CyberNews: 08/09/2025 Edition

Published by Dunateo on 2025-09-08

Today’s roundup

  • Qualys, Tenable Latest Victims of Salesloft Drift Hack
  • GhostAction Supply Chain Attack Compromises 3000+ Secrets
  • SAP S/4HANA Users Urged to Patch Critical Exploited Bug
  • Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

    • Summary

    A multi-vendor breach linked to Salesloft Drift compromised Qualys, Tenable, Palo Alto Networks, Cloudflare, and Zscaler, exposing customer data via an AI chatbot integration. Separately, the GhostAction campaign targeted GitHub, leaking over 3,000 credentials across 4,000 repositories through malicious GitHub Actions. SAP issued urgent warnings for CVE-2025-42957, a critical code injection flaw actively exploited in S/4HANA systems, urging immediate patching. Meanwhile, Czechia's NUKIB escalated alerts on Chinese-linked cyber risks, citing APT31's espionage campaigns against energy, healthcare, and government sectors, alongside vulnerabilities in Chinese-managed devices like smart meters and EVs.

    Want to dig deeper?

    Vulnerabilities

  • CVE-2025-42957