A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.———————————————————————————————————————————————————–Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.[Qantas cuts executive bonuses by 15% after a July data breach](https://securityaffairs.com/181954/data-breach/qantas-cuts-executive-bonuses-by-15-after-a-july-data-breach.html) [MeetC2 — A serverless C2 framework that leverages Google Calendar APIs as a communication channel](https://securityaffairs.com/181940/security/meetc2-a-serverless-c2-framework-that-leverages-google-calendar-apis-as-a-communication-channel.html) [Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation](https://securityaffairs.com/181930/hacking/critical-sap-s-4hana-flaw-cve-2025-42957-under-active-exploitation.html) [U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/181924/breaking-news/u-s-cisa-adds-sitecore-android-and-linux-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [SVG files used in hidden malware campaign impersonating Colombian authorities](https://securityaffairs.com/181917/malware/svg-files-used-in-hidden-malware-campaign-impersonating-colombian-authorities.html) [France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules](https://securityaffairs.com/181911/laws-and-regulations/frances-cnil-fined-google-379m-and-shein-175m-for-breaching-cookie-rules.html) [$10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure](https://securityaffairs.com/181904/cyber-warfare-2/10m-reward-for-russias-fsb-officers-accused-of-hacking-us-critical-infrastructure.html) [Severe Hikvision HikCentral product flaws: What You Need to Know](https://securityaffairs.com/181896/hacking/severe-hikvision-hikcentral-product-flaws-what-you-need-to-know.html) [U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/181886/hacking/u-s-cisa-adds-tp-link-archer-c7eu-and-tl-wr841n-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Crooks turn HexStrike AI into a weapon for fresh vulnerabilities](https://securityaffairs.com/181878/cyber-crime/crooks-turn-hexstrike-ai-into-a-weapon-for-fresh-vulnerabilities.html) [Google addressed two Android flaws actively exploited in targeted attacks](https://securityaffairs.com/181871/security/google-addressed-two-android-flaws-actively-exploited-in-targeted-attacks.html) [U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog](https://securityaffairs.com/181863/hacking/u-s-cisa-adds-whatsapp-and-tp-link-flaws-to-its-known-exploited-vulnerabilities-catalog.html) [Android droppers evolved into versatile tools to spread malware](https://securityaffairs.com/181849/malware/android-droppers-evolved-into-versatile-tools-to-spread-malware.html) [Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft](https://securityaffairs.com/181838/hacking/jaguar-land-rover-shuts-down-systems-after-cyberattack-no-evidence-of-customer-data-theft.html) [Cloudflare blocked a record 11.5 Tbps DDoS attack](https://securityaffairs.com/181829/cyber-crime/cloudflare-blocked-a-record-11-5-tbps-ddos-attack.html) [Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident](https://securityaffairs.com/181819/data-breach/palo-alto-networks-disclosed-a-data-breach-linked-to-salesloft-drift-incident.html) [Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely](https://securityaffairs.com/181808/cyber-warfare-2/von-der-leyens-plane-hit-by-suspected-russian-gps-jamming-in-bulgaria-landed-safely.html) [Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info](https://securityaffairs.com/181801/data-breach/supply-chain-attack-hits-zscaler-via-salesloft-drift-leaking-customer-info.html) [Crooks exploit Meta malvertising to target Android users with Brokewell](https://securityaffairs.com/181789/malware/crooks-exploit-meta-malvertising-to-target-android-users-with-brokewell.html) [North Korea’s APT37 deploys RokRAT in new phishing campaign against academics](https://securityaffairs.com/181782/apt/north-koreas-apt37-deploys-rokrat-in-new-phishing-campaign-against-academics.html) [Fraudster stole over $1.5 million from city of Baltimore](https://securityaffairs.com/181772/cyber-crime/fraudster-stole-over-1-5-million-from-city-of-baltimore.html) [Amazon blocks APT29 campaign targeting Microsoft device code authentication](https://securityaffairs.com/181747/apt/amazon-blocks-apt29-campaign-targeting-microsoft-device-code-authentication.html)**International Press — Newsletter****Cybercrime**[Scammer steals $1.5 million from Baltimore by spoofing city vendor](https://therecord.media/scammer-steals-baltimore-city-impersonation-vendor)[Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide](https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide) [](https://www.securityweek.com/help-desk-at-risk-scattered-spider-shines-light-on-overlook-threat-vector/)[Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector](https://www.securityweek.com/help-desk-at-risk-scattered-spider-shines-light-on-overlook-threat-vector/)[The Ongoing Fallout from a Breach at AI Chatbot Maker Salesloft](https://krebsonsecurity.com/2025/09/the-ongoing-fallout-from-a-breach-at-ai-chatbot-maker-salesloft/)[Hackers Issue Ultimatum to Google After Data Breach Warning](https://www.newsweek.com/hackers-issue-ultimatum-data-breach-2122489)[Cybercriminals Exploit X’s Grok AI to Bypass Ad Protections and Spread Malware to Millions](https://thehackernews.com/2025/09/cybercriminals-exploit-xs-grok-ai-to.html)**Malware**[MystRodX: The Covert Dual-Mode Backdoor Threat](https://blog.xlab.qianxin.com/mystrodx_covert_dual-mode_backdoor_en/)[Ethereum smart contracts used to push malicious code on npm](https://www.reversinglabs.com/blog/ethereum-contracts-malicious-code)[Uncovering a Colombian Malware Campaign with AI Code Analysis](https://blog.virustotal.com/2025/09/uncovering-colombian-malware-campaign.html)[An MDR Analysis of the AMOS Stealer Campaign Targeting macOS via ‘Cracked’ Apps](https://www.trendmicro.com/en_us/research/25/i/an-mdr-analysis-of-the-amos-stealer-campaign.html)**Hacking**[Threat Brief: Salesloft Drift Integration Used To Compromise Salesforce Instances](https://unit42.paloaltonetworks.com/threat-brief-compromised-salesforce-instances/)[Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack](https://www.securityweek.com/cloudflare-blocks-record-11-5-tbps-ddos-attack/)[Introduction to OPSEC (Part 2)](https://www.hacktivesecurity.com/blog/2025/09/02/introduction-to-opsec-part-2/)[Hexstrike-AI: When LLMs Meet Zero-Day Exploitation](https://blog.checkpoint.com/executive-insights/hexstrike-ai-when-llms-meet-zero-day-exploitation/)[Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver — CVE-2025-53149](https://www.crowdfense.com/cve-2025-53149-windows-ksthunk-heap-overflow/)[Critical SAP S/4HANA code injection vulnerability (CVE-2025-42957) exploited in the wild — patch immediately](https://securitybridge.com/blog/critical-sap-s-4hana-code-injection-vulnerability-cve-2025-42957/)**Intelligence and Information Warfare**[The Trap of Troubleshooting: Analysis of Lazarus (APT-Q-1)’s Recent Attacks Using ClickFix](https://mp.weixin.qq.com/s?__biz=MzI2MDc2MDA4OA==&mid=2247515797&idx=1&sn=63eb2627f65397d704d187273c6cdce4&chksm=ea6649e2dd11c0f497ca57cf52676a9a764f28e587017e14fc850034ca8518c9f4ef46219824)[Operation HanKook Phantom: North Korean APT37 targeting South Korea](https://www.seqrite.com/blog/operation-hankook-phantom-north-korean-apt37-targeting-south-korea/)[Ursula von der Leyen’s plane hit by suspected Russian GPS interference](https://www.ft.com/content/3c330f87-71c4-4db9-8259-f5c132c1f0d3)[Inside Palantir: The Secretive Tech Company Helping the US Government Build a Massive Web of Surveillance](https://www.zmescience.com/future/inside-palantir-the-secretive-tech-company-helping-the-us-government-build-a-massive-web-of-surveillance/)[Three Lazarus RATs coming for your cheese](https://blog.fox-it.com/2025/09/01/three-lazarus-rats-coming-for-your-cheese/)[CTI Analysis: Malicious Email Campaign](https://dreamgroup.com/blog-cti/)[US Offers $10 Million for Three Russian Energy Firm Hackers](https://www.securityweek.com/us-offers-10-million-for-three-russian-energy-firm-hackers/)[Analyzing NotDoor: Inside APT28’s Expanding Arsenal](https://lab52.io/blog/analyzing-notdoor-inside-apt28s-expanding-arsenal/)[Analysis of APT-C-53 (Gamaredon) attacks against Ukrainian government departments](https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247507351&idx=1&sn=0b8c9e5b3ff9d7b6551b3a69c151f7e0&chksm=f9c1ee9eceb66788c94178eec69e10142c58dc7721874f9e4d3120d7ea952faa230221a6e2cc)[Contagious Interview -| North Korean Threat Actors Reveal Plans and Ops by Abusing Cyber Intel Platforms](https://www.sentinelone.com/labs/contagious-interview-threat-actors-scout-cyber-intel-platforms-reveal-plans-and-ops/)[A Playbook for Winning the Cyber War Part 2: Evaluating Russia’s Cyber Strategy](https://csis-website-prod.s3.amazonaws.com/s3fs-public/2025-09/250903_Dickson_Playbook_Russia.pdf?VersionId=6RPe2gNRM05DWfEZqmvcyyukhE28aVbk)**Cybersecurity**[Elon Musk Sues Ex-xAI Techie For Uploading Grok’s Codebase To OpenAI; Internet Erupts In Hilarious Memes](https://in.mashable.com/tech/99215/elon-musk-sues-ex-xai-techie-for-uploading-groks-codebase-to-openai-internet-erupts-in-hilarious-mem)[Scientists Created an Entire Social Network Where Every User Is a Bot, and Something Wild Happened](https://futurism.com/social-network-ai-intervention-echo-chamber)[Salesloft Drift Supply Chain Incident: Key Details and Zscaler’s Response](https://www.zscaler.com/blogs/company-news/salesloft-drift-supply-chain-incident-key-details-and-zscaler-s-response)[Securing EU (Cyber)Space: New Cyber Requirements in the EU Space Act](https://accesspartnership.com/opinion/securing-cyberspace-new-cyber-requirements-eu-space-act/)[Salesforce-Connected Third-Party Drift Application Incident Response](https://www.paloaltonetworks.com/blog/2025/09/salesforce-third-party-application-incident-response/)[Jaguar Land Rover says cyberattack ‘severely disrupted’ production](https://www.bleepingcomputer.com/news/security/jaguar-land-rover-says-cyberattack-severely-disrupted-production/)[Cookie regulation: the CNIL is continuing the action plan initiated in 2019 and has imposed two fines on SHEIN and GOOGLE](https://www.cnil.fr/en/cookie-regulation-cnil-continuing-action-plan-initiated-2019-and-has-imposed-two-fines-shein-and)[Qantas penalizes executives for July cyberattack](https://therecord.media/qantas-airline-reduces-bonuses-executives-data-breach)Follow me on Twitter: [@securityaffairs](https://twitter.com/securityaffairs) and [Facebook](https://www.facebook.com/sec.affairs) and [Mastodon](https://infosec.exchange/@securityaffairs)[Pierluigi Paganini](http://www.linkedin.com/pub/pierluigi-paganini/b/742/559)([SecurityAffairs](http://securityaffairs.co/wordpress/) — hacking, newsletter)
Related Tags:
CVE-2025-42957
Storm-0875
Octo Tempest
Midnight Blizzard
NAICS: 54 – Professional
Scientific
Technical Services
NAICS: 517 – Telecommunications
NAICS: 336 – Transportation Equipment Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 52 – Finance And Insurance
Associated Indicators: