Top Tech Headlines for September 11, 2025

It’s a busy day in the world of tech and cybersecurity — from Microsoft email outages and ransomware attacks to spyware warnings and AI developments. Here are the top stories you need to know today, along with real-world risks and responses that keep IT pros, privacy advocates, and everyday users on their toes.

Microsoft Exchange Online Suffers Major Outage in North America

Microsoft is investigating a widespread outage affecting its Exchange Online service across North America. Users are unable to access email, causing disruptions for businesses relying on Microsoft 365. The root cause remains under review, but the incident underscores the importance of having offline communication or recovery plans in place.

Senator Criticizes Microsoft's Cybersecurity After Healthcare Hack

Senator Ron Wyden has officially called out Microsoft for what he calls “gross cybersecurity negligence” following ransomware attacks linked to its outdated RC4 cipher defaults. The letter to the FTC demands an investigation, particularly after millions of healthcare records were exposed during the Ascension breach. Another reminder that security missteps can have national-scale consequences.

Apple Issues Spyware Attack Alerts to Users

If you're an Apple user, keep an eye on your inbox. Apple has warned unspecified customers—per CERT-FR reports—about recently attempted spyware targeting iPhones. The details are scarce, but the move highlights that even tightly curated ecosystems aren’t immune to advanced threats.

Panama’s Economic Ministry Hit by INC Ransomware

The Ministry of Economy and Finance in Panama confirmed a breach, attributing it to a ransomware group called INC. At least one system was compromised, though the full extent of the damage is still being assessed. Government infrastructure remains a high-value target for cybercriminals.

Microsoft Teams Adds Malicious Link Detection in Chats

Microsoft Teams is getting smarter at spotting danger. The platform now alerts users when links in private messages are flagged as malicious. It’s a welcome feature that adds another layer of email-like security to daily communications.

Akira Ransomware Resurfaces via SonicWall VPN Flaw

The Akira ransomware group is actively exploiting CVE-2024-40766, a SonicWall SSLVPN vulnerability with a CVSS score of 9.3. Over 40 attacks were reported just in July. SonicWall users must patch and verify configurations immediately — misconfigurations remain a major entry point for cybercriminals.

New ‘VMScape’ Threat Defeats CPU Isolation on AMD & Intel

A new virtual machine vulnerability dubbed VMScape has emerged, bypassing isolation boundaries on AMD and Intel chips using a Spectre-like exploit. Attackers can extract cryptographic keys from unpatched QEMU hosts. Virtual environments must be updated and hardened to prevent cross-VM data leaks.

Fake Chrome Extensions Hijack Meta Business Accounts

Security researchers are warning about malicious browser extensions like “Madgicx Plus” that hijack Meta (Facebook) business accounts by stealing session cookies. The threat was active earlier this year and highlights the ongoing risks of unverified extensions in browsers. Audit your extensions regularly and stick to known publishers.

AsyncRAT Exploits ConnectWise Software to Steal Data

The AsyncRAT malware has resurfaced in a new attack campaign that exploits ConnectWise ScreenConnect, using a fileless loader disguised as a Skype update. The malware steals passwords and crypto wallet info, while maintaining stealthy, persistent access. This attack underscores the need for endpoint monitoring and regular software audits.

Google Pixel 10 Adds C2PA to Flag AI-Generated Media

Google's new Pixel 10 will support C2PA content credentials, adding cryptographic authenticity metadata to images and videos. This is a big leap toward combating AI-generated misinformation and deepfakes. Devices that integrate security at the hardware level improve trust and transparency in digital media.

Yext Scout To Help Brands Navigate AI Search Trends

Yext is gearing up to host a webinar in October, focused on how AI is reshaping search behavior and digital marketing. Their Scout engine aims to bridge gaps in content discovery and brand visibility. AI-powered search is here to stay — brands need strategic tools to stay competitive.

Broadcom Says VMware Will Be “AI-Centric”—But Not Yet

Broadcom is teasing a future where its VMware platform adopts more AI features, though current product lines are still mostly legacy-driven. As enterprises seek future-proof infrastructure, Broadcom's long-term strategy remains unclear. Organizations may want to diversify their approach to AI integration.

Keep Aware Guide Offers Smart Browser Extension Controls

Keep Aware has released a Buyer’s Guide on managing browser extensions in enterprise environments. The guide walks through visibility, access policy enforcement, and real-time threat blocking. It’s a timely resource for IT security teams managing extended attack surfaces in remote workflows.

Helping CISOs Translate Cyber Risk to Executives

A new report highlights the growing need for CISOs to align cybersecurity communication with business objectives. With regulations like SEC and NIS2 adding pressure, security leaders are being trained to speak the language of ROI and risk — not just firewalls and zero-days. Clear communication can mean the difference between funding and fallout.

Want to stay ready for anything? From data recovery to bootable OS installs, our Ultimate USBs have your back. Check out our tools today.