CyberNews: 05/09/2025 Edition

Published by Dunateo on 2025-09-05

Today’s roundup

  • SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild
  • Russian APT28 Deploys “NotDoor” Outlook Backdoor Against Companies in NATO Countries
  • SVG files used in hidden malware campaign impersonating Colombian authorities
  • GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
  • Sitecore Zero-Day Sparks New Round of ViewState Threats
  • $10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure
  • macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security
  • Texas sues PowerSchool for breach exposing the data of students and teachers
  • Google hit with $425 million verdict in privacy class action suit
  • Cyberattack forces Jaguar Land Rover to tell staff to stay at home

    • Summary

    A critical SAP S/4HANA vulnerability (CVE-2025-42957, CVSS 9.9) is under active exploitation, allowing command injection via user privileges. Russian state-backed APT28 deployed the NotDoor Outlook backdoor, targeting NATO firms by monitoring emails for trigger words. VirusTotal uncovered a phishing campaign using SVG files embedded with JavaScript to impersonate Colombia’s judicial system and drop malware. GhostRedirector compromised 65 Windows servers in Brazil, Thailand, and Vietnam using Rungan backdoor and Gamshen IIS modules. Sitecore faces new risks as threat actors exploit a zero-day in ASP.NET machine keys for remote code execution. The US issued a $10M bounty for FSB operatives tied to attacks on 500+ global energy firms. macOS users are targeted via cracked apps deploying AMOS stealer malware. Texas sued PowerSchool over a breach exposing data of 880,000 individuals. A federal jury fined Google $425M for tracking users with disabled activity settings. Jaguar Land Rover halted operations after a cyberattack, instructing employees to work remotely.

    Want to dig deeper?

    Vulnerabilities

  • CVE-2025-42957