CyberNews: 06/09/2025 Edition

Published by Dunateo on 2025-09-06

Today’s roundup

  • Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
  • CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation
  • TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations
  • MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel
  • GOP Cries Censorship Over Spam Filters That Work
  • Critical SAP S/4HANA Vulnerability Under Attack, Patch Now
  • Anyone Using Agentic AI Needs to Understand Toxic Flows

    • Summary

    A new set of malicious npm packages (impersonating Flashbots) has been found stealing Ethereum developers' private keys via Telegram bot exfiltration. CISA mandated federal agencies to patch a critical actively exploited Sitecore vulnerability (CVE-2025-53690, CVSS 9.0) by September 25. TAG-150 threat actors expanded operations with CastleRAT malware, offering both Python and C variants for system control and payload delivery. Security researchers confirmed active exploitation of SAP S/4HANA's CVE-2025-42957 (CVSS 9.9), enabling full system compromise via low-privilege access. MeetC2, a novel C2 framework, abuses Google Calendar APIs for covert serverless command execution. Experts disputed GOP claims of email censorship, attributing blocked messages to WinRed's spam practices overwhelming traps. SAP customers face urgent patching requirements as unaddressed CVE-2025-42957 allows code execution with minimal effort. Cybersecurity analysts warn AI agent vulnerabilities predominantly occur at enterprise system integration points. DarkReading highlighted ongoing scams exploiting X's Grok feature to bypass link bans. KrebsOnSecurity detailed technical analyses showing political fundraising platforms’ divergent spam compliance impacts deliverability.

    Want to dig deeper?

    Vulnerabilities

  • CVE-2025-42957
  • CVE-2025-53690