Cybersecurity News | Daily Recap [05 Sep 2025]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Patches

• Active exploitation of a critical CVE-2025-42957 in SAP S/4HANA allows full system takeover—organizations should patch and monitor immediately – SAP S/4HANA, SAP Exploit
• CISA ordered federal agencies to patch the Sitecore CVE-2025-53690 zero-day after exploitation that deployed WeepSteel backdoors via leaked machine keys – Sitecore Patch, Sitecore Backdoor
• A new critical TP-Link zero-day affecting multiple routers surfaced while CISA warns of other exploited TP‑Link flaws tied to the Quad7 botnet—patches are rolling out – TP-Link Zero-day
• Google patched 111 Android vulnerabilities and confirmed active exploitation of two zero-days in Android Runtime and the Linux kernel—update devices now – Android Patches

Nation-state APTs & Espionage

• APT28 deployed a new Outlook backdoor called NotDoor (VBA macros + cloud services) to monitor and exfiltrate emails from targets in NATO countries – NotDoor Backdoor
• Kimsuky is using multi-channel social engineering to deliver AppleSeed malware against South Korean defense, activist, and North Korea–related communities – Kimsuky Campaign
• North Korean operators conducted fake crypto job interview campaigns targeting 230+ victims and used malware families like ClickFix and RemotePE to compromise targets – Fake Interviews
• Czechia warned about rising Chinese and Russian cyber espionage risks tied to suspicious data transfers and remote admin access against critical infrastructure – Czech Warning

Law Enforcement & Takedowns

• The DOJ moved to seize $848,247 in Tether (USDT) tied to cross‑state confidence/crypto scams that used fake trading platforms to defraud victims – Tether Seizure
• Global enforcement led by ACE and Egyptian authorities dismantled the Streameast piracy empire (over 1.6 billion visits across 80 domains), showing cross‑border cooperation against large piracy networks – Streameast Takedown
• The U.S. offered up to $10 million for information on FSB officers tied to cyberattacks on energy infrastructure (Dragonfly/Havex), expanding rewards for nation‑state attribution – FSB Reward, US Reward

Malware Campaigns & SEO Fraud

• China‑linked GhostRedirector compromised over 65 Windows servers deploying backdoors (Rungan, Gamshen) and malicious IIS modules to run SEO fraud promoting gambling sites – GhostRedirector, Server Hacks
• An “‘SEO fraud‑as‑a‑service’” model hijacks Windows servers to boost gambling and affiliate sites via new backdoors and persistent IIS modules, illustrating monetized search‑ranking abuse – SEO Fraud
• Researchers uncovered a technique called Grokking that abuses X’s Grok AI to bypass ad protections and spread malvertising and malicious links to millions of users – Grok Exploit

Data Breaches & Incidents

• PowerSchool suffered a massive breach exposing data associated with up to 62 million students (including ~880,000 Texans), prompting lawsuits and a Texas AG suit alleging inadequate security and links to extortion groups like ShinyHunters – PowerSchool Breach, PowerSchool Lawsuit
• A cyberattack on Jaguar Land Rover disrupted global operations, forced staff to stay home, shut factories and resulted in a confirmed data breach claimed by English‑speaking hackers – JLR Attack
• Chess.com disclosed a breach via a third‑party file‑transfer tool that exposed data of ~4,500 users (no evidence of financial compromise), and has notified law enforcement – Chess.com Breach, Chess.com Disclosure
• More than 700 organizations were affected by the Salesforce–Salesloft Drift breach that exposed Salesforce data such as access keys and passwords across multiple cybersecurity firms – Salesforce Drift
• Miscellaneous incidents including the ZipLine campaign targeting US manufacturing, a breach at Vital Imaging, and attacks on Bridgestone and Qantas highlight ongoing industry targeting – Other Incidents

Infostealers & macOS Threats

• VirusTotal found 44 undetected SVG files used to deploy Base64‑encoded phishing pages impersonating judicial services and to deliver macOS info‑stealers like Atomic macOS Stealer – SVG Phishing
• An interview with the developer behind the rebranded macOS stealer MacSync (ex‑mentalpositive) sheds light on the MaaS model and evolving macOS theft tooling – MacSync Interview
• A practical guide explains how companies can detect and remediate infostealer infections using specialized tools and improved security practices – Infostealer Check

Research, Startups & Advice

• Academics developed A2, an AI‑powered Android vulnerability discovery and validation framework that automates analysis and exploitation testing with high accuracy and low compute cost – A2 Framework
• AI-driven offensive security firm FireCompass raised roughly $20–30 million to expand automated penetration testing and red‑teaming capabilities based on MITRE ATT&CK emulation – FireCompass Raise
• No‑code IGA solutions such as tenfold are promoted as faster, lower‑overhead alternatives to legacy identity governance to help meet security and compliance goals – No‑Code IGA
• A primer outlines the 6 browser‑based attacks security teams must defend against in 2025 as browsers become the primary enterprise attack surface – Browser Attacks
• Black Hat USA’s CISO Podcast (Episode 5) explores the dual nature of AI in security and the changing role of CISOs balancing innovation and risk – BlackHat Podcast

Privacy & Legal Actions

• A federal jury awarded plaintiffs $425 million in a privacy class action against Google for collecting user activity data despite users disabling tracking settings – Google Verdict
• France’s data protection authority fined Google €325M for cookie regulation breaches and unauthorized advertising in Gmail, underscoring EU privacy enforcement – Google Fine

Cybersecurity News | Daily Recap – hendryadrian.com