CyberNews: 05/09/2025 Edition
Today’s roundup
Summary
A critical SAP S/4HANA vulnerability (CVE-2025-42957, CVSS 9.9) is under active exploitation, allowing command injection via user privileges. Russian state-backed APT28 deployed the NotDoor Outlook backdoor, targeting NATO firms by monitoring emails for trigger words. VirusTotal uncovered a phishing campaign using SVG files embedded with JavaScript to impersonate Colombia’s judicial system and drop malware. GhostRedirector compromised 65 Windows servers in Brazil, Thailand, and Vietnam using Rungan backdoor and Gamshen IIS modules. Sitecore faces new risks as threat actors exploit a zero-day in ASP.NET machine keys for remote code execution. The US issued a $10M bounty for FSB operatives tied to attacks on 500+ global energy firms. macOS users are targeted via cracked apps deploying AMOS stealer malware. Texas sued PowerSchool over a breach exposing data of 880,000 individuals. A federal jury fined Google $425M for tracking users with disabled activity settings. Jaguar Land Rover halted operations after a cyberattack, instructing employees to work remotely.