Cyber Briefing: 2025.09.15

FBI warns UNC6040 & UNC6395 targeting Salesforce, Samsung patches CVE-2025-21043, Apple alerts spyware in France, China firewall data leaked, banks & credit centers breached.

Sep 15, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. FBI Warns UNC6040 UNC6395 Target Salesforce

The FBI has issued an alert about two cybercrime groups, UNC6040 and UNC6395, that have been stealing data and extorting companies by targeting their Salesforce platforms. These groups use different methods, like exploiting a breach in the Salesloft Drift application and using phishing tactics, to gain access and steal large volumes of data.

2. Samsung Fixes Zero-Day CVE-2025-21043

Samsung has released its September 2025 security updates for Android, addressing a critical vulnerability, CVE-2025-21043, that has been actively exploited in zero-day attacks. This flaw, found in the libimagecodec.quram.so image parsing library, could allow attackers to remotely execute arbitrary code on affected devices running Android versions 13 through 16.

3. Apple Warns French Users of Spyware

Apple has issued new warnings to users in France about a spyware campaign targeting their devices, marking the fourth such notification this year. These highly-targeted attacks focus on specific individuals like journalists, politicians, and activists.

For more alerts, click here!

Search Jobs

💥 Cyber Incidents

4. Great Firewall of China Data Leaked

A massive data breach has exposed over 500 GB of sensitive information from the Great Firewall of China (GFW), revealing its internal workings and international export deals. The leaked data, which includes source code and surveillance configurations, poses a significant security risk to researchers who download it.

5. West Virginia Credit Union Data Breach

Fairmont Federal Credit Union is notifying over 187,000 individuals that their personal and financial information was stolen in a data breach that occurred between September and October of 2023. The compromised information is extensive and includes social security numbers, financial details, and full credit card information, though the credit union says it's not aware of any identity theft or fraud as a result.

6. ShinyHunters Hit Vietnam Credit Center

Vietnam’s National Credit Information Center (CIC) has been hit by a cyberattack from the hacking group ShinyHunters, with authorities confirming personal data was stolen. Vietnam's cyber emergency response team (VNCERT) has confirmed signs of unauthorized access, and an investigation into the breach is ongoing.

For more incidents, click here!

Click to Report

📢 Cyber News

7. Vendor Delayed Fix for Card Top-Up Hack

A cybersecurity firm, SEC Consult, discovered a serious vulnerability in some of KioSoft's NFC-based payment cards, which allows for unauthorized balance top-ups. The firm reported the issue to KioSoft in 2023, but it took the company over a year to release a firmware patch.

8. UK ICO Finds Students Behind Breaches

Over half of all school data breaches in the UK were caused by students, showing that kids are unexpectedly shaping cybersecurity. A report from the UK Information Commissioner's Office (ICO) found that students were responsible for most of the data breaches at schools across the country.

9. Google Fought California Privacy Bill

Navah Hopkins, a Rhode Island resident and small business owner, received a petition from Google via email that asked her to oppose California legislation that would require browsers to automatically inform websites not to track users' personal data. The email from the tech giant claimed the bill would harm her ability to use online ads to reach customers, but Google’s name wasn’t on the petition; instead, the petition was officially from the "Connected Commerce Council," a group the company financially backs.

For more news, click here!

Check Events

📈Cyber Stocks

On Monday, September 15, 2025, cybersecurity stocks traded lower as investors reacted to recent inflation data, concerns over the pace of Federal Reserve rate cuts, and company-specific developments that shaped sentiment across the sector. The pullback reflected a combination of macroeconomic caution and scrutiny of business execution within the cybersecurity space.

Cloudflare (NET) closed at $221.32, down 1.42 percent, after reports of a faulty dashboard update that temporarily overloaded its tenant service API raised questions about operational reliability.
Rapid7 (RPD) finished at $19.56, down 2.62 percent, as valuation concerns and broader macroeconomic headwinds outweighed optimism around its recent AI automation product announcements.
Darktrace (DARK.L) traded steadily in London, holding close to recent levels, as investor optimism about its AI driven detection platform was balanced by ongoing governance and regulatory scrutiny.
SentinelOne (S) settled at $18.29, down 0.92 percent, reflecting investor caution over its ability to maintain growth momentum amid increasing competition in the endpoint security market.
Okta (OKTA) closed at $90.34, down 1.79 percent, as investors reassessed its strong second quarter results and recent acquisition activity against a backdrop of tightening economic conditions.

💡 Cyber Tip

📱 Samsung Fixes Zero-Day Exploit in Android Devices

Samsung has released its September 2025 security updates to fix a critical vulnerability in its Android devices that was already being exploited in active attacks. The flaw lies in an image parsing library used across Android versions 13 through 16 and could allow attackers to take over a device remotely just by processing a malicious image.

✅ What you should do

Install the September 2025 security update on your Samsung device immediately
Keep automatic updates enabled to ensure timely patching
Be cautious when opening images from unknown or untrusted sources
Regularly back up your data in case of device compromise
Use reputable mobile security tools for extra protection

🔒 Why this matters

This zero-day exploit was already used in real attacks and allows remote code execution without user interaction. Updating promptly is the most effective defense to prevent attackers from hijacking your device and accessing sensitive data.