The Breach News

SAP S/4HANA Suffers Active Exploitation of Critical Vulnerability CVE-2025-42957

Sep 05, 2025
Vulnerability / Enterprise Security

A serious security flaw in SAP S/4HANA, a popular Enterprise Resource Planning (ERP) system, is currently being exploited in the wild. This command injection vulnerability, designated as CVE-2025-42957 and given a CVSS score of 9.9, was recently addressed by SAP in its monthly updates. According to the NIST National Vulnerability Database (NVD), “SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.” This flaw allows for the injection of arbitrary ABAP code into the system, bypassing critical authorization checks. A successful attack could compromise the entire SAP environment, threatening the confidentiality, integrity, and availability of the system. Attackers could manipulate the SAP database, create superuser accounts with SAP_ALL privileges, extract password hashes, and disrupt business processes.

Active Exploitation of Critical SAP S/4HANA Vulnerability CVE-2025-42957 On September 5, 2025, a severe security vulnerability affecting SAP S/4HANA, a widely utilized Enterprise Resource Planning (ERP) software, has been confirmed as being exploited in the wild. This critical command injection vulnerability, identified as CVE-2025-42957, carries a CVSS score of 9.9,…

Read More

SAP S/4HANA Suffers Active Exploitation of Critical Vulnerability CVE-2025-42957

Sep 05, 2025
Vulnerability / Enterprise Security

A serious security flaw in SAP S/4HANA, a popular Enterprise Resource Planning (ERP) system, is currently being exploited in the wild. This command injection vulnerability, designated as CVE-2025-42957 and given a CVSS score of 9.9, was recently addressed by SAP in its monthly updates. According to the NIST National Vulnerability Database (NVD), “SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC.” This flaw allows for the injection of arbitrary ABAP code into the system, bypassing critical authorization checks. A successful attack could compromise the entire SAP environment, threatening the confidentiality, integrity, and availability of the system. Attackers could manipulate the SAP database, create superuser accounts with SAP_ALL privileges, extract password hashes, and disrupt business processes.

Microsoft Issues Update for Actively Exploited Windows Zero-Day Vulnerability

On September 15, 2021, Microsoft released crucial software updates as part of its monthly Patch Tuesday cycle to address 66 security vulnerabilities across Windows and other platforms, including Azure, Office, BitLocker, and Visual Studio. Among these was an actively exploited zero-day flaw in the MSHTML Platform that surfaced last week. Of the 66 vulnerabilities, three are categorized as Critical, 62 as Important, and one as Moderate. Additionally, the company has resolved 20 vulnerabilities in the Chromium-based Microsoft Edge browser earlier this month. Notably, the most critical update targets CVE-2021-40444 (CVSS score: 8.8), a remote code execution vulnerability in MSHTML that can be exploited through malicious Microsoft Office documents, with experts noting that the exploit takes advantage of logical flaws for effective exploitation.

Microsoft Issues Critical Patch for Windows Zero-Day Vulnerability On September 15, 2021, Microsoft announced a series of crucial software updates designed to address 66 security vulnerabilities across Windows and various applications, such as Azure, Office, BitLocker, and Visual Studio. This action follows recent urgent security patches released by Apple and…

Read More

Microsoft Issues Update for Actively Exploited Windows Zero-Day Vulnerability

On September 15, 2021, Microsoft released crucial software updates as part of its monthly Patch Tuesday cycle to address 66 security vulnerabilities across Windows and other platforms, including Azure, Office, BitLocker, and Visual Studio. Among these was an actively exploited zero-day flaw in the MSHTML Platform that surfaced last week. Of the 66 vulnerabilities, three are categorized as Critical, 62 as Important, and one as Moderate. Additionally, the company has resolved 20 vulnerabilities in the Chromium-based Microsoft Edge browser earlier this month. Notably, the most critical update targets CVE-2021-40444 (CVSS score: 8.8), a remote code execution vulnerability in MSHTML that can be exploited through malicious Microsoft Office documents, with experts noting that the exploit takes advantage of logical flaws for effective exploitation.

World War C Report: Understanding the Motivations Behind State-Sponsored Cyber Attacks

October 3, 2013

Nation-state driven cyber attacks are increasingly prevalent worldwide, aimed at safeguarding national sovereignty and exerting global influence. In today’s cyber era, conflicts extend into cyberspace, marking it as the fifth domain of warfare. Governments are intensifying their efforts to develop robust cyber capabilities, establishing dedicated cyber units.

In this context, security firm FireEye has published the report “World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks.” This document provides an in-depth analysis of the various strategies employed by countries in executing state-sponsored cyber attacks. Experts are particularly concerned about the rise in these attacks, which are directed at both cyber espionage and sabotage, with notable campaigns like Moonlight Maze and Titan Rain exemplifying this trend.

State-Sponsored Cyber Attacks: An Evolving Battlefield October 3, 2013 In an age governed by rapid technological advancements, nation-state cyber attacks have become a common strategy employed globally to uphold national sovereignty and exert power. The proliferation of digital warfare signifies a shift where human conflict now unfolds across cyberspace, recognized…

Read More

World War C Report: Understanding the Motivations Behind State-Sponsored Cyber Attacks

October 3, 2013

Nation-state driven cyber attacks are increasingly prevalent worldwide, aimed at safeguarding national sovereignty and exerting global influence. In today’s cyber era, conflicts extend into cyberspace, marking it as the fifth domain of warfare. Governments are intensifying their efforts to develop robust cyber capabilities, establishing dedicated cyber units.

In this context, security firm FireEye has published the report “World War C: Understanding Nation-State Motives Behind Today’s Advanced Cyber Attacks.” This document provides an in-depth analysis of the various strategies employed by countries in executing state-sponsored cyber attacks. Experts are particularly concerned about the rise in these attacks, which are directed at both cyber espionage and sabotage, with notable campaigns like Moonlight Maze and Titan Rain exemplifying this trend.

TAG-150 Develops CastleRAT in Python and C, Enhancing CastleLoader Malware Operations

September 05, 2025
Botnet / Malware

The threat actor behind the malware-as-a-service (MaaS) framework and loader known as CastleLoader has introduced a remote access trojan, CastleRAT. Available in both Python and C versions, CastleRAT primarily functions to collect system information, download and execute additional payloads, and run commands via CMD and PowerShell, according to Recorded Future’s Insikt Group. The cybersecurity firm is monitoring the malicious activities attributed to TAG-150, which is believed to have been operational since at least March 2025. CastleLoader and its variants serve as initial access points for various secondary payloads, including other remote access trojans, information stealers, and additional loaders. CastleLoader (also referred to as CastleBot) was first reported by Swiss cybersecurity firm PRODAFT in July 2025, highlighting its use in campaigns distributing DeerStealer, RedLine, StealC, NetSupport RAT, SectopRAT, and Hijack Loader. Further analysis…

TAG-150 Expands CastleLoader Operations with New CastleRAT in Python and C September 5, 2025 In a recent development within the cybersecurity landscape, the threat group identified as TAG-150 has introduced a remote access trojan (RAT) named CastleRAT, complementing its existing malware-as-a-service (MaaS) framework known as CastleLoader. This new trojan is…

Read More

TAG-150 Develops CastleRAT in Python and C, Enhancing CastleLoader Malware Operations

September 05, 2025
Botnet / Malware

The threat actor behind the malware-as-a-service (MaaS) framework and loader known as CastleLoader has introduced a remote access trojan, CastleRAT. Available in both Python and C versions, CastleRAT primarily functions to collect system information, download and execute additional payloads, and run commands via CMD and PowerShell, according to Recorded Future’s Insikt Group. The cybersecurity firm is monitoring the malicious activities attributed to TAG-150, which is believed to have been operational since at least March 2025. CastleLoader and its variants serve as initial access points for various secondary payloads, including other remote access trojans, information stealers, and additional loaders. CastleLoader (also referred to as CastleBot) was first reported by Swiss cybersecurity firm PRODAFT in July 2025, highlighting its use in campaigns distributing DeerStealer, RedLine, StealC, NetSupport RAT, SectopRAT, and Hijack Loader. Further analysis…

VMware Issues Urgent Warning About Critical File Upload Vulnerability in vCenter Server

On September 22, 2021, VMware released a bulletin detailing up to 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that could be exploited by remote attackers to gain control of affected systems. The most pressing concern is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005), which affects vCenter Server versions 6.7 and 7.0. According to VMware, “A malicious actor with network access to port 443 on vCenter Server could exploit this issue to execute code by uploading a specially crafted file.” The company emphasized that this vulnerability is accessible to anyone who can reach vCenter Server over the network, irrespective of its configuration settings. While VMware has provided temporary workarounds for this issue, they caution that these measures are intended only as a stopgap until proper updates can be deployed.

VMware Issues Urgent Advisory on Critical File Upload Vulnerability in vCenter Server On September 22, 2021, VMware issued a critical alert highlighting the discovery of 19 vulnerabilities within its vCenter Server and Cloud Foundation appliances. These vulnerabilities pose significant risks, allowing remote attackers the potential to gain control over affected…

Read More

VMware Issues Urgent Warning About Critical File Upload Vulnerability in vCenter Server

On September 22, 2021, VMware released a bulletin detailing up to 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that could be exploited by remote attackers to gain control of affected systems. The most pressing concern is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005), which affects vCenter Server versions 6.7 and 7.0. According to VMware, “A malicious actor with network access to port 443 on vCenter Server could exploit this issue to execute code by uploading a specially crafted file.” The company emphasized that this vulnerability is accessible to anyone who can reach vCenter Server over the network, irrespective of its configuration settings. While VMware has provided temporary workarounds for this issue, they caution that these measures are intended only as a stopgap until proper updates can be deployed.

Adobe Hacked: 2.9 Million Customer Accounts Compromised

October 4, 2013

On Thursday, hackers infiltrated Adobe Systems’ internal network, compromising the personal information of 2.9 million customers alongside the source code of several popular Adobe products. This incident marks a significant blow to Adobe’s reputation, affecting well-known software like Photoshop.

The breach exposed sensitive user details, including account IDs, encrypted passwords, and credit and debit card numbers. While Adobe has not specified which software users were affected, the compromised products include Adobe Acrobat, ColdFusion, and ColdFusion Builder.

In a customer security alert, Adobe stated: “We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident.” Adobe’s Arkin reassured that there is currently no awareness of zero-day exploits or other particular threats to its customers following the breach.

Adobe Suffers Major Data Breach: Hackers Compromise 2.9 Million Customer Accounts On October 4, 2013, Adobe Systems reported a significant data breach that has raised alarms across the cybersecurity landscape. Cybercriminals infiltrated the company’s internal network, leading to the unauthorized acquisition of personal information belonging to approximately 2.9 million customers…

Read More

Adobe Hacked: 2.9 Million Customer Accounts Compromised

October 4, 2013

On Thursday, hackers infiltrated Adobe Systems’ internal network, compromising the personal information of 2.9 million customers alongside the source code of several popular Adobe products. This incident marks a significant blow to Adobe’s reputation, affecting well-known software like Photoshop.

The breach exposed sensitive user details, including account IDs, encrypted passwords, and credit and debit card numbers. While Adobe has not specified which software users were affected, the compromised products include Adobe Acrobat, ColdFusion, and ColdFusion Builder.

In a customer security alert, Adobe stated: “We believe these attacks may be related. We are working diligently internally, as well as with external partners and law enforcement, to address the incident.” Adobe’s Arkin reassured that there is currently no awareness of zero-day exploits or other particular threats to its customers following the breach.

CISA Urges Immediate Patching of Critical Sitecore Vulnerability Under Active Attack

September 5, 2025
Vulnerability / Threat Intelligence

Federal Civilian Executive Branch (FCEB) agencies are directed to update their Sitecore systems by September 25, 2025, due to a critical security vulnerability, identified as CVE-2025-53690, that is currently being exploited. The vulnerability has a CVSS score of 9.0 out of 10, highlighting its severity. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), this flaw affects Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud, allowing for deserialization of untrusted data through default machine keys. This presents an opportunity for attackers to execute remote code by exploiting exposed ASP.NET machine keys. Mandiant, a Google-owned cybersecurity firm, reported that the ongoing ViewState deserialization attacks utilized a sample machine key found in Sitecore deployment guides from 2017 and earlier. The threat intelligence team…

CISA Urges Immediate Updates to Sitecore Systems Due to Critical Vulnerability Under Active Attack September 5, 2025 Recent developments in cybersecurity have prompted the Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning to Federal Civilian Executive Branch (FCEB) agencies regarding a critical vulnerability in Sitecore software, specifically affecting…

Read More

CISA Urges Immediate Patching of Critical Sitecore Vulnerability Under Active Attack

September 5, 2025
Vulnerability / Threat Intelligence

Federal Civilian Executive Branch (FCEB) agencies are directed to update their Sitecore systems by September 25, 2025, due to a critical security vulnerability, identified as CVE-2025-53690, that is currently being exploited. The vulnerability has a CVSS score of 9.0 out of 10, highlighting its severity. According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), this flaw affects Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud, allowing for deserialization of untrusted data through default machine keys. This presents an opportunity for attackers to execute remote code by exploiting exposed ASP.NET machine keys. Mandiant, a Google-owned cybersecurity firm, reported that the ongoing ViewState deserialization attacks utilized a sample machine key found in Sitecore deployment guides from 2017 and earlier. The threat intelligence team…

Critical Remote Code Execution Vulnerability Found in Multiple Netgear Router Models

On September 22, 2021, networking company Netgear alerted users about a critical remote code execution (RCE) vulnerability, identified as CVE-2021-40847 (CVSS score: 8.1), affecting various router models. This weakness could allow remote attackers to gain control of affected systems. Netgear has released firmware updates to address the issue for the following models:

  • R6400v2 (version 1.0.4.120)
  • R6700 (version 1.0.2.26)
  • R6700v3 (version 1.0.4.120)
  • R6900 (version 1.0.2.26)
  • R6900P (version 3.3.142_HOTFIX)
  • R7000 (version 1.0.11.128)
  • R7000P (version 1.3.3.142_HOTFIX)
  • R7850 (version 1.0.5.76)
  • R7900 (version 1.0.4.46)
  • R8000 (version 1.0.4.76)
  • RS400 (version 1.5.1.80)

Security researcher Adam Nichols from GRIMM noted that the vulnerability is linked to Circle, a third-party component integrated into the router firmware.

Critical Remote Code Execution Vulnerability Found in Multiple Netgear Router Models On September 22, 2021, networking equipment manufacturer Netgear announced the release of crucial patches to address a high-severity remote code execution vulnerability that could allow unauthorized attackers to gain control over affected routers. This vulnerability, assigned the identifier CVE-2021-40847…

Read More

Critical Remote Code Execution Vulnerability Found in Multiple Netgear Router Models

On September 22, 2021, networking company Netgear alerted users about a critical remote code execution (RCE) vulnerability, identified as CVE-2021-40847 (CVSS score: 8.1), affecting various router models. This weakness could allow remote attackers to gain control of affected systems. Netgear has released firmware updates to address the issue for the following models:

  • R6400v2 (version 1.0.4.120)
  • R6700 (version 1.0.2.26)
  • R6700v3 (version 1.0.4.120)
  • R6900 (version 1.0.2.26)
  • R6900P (version 3.3.142_HOTFIX)
  • R7000 (version 1.0.11.128)
  • R7000P (version 1.3.3.142_HOTFIX)
  • R7850 (version 1.0.5.76)
  • R7900 (version 1.0.4.46)
  • R8000 (version 1.0.4.76)
  • RS400 (version 1.5.1.80)

Security researcher Adam Nichols from GRIMM noted that the vulnerability is linked to Circle, a third-party component integrated into the router firmware.

13 Members of Anonymous Charged in ‘Operation Payback’ Cyber Attack Scheme

Oct 04, 2013

A U.S. Grand Jury has indicted 13 alleged members of the hacking collective Anonymous for their involvement in cyber attacks against various websites during the anti-copyright initiative known as “Operation Payback.” The group executed denial-of-service (DDoS) attacks on sites belonging to organizations like the Recording Industry Association of America, Visa, and MasterCard. These actions were in retaliation for the closure of “The Pirate Bay,” a Swedish file-sharing platform used for illegal downloads. The DDoS campaign later targeted Bank of America and other credit card companies after they declined to process payments for WikiLeaks. The indictment charges the suspects with conspiracy to intentionally damage protected computers and using software called Low Orbit Ion Cannon (LOIC) to facilitate the attacks.

Thirteen Members of Anonymous Indicted in Operation Payback Cyber Attacks On October 4, 2013, a U.S. grand jury announced the indictment of thirteen individuals associated with the hacking group Anonymous, in connection with a series of cyber attacks carried out under the banner of “Operation Payback.” This initiative was reportedly…

Read More

13 Members of Anonymous Charged in ‘Operation Payback’ Cyber Attack Scheme

Oct 04, 2013

A U.S. Grand Jury has indicted 13 alleged members of the hacking collective Anonymous for their involvement in cyber attacks against various websites during the anti-copyright initiative known as “Operation Payback.” The group executed denial-of-service (DDoS) attacks on sites belonging to organizations like the Recording Industry Association of America, Visa, and MasterCard. These actions were in retaliation for the closure of “The Pirate Bay,” a Swedish file-sharing platform used for illegal downloads. The DDoS campaign later targeted Bank of America and other credit card companies after they declined to process payments for WikiLeaks. The indictment charges the suspects with conspiracy to intentionally damage protected computers and using software called Low Orbit Ion Cannon (LOIC) to facilitate the attacks.