10/08/2025-10/15/2025 npm, PyPI, and RubyGems Packages,Critical Vulnerabilities in NetWeaver, Hackers Exploit Auth Bypass in Service Finder WordPress Theme And More.

1. npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Researchers found malicious packages on npm, PyPI and RubyGems that use Discord webhooks as a command-and-control channel to exfiltrate stolen data. Discord webhooks post to channels without authentication and are effectively write-only, so defenders can’t read previous posts from the URL. Examples include npm’s mysql-dumpdiscord (steals config/.env files), nodejs.discord (logs via webhook), PyPI packages malinssx/malicus/maliinn (trigger HTTP calls on pip install), and RubyGems’ sqlcommenter_rails (collects host files like /etc/passwd and sends them to a hard-coded webhook). By abusing free, fast webhooks and hiding in install-time hooks or build scripts, attackers can siphon .env files, API keys, credentials, and host details from developer machines and CI runners before runtime detection. The company also flagged 338 malicious npm packages tied to a North Korean “Contagious Interview” campaign that lures developers with fake job offers and booby-trapped repos, using typosquats to deliver stealers and backdoors like BeaverTail and InvisibleFerret.

2. SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM

SAP released 16 new and updated security notes in its October 2025 Patch Day, including three addressing critical vulnerabilities. The most severe, CVE-2025-42944 (CVSS 10.0), is an insecure deserialization flaw in NetWeaver AS Java. Originally patched in September, the new update adds JVM-wide filters (jdk.serialFilter) to block unsafe class deserialization. Another critical bug, CVE-2025-42937 (CVSS 9.8), is a directory traversal flaw in Print Service that could let unauthenticated attackers overwrite system files. SAP also fixed CVE-2025-42910 (CVSS 9.0), an unrestricted file upload vulnerability in Supplier Relationship Management (SRM) that may allow malware uploads. Two high-severity flaws were addressed in Commerce Cloud (DoS bug, CVE-2025-5115) and Data Hub Integration Suite (misconfiguration flaw, CVE-2025-48913). Ten additional notes fix medium- and low-severity issues across NetWeaver, S/4HANA, and other platforms. No active exploitation has been reported, but SAP urges prompt patching due to known targeting of its software.

3. Hackers Exploit Auth Bypass in Service Finder WordPress Theme

Hackers are actively exploiting a critical flaw (CVE-2025-5947, CVSS 9.8) in the Service Finder WordPress theme that lets them bypass authentication and log in as administrators. The bug, caused by improper validation of the original_user_id cookie in the service_finder_switch_back() function, affects versions 6.0 and earlier. With admin access, attackers can fully control a WordPress site, create accounts, upload PHP files, and export databases. Security firm Wordfence has recorded over 13,800 exploit attempts since August 1, with attack spikes exceeding 1,500 daily in late September. The flaw was discovered by researcher “Foxyyy” and patched by developer Aonetheme in version 6.1, released July 17. Most attacks come from five IPs, though new ones may appear. Administrators should review logs for suspicious activity or new accounts, block the listed IPs, and update immediately, as attackers can erase traces of compromise once they gain admin access.

4. 175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Researchers flagged 175 malicious npm packages (26,000 downloads) used in a phishing campaign dubbed Beamglea, targeting 135+ industrial, tech, and energy firms. The packages act as hosting for redirect scripts served via npm’s registry and unpkg.com CDN rather than executing malware on install. A script named redirect_generator.py programmatically publishes packages like redirect-xxxxxx, injecting victim emails and phishing URLs. Each package provides an HTML file that loads beamglea.js from UNPKG; that JavaScript redirects victims to credential-harvesting pages while pre-filling the email field, boosting success rates. Socket found over 630 such HTML files masquerading as purchase orders, specs, or project docs. Distribution likely relies on phishing emails that prompt recipients to open the crafted HTML. Attackers leverage free, trusted infrastructure (npm + UNPKG) to build resilient, low-cost phishing infrastructure, avoiding detection by not performing malicious actions during package install. The campaign underscores how legitimate platforms can be abused as hosting for targeted credential theft.
 

5. RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing

Chipmaker AMD has released fixes for a security flaw named “RMPocalypse,” which undermines the confidentiality guarantees of its Secure Encrypted Virtualization (SEV-SNP) technology. According to ETH Zürich researchers, the attack exploits incomplete protections, allowing a single malicious write to the Reverse Map Paging (RMP) table—a critical structure storing security metadata for all DRAM pages. The vulnerability (CVE-2025-0033, CVSS score 5.9) is a race condition occurring during the initialization of the RMP by the AMD Secure Processor (ASP/PSP). This permits a malicious hypervisor to manipulate the RMP’s initial content, compromising the memory integrity of SEV-SNP protected virtual machines. A compromised RMP voids all SEV-SNP integrity and confidentiality guarantees, enabling attackers to bypass isolation, forge attestations, and exfiltrate all secrets with a 100% success rate.

Impacted products include multiple AMD EPYC™ 7003, 8004, 9004, and 9005 series processors. While fixes are available for many, some embedded series updates are planned for November 2025. Microsoft and Supermicro are also addressing the flaw in their respective platforms. This incident highlights a critical catch-22 where the security mechanism itself was not fully protected during VM startup.

10/01/2025-10/08/2025 Severe Figma MCP Vulnerability, Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 And More.

1. Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now

Security researchers disclosed a patched command‑injection vulnerability in the figma-developer-mcp Model Context Protocol (MCP) server that could enable remote code execution. Tracked as CVE-2025-53967 (CVSS 7.5), the flaw arises from unsanitized user input: the server directly interpolates client-supplied URLs and headers into shell command strings, allowing shell metacharacter injection. The bug resides in src/utils/fetch-with-retry.ts, which falls back to executing curl via child_process.exec when fetch fails. An attacker on the same network or via DNS rebinding could exploit this by sending crafted Initialize and JSON‑RPC tools/call requests to trigger arbitrary command execution under the server process. Imperva, which reported the issue in July 2025, called it a design oversight. The project fixed the issue in figma-developer-mcp v0.6.3 (released Sept 29, 2025). Recommended mitigations: avoid child_process.exec with untrusted input and use execFile or safer APIs. The incident underscores rising security risks as AI-driven developer tools are adopted.

2. Redis Patches 13-Year-Old Lua Flaw Enabling Remote Code Execution

Redis has disclosed a critical, 13-year-old vulnerability, CVE-2025-49844 (CVSS 10.0), dubbed “RediShell.” Discovered by Wiz Research, this use-after-free flaw in the Lua scripting engine allows an authenticated attacker to send a malicious script. This script can exploit the garbage collector, break out of the Lua sandbox, and achieve remote code execution on the host.

This grants full system control, enabling data theft, ransomware deployment, or lateral movement within cloud environments. All Redis versions with Lua scripting are affected. Redis has patched the flaw in versions 6.2.20, 7.2.11, 7.4.6, 8.0.4, and 8.2.2. As a workaround, restrict EVAL and EVALSHA commands via ACLs. Given Redis’s widespread use, immediate patching is critical, especially for internet-exposed instances.

3. Oracle EBS Under Fire as Cl0p Exploits CVE-2025-61882 in Real-World Attacks

CrowdStrike attributes the exploitation of a critical Oracle E-Business Suite flaw (CVE-2025-61882, CVSS 9.8) to the Cl0p threat actor, first seen on August 9, 2025. The vulnerability allows unauthenticated remote code execution via malicious XSLT templates and SSRF, CRLF, and HTTP connection reuse techniques. Exploits involve sending crafted HTTP requests to Oracle EBS endpoints like /OA_HTML/SyncServlet and /OA_HTML/RF.jsp, triggering reverse shells and web shell deployment for post-exploitation.

A Telegram channel allegedly shared the exploit while criticizing Cl0p, with binaries referencing LAPSUS$, Scattered Spider, and ShinyHunters—dubbed the “Trinity of Chaos.” Experts note the sharing appears unintentional, though it highlights competition among threat groups.

CISA has added CVE-2025-61882 to its Known Exploited Vulnerabilities catalog and urges agencies to patch by October 27, 2025. Researchers warn Cl0p is using the flaw to exfiltrate data and send extortion emails, urging Oracle EBS users to patch immediately and tighten defenses.

4. Malicious PyPI Package Mimics as SOCKS5 Proxy Tool Attacking Windows Platforms

A sophisticated malicious package named “SoopSocks” (XRAY-725599) has been discovered on the Python Package Index (PyPI). Masquerading as a legitimate SOCKS5 proxy tool, it instead deploys a backdoor targeting Windows systems.
The package has evolved through multiple versions to include advanced deployment mechanisms. Its current iteration uses a compiled Go executable (_autorun.exe) that orchestrates a stealthy installation via a hidden PowerShell window, bypassing security controls.

Once executed, the malware copies itself to a system directory and installs itself as a Windows service named SoopSocksSvc for automatic, persistent execution with elevated privileges. It also creates firewall rules to open port 1080 for TCP and UDP communications. This provides attackers with persistent backdoor access and a covert communication channel, posing a severe threat, especially in organizational environments.

09/25/2025-10/01/2025 New Malicious Rust Crates Impersonating fast_log, Fortra GoAnywhere CVSS 10 Flaw, Critical Linux Sudo Flaw And More.

1. Salesforce Patches CRM Data Exfiltration Vulnerability

AI security vendor Noma Labs uncovered a chain of indirect prompt injection flaws in Salesforce’s AI tools, dubbing the attack “ForcedLeak.” Reported July 28 with a CVSS-equivalent score of 9.4, the issue was patched by Sept. 8 in both Agentforce and Einstein. Researchers showed that Salesforce’s Web-to-Lead form, which accepts up to 42,000 characters in its description field, could be abused to inject hidden instructions. These instructed Agentforce agents to exfiltrate sensitive data to attacker-controlled servers. Normally blocked by Salesforce’s Content Security Policy, the exploit worked because Salesforce failed to retain ownership of a whitelisted domain, which Noma re-registered for $5. Salesforce has since re-secured the domain and added stronger URL allowlists to block untrusted links. Experts warn that indirect prompt injections—hidden in external data like emails or forms—are a growing risk for “agentic” AI systems. Security leaders stress that AI assistants must be sandboxed and treated as part of the attack surface.

2. New Malicious Rust Crates Impersonating fast_log to Steal Solana and Ethereum Wallet Keys

In a sophisticated supply chain attack, cybercriminals have targeted cryptocurrency developers using malicious Rust crates. The fraudulent packages, faster_log and async_println, impersonated the legitimate fast_log library and were published on May 25, 2025.

These packages, which accumulated thousands of downloads, maintained functional logging to evade detection while secretly scanning developers’ source files. The malicious code used regular expressions to hunt for and steal Solana and Ethereum private keys. Any discovered credentials were immediately exfiltrated to an attacker-controlled server disguised as legitimate Solana infrastructure.

This attack exploits trust in package repositories, demonstrating how minimal, hidden code modifications can create significant security risks. By maintaining the expected functionality, the malicious crates operated undetected within development environments, successfully stealing sensitive cryptocurrency keys.

3. Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

watchTowr Labs says it has “credible evidence” that CVE-2025-10035 — a deserialization flaw in Fortra GoAnywhere MFT — was exploited in the wild as early as Sept. 10, 2025, a week before public disclosure. The bug can enable unauthenticated command injection via the License Servlet; Fortra released fixes in GoAnywhere 7.8.4 and Sustain 7.6.3.

watchTowr’s analysis and Rapid7’s follow-up describe a chain of issues: a long-known access-control bypass, the unsafe deserialization (CVE-2025-10035), and a remaining mystery allowing attackers to learn a private key. watchTowr shared exploitation evidence showing attackers achieved RCE, created an “admin-go” account, added a web user, and uploaded payloads (including SimpleHelp and an implant named “zato_be.exe”). The activity traced to IP 155.2.190[.]197.

CISA has confirmed active exploitation and mandated fixes for federal agencies by Oct. 20, 2025. watchTowr’s CEO urged Fortra to be more transparent about in-the-wild attacks and the remaining unanswered technical questions.

4. Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024

NVISO Labs says CVE-2025-41244 — a local privilege escalation in Broadcom VMware Tools and VMware Aria Operations — was exploited in the wild by UNC5174 from mid-October 2024. The bug (CVSS 7.8) affects numerous VMware releases, including VMware Cloud Foundation, vSphere, Aria Operations, VMware Tools (11–13.x), and Telco Cloud products. Because it’s a local escalation, an attacker must first obtain access to a VM with VMware Tools and SDMP enabled. NVISO credited Maxime Thiebaut for reporting the issue on May 19, 2025. VMware Tools 12.4.9 (part of 12.5.4) and forthcoming open-vm-tools updates remediate the flaw for affected platforms.

The root cause is a vulnerable get_version() routine that uses broad regex (\S), allowing non-system binaries (e. g., /tmp/httpd) to be treated as system services. An unprivileged user can stage a malicious binary that gets executed with elevated privileges. NVISO observed UNC5174 staging /tmp/httpd to spawn an elevated shell; the exact payloads remain unclear. The report warns other malware may have unintentionally exploited this pattern for years.

5. CISA Warns of Critical Linux Sudo Flaw Exploited in Attacks

Hackers are actively exploiting a critical flaw (CVE-2025-32463) in the sudo package that lets local users gain root privileges on Linux systems. CISA has added it to its KEV catalog and ordered federal agencies to patch or discontinue sudo by October 20, 2025.

The bug, rated 9.3/10 in severity, affects sudo versions 1.9.14–1.9.17. It stems from sudo’s -R (--chroot) option, which attackers can abuse to run arbitrary commands as root even if they’re not in the sudoers file. Researcher Rich Mirch discovered the flaw, noting it impacts default configurations and requires no predefined user rules.
Disclosed June 30, the vulnerability has been present since June 2023. A proof-of-concept exploit was released July 4, and other exploits have since circulated. CISA confirmed active attacks but gave no details. Organizations are urged to prioritize patching and follow KEV guidance to mitigate risk.

6. First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Researchers have uncovered the first known malicious Model Context Protocol (MCP) server, raising new supply chain concerns. Security firm Koi Security found a rogue npm package, “postmark-mcp,” uploaded on Sept. 15, 2025, by developer “phanpak,” who maintains 31 other packages. The fake library mimicked the official Postmark Labs project but introduced a backdoor in version 1.0.16, released Sept. 17.

The backdoor silently BCC’d every email sent via the MCP server to phan@giftshop[.]club, exposing potentially sensitive data such as invoices, password resets, and internal memos. The package was downloaded 1,643 times before its removal.

The attack was “embarrassingly simple — one line of code, thousands of stolen emails.” Snyk warned MCP servers often run with high trust inside AI workflows, making them especially risky targets.

Users are urged to remove the npm package, rotate exposed credentials, and audit email logs. Postmark confirmed the package was unaffiliated and that its services remain secure.