least 22 companies via Drift app integrations. The fine line between DevOps convenience and security risk is getting thinner by the day.

🎯 GPUGate Malware Uses Google Ads and Fake GitHub to Target IT Firms

GPUGate, a stealthy malware active since December 2024, is luring IT professionals via Google Ads and fake GitHub commits. Its ability to bypass traditional defenses using GPU detection is raising eyebrows in the infosec world.

🧟 Hiring Fraud is the New Phishing

“You didn’t get phished — you onboarded the attacker.” North Korean actors are using AI-generated resumes and deepfakes to impersonate job seekers and gain access to company networks. It’s a whole new level of insider threat.

Want to stay ready for anything? From data recovery to bootable OS installs, our Ultimate USBs have your back. Check out our tools today.