{"id":5516,"date":"2025-09-22T09:28:16","date_gmt":"2025-09-22T08:28:16","guid":{"rendered":"https:\/\/www.d2na.com\/?p=5516"},"modified":"2025-09-23T10:12:52","modified_gmt":"2025-09-23T09:12:52","slug":"weekly-security-news-22nd-september-2025","status":"publish","type":"post","link":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/","title":{"rendered":"Weekly Security News – 22nd September 2025"},"content":{"rendered":"<\/span> 4<\/span> mins read<\/span><\/span>\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Apple patches old devices, Entra ID vulnerability gives attackers control, two UK teens arrested for cyber attacks...<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. We’ve also got the latest CVE information to help you stay ahead of vulnerabilities. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.\u00a0<\/p>

<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

News & Articles<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Critical Microsoft\u2019s Entra ID Vulnerability Allows Attackers to Gain Complete Administrative Control<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

A critical vulnerability in Microsoft\u2019s Entra ID could have allowed an attacker to gain complete administrative control over any tenant in Microsoft\u2019s global cloud infrastructure.<\/p>

The flaw, now patched, was discovered in July 2025 and has been assigned\u00a0CVE-2025-55241.<\/p>

The vulnerability, described by the researcher as the most impactful he will probably ever find, resided in a combination of a legacy authentication mechanism and an API validation error.<\/p>

According to Dirk-jan Mollema\u2019s detailed write-up, the issue allowed an attacker to use a special type of token from their own tenant to impersonate any user, including Global Administrators, in any other customer\u2019s tenant.<\/p>

The researcher reported the vulnerability to the Microsoft Security Response Center (MSRC) on July 14, 2025, the same day it was discovered. Microsoft acknowledged the severity and deployed a global fix by July 17, 2025.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

Apple backports zero-day patches to older iPhones and iPads<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in “extremely sophisticated” attacks.<\/p>

This security flaw is the same one Apple\u00a0has patched\u00a0for devices running iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, and macOS (Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8) on August 20.<\/p>

Tracked as\u00a0CVE-2025-43300, this vulnerability was discovered by Apple security researchers and is caused by an\u00a0out-of-bounds write weakness\u00a0in the Image I\/O framework, which enables apps to read and write image file formats.<\/p>

Apple has now addressed this zero-day flaw in iOS 15.8.5 \/ 16.7.12, as well as iPadOS 15.8.5 \/ 16.7.12, with improved bounds checks.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Law enforcement authorities in the U.K. have arrested two teen members of the\u00a0Scattered Spider\u00a0hacking group in connection with their alleged participation in an August 2024 cyber attack targeting Transport for London (TfL), the city’s public transportation agency.<\/p>

Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, from East London and Owen Flowers, 18, from Walsall, West Midlands were arrested at their home addresses on Tuesday, the National Crime Agency (NCA) said. They are 19 and 18, respectively.<\/p>

It’s worth noting that Flowers was\u00a0initially arrested\u00a0for his alleged involvement in the TfL attack in September 2024, but was subsequently released on bail. The agency said it found evidence of Flowers targeting U.S. healthcare companies, and that he has also been charged with conspiring with others to infiltrate and damage the networks of SSM Health Care Corporation and Sutter Health.<\/p>

Jubair has been charged with computer fraud conspiracy, two counts of computer fraud, wire fraud conspiracy, two counts of wire fraud, and money laundering conspiracy. If convicted, he faces a maximum penalty of 95 years in prison.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

SonicWall Urges Password Resets After Cloud Backup Breach Affecting Under 5% of Customers<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

SonicWall is urging customers to reset credentials after their firewall configuration backup files were exposed in a security breach impacting MySonicWall accounts.<\/p>

The company said it recently detected suspicious activity targeting the cloud backup service for firewalls, and that unknown threat actors accessed backup firewall preference files stored in the cloud for less than 5% of its customers.<\/p>

“While credentials within the files were encrypted, the files also included information that could make it easier for attackers to potentially exploit the related firewall,” the company\u00a0said.<\/p>

As a result of the incident, the company is\u00a0urging\u00a0customers to follow the steps below –<\/p>

  • Login to MySonicWall.com and verify if cloud backups are enabled<\/li>
  • Verify if affected serial numbers have been flagged in the accounts<\/li>
  • Initiate containment and remediation procedures by limiting access to services from WAN, turning off access to HTTP\/HTTPS\/SSH Management, disabling access to SSL VPN and IPSec VPN, reset passwords and TOTPs saved on the firewall, and review logs and recent configuration changes for unusual activity<\/li><\/ul>

    In addition, affected customers have also been\u00a0recommended\u00a0to import fresh preferences files provided by SonicWall into the firewalls. The new preferences file includes the following changes –<\/p>

    • Randomized password for all local users<\/li>
    • Reset TOTP binding, if enabled<\/li>
    • Randomized IPSec VPN keys<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Latest Vulnerabilities & Exploits<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      CVE-2025-23337<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Medium - nVIDIA<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management
      Controller (HMC) that may allow a malicious actor with administrative access on the
      BMC to access the HMC as an administrator. A successful exploit of this vulnerability may
      lead to code execution, denial of service, escalation of privileges, information disclosure,
      and data tampering.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      CVE-2025-10631<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Medium - itsourcecode Online Petshop Management System<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      A vulnerability was identified in itsourcecode Online Petshop Management System 1.0.
      Impacted is an unknown function of the file addcnp.php of the component Available
      Products Page. The manipulation of the argument name\/description leads to cross site
      scripting. It is possible to initiate the attack remotely. The exploit is publicly available and
      might be used.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      CVE-2025-10629<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Medium - D-Link<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      A vulnerability was determined in D-Link DIR-852 1.00CN B09. This issue affects the
      function ssdpcgi_main of the file htodcs\/cgibin of the component Simple Service
      Discovery Protocol Service. Executing manipulation of the argument ST can lead to
      command injection. The attack may be performed from remote. The exploit has been
      publicly disclosed and may be utilized. This vulnerability only affects products that are
      no longer supported by the maintainer.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      CVE-2025-10628<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t

      Medium - D-Link<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      A vulnerability was found in D-Link DIR-852 1.00CN B09. This vulnerability affects
      unknown code of the file \/htdocs\/cgibin\/hedwig.cgi of the component Web Management
      Interface. Performing manipulation results in command injection. The attack is possible
      to be carried out remotely. The exploit has been made public and could be used. This
      vulnerability only affects products that are no longer supported by the maintainer.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t

      \n\t\t\t\t\t\t
      \n\t\t\t\t\t
      \n\t\t\t
      \n\t\t\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      Sources:\u00a0 CyberSecurityNews, Bleeping Computer, TheHackerNews<\/strong><\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

      <\/span> 4<\/span> mins read<\/span><\/span>Apple patches old devices, Entra ID vulnerability gives attackers control, two UK teens arrested for cyber attacks… Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. We’ve also got the latest CVE information to help you stay ahead of vulnerabilities. If […]<\/p>\n","protected":false},"author":1,"featured_media":5524,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[355],"tags":[287,285,286,289,288,284],"class_list":["post-5516","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-news","tag-cyber-attacks","tag-cyber-security","tag-news","tag-patches","tag-vulnerabilities","tag-weekly-security-news"],"yoast_head":"\nWeekly Security News - 22nd September 2025 - D2NA<\/title>\n<meta name=\"description\" content=\"CarPlay hack discovered, Cisco patches vulnerabilities, Microsoft 365 phishing attacks on the rise...\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Weekly Security News - 22nd September 2025\" \/>\n<meta property=\"og:description\" content=\"CarPlay hack discovered, Cisco patches vulnerabilities, Microsoft 365 phishing attacks on the rise...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/\" \/>\n<meta property=\"og:site_name\" content=\"D2NA\" \/>\n<meta property=\"article:published_time\" content=\"2025-09-22T08:28:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-09-23T09:12:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/09\/2025-09-22.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Shaun Conway\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@D2NA\" \/>\n<meta name=\"twitter:site\" content=\"@D2NA\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shaun Conway\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/\"},\"author\":{\"name\":\"Shaun Conway\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/person\\\/624fbd3965489b22f6dcfc6d7eb4fb36\"},\"headline\":\"Weekly Security News – 22nd September 2025\",\"datePublished\":\"2025-09-22T08:28:16+00:00\",\"dateModified\":\"2025-09-23T09:12:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/\"},\"wordCount\":1069,\"publisher\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/2025-09-22.jpeg\",\"keywords\":[\"cyber attacks\",\"cyber security\",\"news\",\"patches\",\"vulnerabilities\",\"weekly security news\"],\"articleSection\":[\"Security News\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/\",\"name\":\"Weekly Security News - 22nd September 2025 - D2NA\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/2025-09-22.jpeg\",\"datePublished\":\"2025-09-22T08:28:16+00:00\",\"dateModified\":\"2025-09-23T09:12:52+00:00\",\"description\":\"CarPlay hack discovered, Cisco patches vulnerabilities, Microsoft 365 phishing attacks on the rise...\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/2025-09-22.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/2025-09-22.jpeg\",\"width\":1200,\"height\":628,\"caption\":\"2025-09-22\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/2025\\\/09\\\/22\\\/weekly-security-news-22nd-september-2025\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.d2na.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Weekly Security News – 22nd September 2025\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#website\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/\",\"name\":\"D2NA\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.d2na.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#organization\",\"name\":\"D2 Network Associates Limited\",\"alternateName\":\"D2NA\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/Header-Logo.png\",\"contentUrl\":\"https:\\\/\\\/www.d2na.com\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/Header-Logo.png\",\"width\":180,\"height\":60,\"caption\":\"D2 Network Associates Limited\"},\"image\":{\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/D2NA\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/d2-network-associates-ltd\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.d2na.com\\\/#\\\/schema\\\/person\\\/624fbd3965489b22f6dcfc6d7eb4fb36\",\"name\":\"Shaun Conway\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g\",\"caption\":\"Shaun Conway\"},\"sameAs\":[\"https:\\\/\\\/www.d2na.com\"],\"url\":\"https:\\\/\\\/www.d2na.com\\\/index.php\\\/author\\\/shaun-conway\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Weekly Security News - 22nd September 2025 - D2NA","description":"CarPlay hack discovered, Cisco patches vulnerabilities, Microsoft 365 phishing attacks on the rise...","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/","og_locale":"en_GB","og_type":"article","og_title":"Weekly Security News - 22nd September 2025","og_description":"CarPlay hack discovered, Cisco patches vulnerabilities, Microsoft 365 phishing attacks on the rise...","og_url":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/","og_site_name":"D2NA","article_published_time":"2025-09-22T08:28:16+00:00","article_modified_time":"2025-09-23T09:12:52+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/09\/2025-09-22.jpeg","type":"image\/jpeg"}],"author":"Shaun Conway","twitter_card":"summary_large_image","twitter_creator":"@D2NA","twitter_site":"@D2NA","twitter_misc":{"Written by":"Shaun Conway","Estimated reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/#article","isPartOf":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/"},"author":{"name":"Shaun Conway","@id":"https:\/\/www.d2na.com\/#\/schema\/person\/624fbd3965489b22f6dcfc6d7eb4fb36"},"headline":"Weekly Security News – 22nd September 2025","datePublished":"2025-09-22T08:28:16+00:00","dateModified":"2025-09-23T09:12:52+00:00","mainEntityOfPage":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/"},"wordCount":1069,"publisher":{"@id":"https:\/\/www.d2na.com\/#organization"},"image":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/09\/2025-09-22.jpeg","keywords":["cyber attacks","cyber security","news","patches","vulnerabilities","weekly security news"],"articleSection":["Security News"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/","url":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/","name":"Weekly Security News - 22nd September 2025 - D2NA","isPartOf":{"@id":"https:\/\/www.d2na.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/#primaryimage"},"image":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/#primaryimage"},"thumbnailUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/09\/2025-09-22.jpeg","datePublished":"2025-09-22T08:28:16+00:00","dateModified":"2025-09-23T09:12:52+00:00","description":"CarPlay hack discovered, Cisco patches vulnerabilities, Microsoft 365 phishing attacks on the rise...","breadcrumb":{"@id":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/#primaryimage","url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/09\/2025-09-22.jpeg","contentUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/09\/2025-09-22.jpeg","width":1200,"height":628,"caption":"2025-09-22"},{"@type":"BreadcrumbList","@id":"https:\/\/www.d2na.com\/index.php\/2025\/09\/22\/weekly-security-news-22nd-september-2025\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.d2na.com\/"},{"@type":"ListItem","position":2,"name":"Weekly Security News – 22nd September 2025"}]},{"@type":"WebSite","@id":"https:\/\/www.d2na.com\/#website","url":"https:\/\/www.d2na.com\/","name":"D2NA","description":"","publisher":{"@id":"https:\/\/www.d2na.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.d2na.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.d2na.com\/#organization","name":"D2 Network Associates Limited","alternateName":"D2NA","url":"https:\/\/www.d2na.com\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.d2na.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/12\/Header-Logo.png","contentUrl":"https:\/\/www.d2na.com\/wp-content\/uploads\/2025\/12\/Header-Logo.png","width":180,"height":60,"caption":"D2 Network Associates Limited"},"image":{"@id":"https:\/\/www.d2na.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/D2NA","https:\/\/www.linkedin.com\/company\/d2-network-associates-ltd\/"]},{"@type":"Person","@id":"https:\/\/www.d2na.com\/#\/schema\/person\/624fbd3965489b22f6dcfc6d7eb4fb36","name":"Shaun Conway","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7668c1fa014f994d5e689f28c828adb47f75821deca52ce9f6d05fa69447ffaf?s=96&d=mm&r=g","caption":"Shaun Conway"},"sameAs":["https:\/\/www.d2na.com"],"url":"https:\/\/www.d2na.com\/index.php\/author\/shaun-conway\/"}]}},"_links":{"self":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/5516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/comments?post=5516"}],"version-history":[{"count":11,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/5516\/revisions"}],"predecessor-version":[{"id":5530,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/posts\/5516\/revisions\/5530"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/media\/5524"}],"wp:attachment":[{"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/media?parent=5516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/categories?post=5516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.d2na.com\/index.php\/wp-json\/wp\/v2\/tags?post=5516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}