CyberNews: 06/09/2025 Edition
Today’s roundup
Summary
A new set of malicious npm packages (impersonating Flashbots) has been found stealing Ethereum developers' private keys via Telegram bot exfiltration. CISA mandated federal agencies to patch a critical actively exploited Sitecore vulnerability (CVE-2025-53690, CVSS 9.0) by September 25. TAG-150 threat actors expanded operations with CastleRAT malware, offering both Python and C variants for system control and payload delivery. Security researchers confirmed active exploitation of SAP S/4HANA's CVE-2025-42957 (CVSS 9.9), enabling full system compromise via low-privilege access. MeetC2, a novel C2 framework, abuses Google Calendar APIs for covert serverless command execution. Experts disputed GOP claims of email censorship, attributing blocked messages to WinRed's spam practices overwhelming traps. SAP customers face urgent patching requirements as unaddressed CVE-2025-42957 allows code execution with minimal effort. Cybersecurity analysts warn AI agent vulnerabilities predominantly occur at enterprise system integration points. DarkReading highlighted ongoing scams exploiting X's Grok feature to bypass link bans. KrebsOnSecurity detailed technical analyses showing political fundraising platforms’ divergent spam compliance impacts deliverability.