Pentesting Weekly Digest — September 13–19, 2025

Another week, another mix of hardware-level hacks, fresh zero-days, and even law-enforcement news. Let’s break down what mattered most.

Sep 21, 2025

🔹 Phoenix RowHammer on DDR5

Researchers unveiled a new RowHammer variant called Phoenix, and it’s a nasty one. Unlike older RowHammer tricks, Phoenix bypasses the latest DDR5 protections, including on-die ECC.

In lab tests, attackers managed to:

escalate privileges to root,
extract RSA-2048 keys from VMs,
and tamper with memory page tables.

Bottom line: hardware defenses aren’t bulletproof, and low-level memory attacks are very much alive.
Read more → TechRadar Pro

🔹 Chrome Zero-Day in the Wild

Google patched CVE-2025-10585, a type confusion bug in the V8 JavaScript/WebAssembly engine. It was already being actively exploited before the fix.

For pentesters and defenders alike: browser zero-days remain a prime entry point for phishing kits and drive-by attacks. Update Chrome yesterday.
Read more → The Hacker News

🔹 Ivanti Security Bulletin: 13 Critical Flaws

Ivanti’s September update fixed 13 critical vulnerabilities across Connect Secure, Policy Secure, Endpoint Manager, and ZTA Gateways.

The issues range from RCE and CSRF to broken authorization checks. Since these products often sit at the perimeter, unpatched systems are juicy targets.
Read more → NPAV Blog

🔹 Scattered Spider Arrests in the UK

Two teenagers allegedly linked to the Scattered Spider crew were arrested in the UK. Authorities say they played a role in cyberattacks on London’s transport infrastructure.

The group is infamous for bold social engineering campaigns and breaching major corporate networks.
Read more → SecurityWeek

🔹 Collins Aerospace Attack Disrupts Airports

Several European airports — including Heathrow, Brussels, and Berlin — faced disruptions after a cyberattack on Collins Aerospace.

This is another reminder that aviation and critical infrastructure remain one step away from chaos when targeted by the right actors.
Read more → Security Affairs

🔹 Microsoft Patch Tuesday — September 2025

This month’s Patch Tuesday closed 84 vulnerabilities, including two zero-days. The bulk of fixes involve privilege escalation and remote code execution flaws.

Deploying the patches isn’t enough — make sure they actually stick in production.
Read more → CrowdStrike

🛠 Closing Note

Old tricks like RowHammer are back with a vengeance, Ivanti is still making headlines for the wrong reasons, and real-world arrests prove that young crews can hit critical infrastructure.

For red teamers: watch how these flaws get weaponized. For blue teams: patch, monitor, and don’t underestimate hardware-level threats.