Svoboda Cybersecurity Brief September 06, 2025

Sep 06, 2025

Critical SAP S/4HANA Vulnerability Exploited in Attacks

A critical SAP S/4HANA vulnerability (CVE-2025-42957, CVSS 9.9) allows low-privileged users to inject arbitrary ABAP code, bypass authorization checks, and fully compromise SAP systems. Exploitation has been observed in the wild, enabling attackers to modify databases, create admin accounts, and steal data.
Impact: Full system compromise leading to fraud, data theft, espionage, or ransomware deployment.
Mitigation: Apply SAP patches (versions 3.1.2, 3.0.14, 2.14.16, 2.13.9), monitor logs for suspicious RFC calls, and restrict RFC usage via SAP UCON.
Source: SecurityWeek

Department of State Employee Sentenced for Espionage

A U.S. State Department employee, Michael Schena, was sentenced to 4 years for transmitting classified national defense information to suspected Chinese government agents. Schena exchanged sensitive data for money and used a burner phone for communications.
Source: DataBreaches.net

Max-Severity Argo CD Flaw Exposes Repository Credentials

A critical Argo CD vulnerability (CVE-2025-55190, CVSS 10.0) allows low-privileged API tokens to leak repository credentials, enabling attackers to clone private codebases or inject malicious manifests. The flaw affects all versions up to 2.13.0.
Impact: Unauthorized access to sensitive credentials, potential supply chain attacks.
Mitigation: Upgrade to patched versions (3.1.2, 3.0.14, 2.14.16, 2.13.9).
Source: BleepingComputer

CISA Orders Patch for Critical Sitecore Vulnerability

CISA mandates federal agencies to patch a critical Sitecore flaw (CVE-2025-53690, CVSS 9.0) by September 25, 2025, due to active exploitation. Attackers exploit default ASP.NET machine keys for remote code execution.
Impact: RCE leading to data theft and network compromise.
Mitigation: Rotate machine keys, lock down configurations, and scan for compromise.
Source: The Hacker News

Qantas Executives Penalized for Major Data Breach

Qantas CEO and executives lost $522,000 in pay after a breach exposing 5.7 million customers’ data via a Salesforce attack by ShinyHunters/Scattered Spider. The airline secured an injunction to block data distribution.
Source: DataBreaches.net

TAG-150 Expands Malware Operations with CastleRAT

The group behind CastleLoader developed CastleRAT, a Python/C-based RAT that steals system info, executes payloads, and hijacks cryptocurrency transactions. Infections often start via ClickFix phishing or fake GitHub repositories.
Source: The Hacker News

Wealthsimple Discloses Data Breach Impacting 1% of Clients

Canadian financial firm Wealthsimple confirmed a breach exposing contact details, government IDs, and financial info of <1% of clients. Attackers exploited a compromised third-party software package.
Source: BleepingComputer

North Korean Hackers Target Crypto Jobs in Fake Interviews

North Korean hackers impersonated crypto firms like Robinhood in 230+ fake job interviews, using ClickFix techniques to deploy malware. Victims were lured to attacker-controlled sites mimicking skill assessments.
Source: SecurityWeek

Idaho Hacker Appeals 10-Year Sentence for Medical Extortion

Robert Purbeck, who hacked medical practices and threatened victims’ families, was sentenced to 10 years after doxing a U.S. attorney. He had made $53,000 but owes $1M in restitution.
Source: DataBreaches.net

Undetected SVG Phishing Campaign Targets Colombian Judiciary

Attackers used 44 unique SVG files to deliver Base64-encoded phishing pages mimicking Colombia’s judicial system. The files evade detection via obfuscation and junk code.
Source: The Hacker News

Share this brief: https://svo.bz/r7re

If you want to support us, you can donate here: Donate