RECENT THREAT INTEL ALERTS
SAP Vulnerability Exploited in the Wild
A severe code injection vulnerability (CVE‑2025‑42957) in SAP S/4HANA is actively being exploited by attackers to breach exposed servers via a weak ABAP function, allowing low-privileged users to take full control. The vulnerability was patched in August, but many systems remain unpatched and at risk. Researchers confirmed that exploiting the flaw is straightforward because ABAP code can be reverse-engineered easily. Threats include data theft, manipulation, unauthorized account creation, privilege escalation, and deployment of ransomware or other malware. Administrators are urged to apply the August updates immediately, especially across multiple affected SAP modules, including on-premise and cloud editions.
Hackers Using AI Tools in Their Attacks
Attackers have begun leveraging HexStrike‑AI, an AI-powered offensive framework, to accelerate exploitation of newly disclosed Citrix NetScaler vulnerabilities. This tool automates the entire attack chain—from scanning for vulnerable devices to executing payloads and maintaining persistence. Despite being a legitimate red-team toolkit, its availability has enabled threat actors to weaponize Citrix flaws within hours of disclosure. Researchers report that thousands of NetScaler devices remain vulnerable, with rapid exploitation shrinking the available patching window for defenders. The rise of AI-driven attack automation underscores an increased urgency for rapid detection, threat intelligence, and adaptive defense strategies.
TP-Link Vulnerabilities Exploited in Attacks
A zero-day buffer overflow flaw has been discovered in TP-Link routers related to CWMP (CPE WAN Management Protocol), enabling remote code execution via oversized SOAP payloads. Although TP-Link has developed a patch for European models, firmware updates for US and other regions are still pending. CISA has also flagged additional exploited TP-Link vulnerabilities that attackers are chaining to compromise devices. Until patches are available, users should change default passwords, disable CWMP if not in use, and isolate routers from critical networks. The issue highlights the ongoing risk of router-targeted attacks stemming from unpatched firmware and exposed devices.
Browser-Based Attacks to Look Out for in 2025
The browser continues to be the primary attack vector as enterprise applications and data increasingly reside in the cloud. Modern threats include multi-channel phishing, session hijacking via proxy kits, and sophisticated obfuscation methods that defeat traditional email and network defenses. Attackers now deliver payloads through varied channels like IM apps, in-app messaging, ads, and SMS, often bypassing email filters entirely. These threats exploit weaknesses in browser visibility—without real-time page analysis, organizations can't detect or block advanced phishing or exploit delivery. Security teams must focus on enhancing browser-level detection, real-time visibility, and adaptive response mechanisms to stay ahead of evolving threats.
Cloudflare Protects Against Largest Ever DDoS Attack
Cloudflare successfully mitigated the largest DDoS attack in history, peaking at an astonishing 11.5 terabits per second and lasting just 35 seconds, without any service disruption. The attack—originating from a mix of misused cloud infrastructure and compromised IoT devices—was absorbed entirely by Cloudflare's defense systems. This incident follows previous ultra-high-volume attacks, signaling a sustained escalation in DDoS capabilities. While such mammoth bandwidths grab headlines, experts stress that resilience depends less on size and more on continuous protection, multi-vector handling, and customer uptime. The feat showcases the importance of scalable, automated defense systems in preserving digital service availability.
Bridgestone Confirms Cyberattack Affecting Manufacturing
Bridgestone Americas has confirmed a cyberattack at select North American manufacturing facilities, triggering investigations and response efforts. Company officials believe the incident was contained early, preventing customer data exposure and deep network infiltration. Though the root cause is not yet disclosed, operations in South Carolina and Quebec were reportedly impacted. Bridgestone emphasized ongoing efforts to maintain supply continuity and protect interfaces throughout the incident response. No ransomware group has claimed responsibility, but the event highlights the vital need for robust cyber resiliency in manufacturing.
