Related Posts

Noodlophile Malware Campaign Broadens Global Scope with Targeted Copyright Phishing Tactics

Aug 18, 2025
Malware / Enterprise Security

The Noodlophile malware actors are intensifying their reach, employing spear-phishing emails and enhanced delivery techniques to target enterprises in the U.S., Europe, Baltic countries, and the Asia-Pacific (APAC) region. According to Morphisec researcher Shmuel Uzan, “The Noodlophile campaign, active for over a year, now utilizes sophisticated spear-phishing emails masquerading as copyright infringement notices, complete with reconnaissance-driven details such as specific Facebook Page IDs and company ownership information.” Previously reported by a cybersecurity vendor in May 2025, the Noodlophile campaign initially leveraged fake AI-powered tools as malware lures, which were promoted on social media platforms like Facebook. The shift to copyright infringement tactics, however, is not a new strategy.

The Importance of Security Culture in Reducing Cyber Risk

In an era where organizations have invested two decades in enhancing their security architectures, a stark reality has emerged: advanced tools and technologies alone cannot sufficiently mitigate cyber risks. As technology has evolved, so too have the tactics of cyber attackers, who are increasingly targeting human behavior rather than solely infrastructure vulnerabilities. Recent data shows that the initial breach vector is often not a technical exploit but rather the exploitation of human vulnerabilities.

According to Verizon’s Data Breach Investigations Report, human factors have been the leading cause of breaches for five consecutive years. The most recent report indicates that almost 60% of all breaches in 2024 involved a human element. However, it is essential to clarify a prevalent misconception: the notion that “people are the weakest link” wrongly places the blame solely on employees for breaches.

Public Exploit Combines Two Critical SAP Vulnerabilities, Leaving Unpatched Systems Open to Remote Code Execution

Date: Aug 19, 2025
Category: Vulnerability / Cyber Espionage

A new exploit has emerged that leverages two critical, now-patched vulnerabilities in SAP NetWeaver, putting organizations at significant risk of system compromise and data theft. This exploit chains CVE-2025-31324 and CVE-2025-42999 to bypass authentication and enable remote code execution, according to SAP security firm Onapsis.

  • CVE-2025-31324 (CVSS score: 10.0) – Lacks authorization checks in SAP NetWeaver’s Visual Composer development server
  • CVE-2025-42999 (CVSS score: 9.1) – Vulnerability due to insecure deserialization in the same server

These vulnerabilities were patched by SAP in April and May 2025, but not before they were exploited as zero-days by threat actors as early as March. Multiple ransomware and data extortion groups, including Qilin, BianLian, and RansomExx, have been seen exploiting these flaws, along with several espionage groups linked to China targeting critical infrastructures.

New GodRAT Trojan Targets Trading Firms Using Steganography and Gh0st RAT Techniques

August 19, 2025
Malware / Cyber Attack

Financial institutions, particularly trading and brokerage firms, are currently facing a new threat from a remote access trojan known as GodRAT. According to Kaspersky researcher Saurabh Sharma, this malware is spread through malicious .SCR (screen saver) files disguised as financial documents sent via Skype Messenger. Active as recently as August 12, 2025, the attacks utilize steganography to hide shellcode within image files, enabling the download of the malware from a command-and-control (C2) server. Since September 9, 2024, these screen saver artifacts have targeted regions including Hong Kong, the United Arab Emirates, Lebanon, Malaysia, and Jordan. Based on Gh0st RAT, GodRAT employs a plugin-based architecture to enhance its capabilities for gathering sensitive information and delivering additional payloads like AsyncRAT.