SAP S/4HANA Critical Vulnerability CVE-2025-42957 Under Active Exploitation

A newly discovered critical vulnerability in SAP S/4HANA, the widely used enterprise resource planning (ERP) platform, is now being actively exploited by threat actors in the wild. The flaw, identified as CVE-2025-42957, allows attackers to execute arbitrary commands on affected systems, potentially compromising sensitive corporate data and operational workflows. Security teams are urging immediate patching and monitoring of SAP environments, as the vulnerability’s exploitation has already been reported in targeted attacks.

Key Takeaway: Organizations running SAP S/4HANA must apply vendor patches immediately, review user privileges, and monitor unusual command executions to mitigate risk.

Automation Is Transforming Pentest Delivery

Penetration testing remains a cornerstone of cybersecurity, helping organizations uncover vulnerabilities before adversaries can exploit them. However, traditional pentest reporting often lags behind evolving threat landscapes, leaving organizations with outdated insights. Automation is now redefining how pentests are delivered, offering faster, more actionable results without sacrificing accuracy. Modern tools can automatically detect critical vulnerabilities, generate real-time dashboards, and even suggest remediation steps, streamlining both testing and response.

Impact: Faster pentest cycles mean organizations can proactively address security gaps, reducing the window of exposure to attackers.

Transparent Containerized Dev Environments: Secure, Consistent, and Open Source

Containerized development environments are changing the game for software teams, ensuring consistency, security, and scalability. By standardizing environments across development, testing, and production, organizations can eliminate configuration drift, reduce onboarding times, and strengthen supply chain security. ActiveState’s open-source approach emphasizes transparency and reproducibility, offering a security-first framework without vendor lock-in.

Why it matters: Developers gain confidence that their code runs identically in all environments, reducing unexpected bugs and security risks.

VirusTotal Flags 44 Undetected SVG Files Used in Phishing Attacks

A new malware campaign has exploited Scalable Vector Graphics (SVG) files to deliver base64-encoded phishing pages. These files impersonate the Colombian judicial system, tricking victims into exposing sensitive information. VirusTotal’s analysis revealed 44 previously undetected SVG files, highlighting an evolving trend in malware obfuscation. Security teams are encouraged to inspect all SVG content, block suspicious attachments, and educate users on phishing tactics.

Bottom Line: Even seemingly harmless file formats can be weaponized. Vigilance is critical.

Russian APT28 Deploys “NotDoor” Outlook Backdoor

APT28, a Russian state-sponsored threat group, has been linked to a new Outlook-targeting backdoor dubbed NotDoor. The malware specifically targets companies in NATO countries, infiltrating email systems to exfiltrate sensitive data and maintain persistent access. Analysts note that NotDoor leverages sophisticated evasion techniques, making detection challenging.

Key Advice: Organizations using Microsoft Outlook should enforce multi-factor authentication, monitor unusual outbound traffic, and keep email clients fully patched.

GhostRedirector Breaches 65 Windows Servers Using Rungan Backdoor

A previously unknown threat cluster named GhostRedirector has compromised at least 65 Windows servers, mainly in Brazil, Thailand, and Vietnam. Attackers deployed the Rungan backdoor alongside the Gamshen IIS module to maintain control over affected systems, often leveraging unpatched server vulnerabilities. Experts emphasize the need for comprehensive server monitoring and timely updates to prevent further intrusions.

Security Takeaway: GhostRedirector demonstrates how overlooked Windows servers can become prime targets for multi-stage attacks.

Cybercriminals Exploit X’s Grok AI to Spread Malware

Researchers have identified a new technique where cybercriminals are bypassing social media platform X’s ad protection mechanisms using its AI tool, Grok AI, to propagate malicious links. This method allows malware to reach millions of users via seemingly legitimate posts and ads, emphasizing the growing intersection between AI and cybercrime.

Precaution: Users should scrutinize links even on trusted platforms and platforms must enhance AI monitoring to detect malicious misuse.

Simple Steps for Attack Surface Reduction

Cybersecurity leaders are under increasing pressure to prevent attacks before they occur. According to Yuriy Tsibere, one of the most effective defenses begins with attack surface reduction—optimizing system configurations and enforcing least-privilege policies from day one. By proactively minimizing exposure, organizations can significantly reduce the risk of successful cyberattacks.

Actionable Tip: Focus on secure default settings, rigorous access controls, and continuous monitoring to maintain a hardened environment.

Summary: This week’s tech and security landscape highlights the importance of proactive measures—from patching ERP vulnerabilities and hardening containerized environments to leveraging automation and AI responsibly. Staying ahead of evolving threats is no longer optional; it’s essential.