Cyber Briefing: 2025.09.02

Sitecore suffers a critical exploit chain enabling cache poisoning and remote code execution. Hackers launch the first AI-powered attack on the Nx build system.

Sep 02, 2025

👉 What's the latest in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Sitecore Exploit Chain Warning

Three new security vulnerabilities in the Sitecore Experience Platform have been disclosed, including flaws that could lead to information disclosure and remote code execution. Patches have been released for these issues, and researchers have shown how they could be chained together to compromise a fully patched system.

2. AI Weaponized Nx Supply Chain Attack

Hackers infiltrated the Nx build system to steal thousands of user credentials in a supply chain attack. They exploited a vulnerability in a GitHub workflow to publish malicious versions of the Nx package, which then exfiltrated sensitive data from affected user systems.

3. High Risk SQLi In WordPress Plugin

A serious SQL injection vulnerability in the WordPress Paid Membership Subscriptions plugin affects versions 2.15.1 and below, allowing attackers to manipulate database queries without authentication. This flaw, tracked as CVE-2025-49870, has been patched in version 2.15.2, and all users should update immediately to prevent data theft and site compromise.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Lotte Card Cyberattack Reported

Lotte Card recently reported a cyberattack after discovering malicious code on its internal servers, prompting an investigation by the Financial Supervisory Service. While attempts to exfiltrate data were detected,

5. Zscaler Data Breach Exposes Info

Cybersecurity firm Zscaler has been impacted by a supply-chain attack on its Salesforce instance, leading to the theft of customer data, including contact information and support case content. The breach is part of a larger campaign by the threat actor UNC6395, who exploited a compromised Salesloft Drift integration to steal credentials and sensitive data from numerous companies.

6. Von Der Leyen Plane GPS Jamming

An aircraft carrying European Commission President Ursula von der Leyen experienced GPS jamming while flying to Bulgaria, an incident European authorities suspect was caused by Russia. The plane landed safely using manual navigation, but the EU is treating it as a hostile act and plans to strengthen its defense capabilities to counter such electronic warfare.

For more incidents, click here!

Click to Report

📢 Cyber News

7. China Salt Typhoon Long Global Hacking

A China-linked cyberespionage group, known as Salt Typhoon, has been exploiting known vulnerabilities in routers from companies like Cisco and Ivanti to maintain persistent access to global telecommunication, government, and military networks. This allows Chinese intelligence services to conduct widespread surveillance by monitoring communications and tracking the movements of their targets around the world.

8. Spain Cancels Huawei Contract

The Spanish government has canceled a contract with Telefónica that would have used Huawei equipment to upgrade Spain's national academic and research network, RedIRIS, citing reasons of "digital strategy and strategic autonomy." This reversal came despite an urgent need to improve the network's resilience and capacity, and it aligns with growing concerns from Spain's allies, including the US, about the security risks posed by Chinese telecommunications technology.

9. Ransomware Gang Takedown Fallout

Law enforcement takedowns of major ransomware gangs have caused a splintering of the ransomware ecosystem, leading to an explosion of smaller, new groups. This fragmentation is fueled by affiliates from defunct gangs rebranding and using readily available tools, making it easier for new operations to emerge.

For more news, click here!

Check Events

📈Cyber Stocks

As trading began on Tuesday, September 2, 2025, cybersecurity stocks delivered a mixed performance as markets balanced strong Q2 fundamentals, valuation concerns, and ongoing sector resilience.

Radware (RDWR) closed at $25.24, slipping as investors engaged in profit-taking following its recent upward run and analysts highlighted caution over valuation.
Rapid7 (RPD) ended at $20.71, edging lower as persistent growth concerns and valuation pressure weighed on sentiment despite analyst targets pointing to potential upside.
Check Point Software Technologies (CHKP) settled at $193.14, climbing modestly as investors favored its stable margins, share buyback momentum, and dependable post-earnings record.
SentinelOne (S) finished at $18.86, rising on continued momentum from its Q2 earnings beat and supported by optimism around its AI-driven recurring revenue growth.
CrowdStrike (CRWD) closed at $423.70, declining as cautious reactions to its mixed revenue guidance and valuation pressures outweighed longer-term optimism on platform demand and acquisitions.

💡 Cyber Tip

Update WordPress Paid Membership Subscriptions Plugin

A critical security vulnerability (CVE-2025-49870) has been discovered in the WordPress Paid Membership Subscriptions plugin (versions 2.15.1 and below). This flaw allows attackers to steal data and compromise your site without needing to log in. A patch has been released, and immediate action is required.

✅ What you should do

Log in to your WordPress dashboard.
Navigate to Plugins > Installed Plugins.
Locate the Paid Membership Subscriptions plugin.
Click the "Update now" link to update to version 2.15.2 or higher.
If you don't see an update option, manually download the latest version from the WordPress plugin repository and upload it, or contact your hosting provider for assistance.

🔒 Why this matters

This vulnerability is a type of SQL injection, one of the most dangerous security flaws for websites. It can be exploited by an unauthenticated attacker, meaning anyone can launch the attack without a username or password. By updating your plugin immediately, you are closing this critical security hole and protecting your site and your members' data from potential theft and damage.