CyberNews: 06/09/2025 Edition

Published by Dunateo on 2025-09-06

Today’s roundup

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

TAG-150 Develops CastleRAT in Python and C, Expanding CastleLoader Malware Operations

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

MeetC2 – A serverless C2 framework that leverages Google Calendar APIs as a communication channel

GOP Cries Censorship Over Spam Filters That Work

Critical SAP S/4HANA Vulnerability Under Attack, Patch Now

Anyone Using Agentic AI Needs to Understand Toxic Flows

Summary

A new set of malicious npm packages (impersonating Flashbots) has been found stealing Ethereum developers' private keys via Telegram bot exfiltration. CISA mandated federal agencies to patch a critical actively exploited Sitecore vulnerability (CVE-2025-53690, CVSS 9.0) by September 25. TAG-150 threat actors expanded operations with CastleRAT malware, offering both Python and C variants for system control and payload delivery. Security researchers confirmed active exploitation of SAP S/4HANA's CVE-2025-42957 (CVSS 9.9), enabling full system compromise via low-privilege access. MeetC2, a novel C2 framework, abuses Google Calendar APIs for covert serverless command execution. Experts disputed GOP claims of email censorship, attributing blocked messages to WinRed's spam practices overwhelming traps. SAP customers face urgent patching requirements as unaddressed CVE-2025-42957 allows code execution with minimal effort. Cybersecurity analysts warn AI agent vulnerabilities predominantly occur at enterprise system integration points. DarkReading highlighted ongoing scams exploiting X's Grok feature to bypass link bans. KrebsOnSecurity detailed technical analyses showing political fundraising platforms’ divergent spam compliance impacts deliverability.

Want to dig deeper?

Vulnerabilities

CVE-2025-42957

CVE-2025-53690