09/25/2025-10/01/2025 New Malicious Rust Crates Impersonating fast_log, Fortra GoAnywhere CVSS 10 Flaw, Critical Linux Sudo Flaw And More.

1. Salesforce Patches CRM Data Exfiltration Vulnerability

AI security vendor Noma Labs uncovered a chain of indirect prompt injection flaws in Salesforce’s AI tools, dubbing the attack “ForcedLeak.” Reported July 28 with a CVSS-equivalent score of 9.4, the issue was patched by Sept. 8 in both Agentforce and Einstein. Researchers showed that Salesforce’s Web-to-Lead form, which accepts up to 42,000 characters in its description field, could be abused to inject hidden instructions. These instructed Agentforce agents to exfiltrate sensitive data to attacker-controlled servers. Normally blocked by Salesforce’s Content Security Policy, the exploit worked because Salesforce failed to retain ownership of a whitelisted domain, which Noma re-registered for $5. Salesforce has since re-secured the domain and added stronger URL allowlists to block untrusted links. Experts warn that indirect prompt injections—hidden in external data like emails or forms—are a growing risk for “agentic” AI systems. Security leaders stress that AI assistants must be sandboxed and treated as part of the attack surface.

2. New Malicious Rust Crates Impersonating fast_log to Steal Solana and Ethereum Wallet Keys

In a sophisticated supply chain attack, cybercriminals have targeted cryptocurrency developers using malicious Rust crates. The fraudulent packages, faster_log and async_println, impersonated the legitimate fast_log library and were published on May 25, 2025.

These packages, which accumulated thousands of downloads, maintained functional logging to evade detection while secretly scanning developers’ source files. The malicious code used regular expressions to hunt for and steal Solana and Ethereum private keys. Any discovered credentials were immediately exfiltrated to an attacker-controlled server disguised as legitimate Solana infrastructure.

This attack exploits trust in package repositories, demonstrating how minimal, hidden code modifications can create significant security risks. By maintaining the expected functionality, the malicious crates operated undetected within development environments, successfully stealing sensitive cryptocurrency keys.

3. Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

watchTowr Labs says it has “credible evidence” that CVE-2025-10035 — a deserialization flaw in Fortra GoAnywhere MFT — was exploited in the wild as early as Sept. 10, 2025, a week before public disclosure. The bug can enable unauthenticated command injection via the License Servlet; Fortra released fixes in GoAnywhere 7.8.4 and Sustain 7.6.3.

watchTowr’s analysis and Rapid7’s follow-up describe a chain of issues: a long-known access-control bypass, the unsafe deserialization (CVE-2025-10035), and a remaining mystery allowing attackers to learn a private key. watchTowr shared exploitation evidence showing attackers achieved RCE, created an “admin-go” account, added a web user, and uploaded payloads (including SimpleHelp and an implant named “zato_be.exe”). The activity traced to IP 155.2.190[.]197.

CISA has confirmed active exploitation and mandated fixes for federal agencies by Oct. 20, 2025. watchTowr’s CEO urged Fortra to be more transparent about in-the-wild attacks and the remaining unanswered technical questions.

4. Urgent: China-Linked Hackers Exploit New VMware Zero-Day Since October 2024

NVISO Labs says CVE-2025-41244 — a local privilege escalation in Broadcom VMware Tools and VMware Aria Operations — was exploited in the wild by UNC5174 from mid-October 2024. The bug (CVSS 7.8) affects numerous VMware releases, including VMware Cloud Foundation, vSphere, Aria Operations, VMware Tools (11–13.x), and Telco Cloud products. Because it’s a local escalation, an attacker must first obtain access to a VM with VMware Tools and SDMP enabled. NVISO credited Maxime Thiebaut for reporting the issue on May 19, 2025. VMware Tools 12.4.9 (part of 12.5.4) and forthcoming open-vm-tools updates remediate the flaw for affected platforms.

The root cause is a vulnerable get_version() routine that uses broad regex (\S), allowing non-system binaries (e. g., /tmp/httpd) to be treated as system services. An unprivileged user can stage a malicious binary that gets executed with elevated privileges. NVISO observed UNC5174 staging /tmp/httpd to spawn an elevated shell; the exact payloads remain unclear. The report warns other malware may have unintentionally exploited this pattern for years.

5. CISA Warns of Critical Linux Sudo Flaw Exploited in Attacks

Hackers are actively exploiting a critical flaw (CVE-2025-32463) in the sudo package that lets local users gain root privileges on Linux systems. CISA has added it to its KEV catalog and ordered federal agencies to patch or discontinue sudo by October 20, 2025.

The bug, rated 9.3/10 in severity, affects sudo versions 1.9.14–1.9.17. It stems from sudo’s -R (--chroot) option, which attackers can abuse to run arbitrary commands as root even if they’re not in the sudoers file. Researcher Rich Mirch discovered the flaw, noting it impacts default configurations and requires no predefined user rules.
Disclosed June 30, the vulnerability has been present since June 2023. A proof-of-concept exploit was released July 4, and other exploits have since circulated. CISA confirmed active attacks but gave no details. Organizations are urged to prioritize patching and follow KEV guidance to mitigate risk.

6. First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Researchers have uncovered the first known malicious Model Context Protocol (MCP) server, raising new supply chain concerns. Security firm Koi Security found a rogue npm package, “postmark-mcp,” uploaded on Sept. 15, 2025, by developer “phanpak,” who maintains 31 other packages. The fake library mimicked the official Postmark Labs project but introduced a backdoor in version 1.0.16, released Sept. 17.

The backdoor silently BCC’d every email sent via the MCP server to phan@giftshop[.]club, exposing potentially sensitive data such as invoices, password resets, and internal memos. The package was downloaded 1,643 times before its removal.

The attack was “embarrassingly simple — one line of code, thousands of stolen emails.” Snyk warned MCP servers often run with high trust inside AI workflows, making them especially risky targets.

Users are urged to remove the npm package, rotate exposed credentials, and audit email logs. Postmark confirmed the package was unaffiliated and that its services remain secure.

09/17/2025-09/24/2025 Typosquatted Malicious PyPI Packages, Ivanti Software Flaws, Misconfigured AWS Docker Containers And More.

1. Beware of Typosquatted Malicious PyPI Packages That Delivers SilentSync RAT

Python developers are increasingly targeted by typosquatted packages on PyPI, where malicious actors create near-identical copies of legitimate libraries to distribute malware. In July 2025, researchers discovered the package termncolor, signaling a broader campaign. By early August, Zscaler identified two more malicious packages, sisaws and secmeasure, both linked to the same author and delivering a new Remote Access Trojan (RAT) called SilentSync.

Sisaws mimics the legitimate sisa package demonstrating the attackers’ careful social engineering. SilentSync is a sophisticated cross-platform RAT with persistence mechanisms on Windows (registry entry), Linux (crontab), and macOS (launch agent), comprehensive data exfiltration, and C2 communication over HTTP. It targets Chromium-based browsers and Firefox, harvesting history, cookies, autofill data, and credentials, while erasing traces to evade detection. These attacks highlight the evolving supply chain threats within trusted open-source ecosystems.

2. CISA Flags Some More Serious Ivanti Software Flaws, So Patch Now

CISA warns that attackers chained CVE-2025-4427 and CVE-2025-4428 to breach Ivanti EPMM systems. Both flaws affect Ivanti Endpoint Manager Mobile (EPMM), with the first allowing API authentication bypass (severity 7.5/10) and the second enabling unauthenticated Remote Code Execution (RCE, severity 8.8/10). Both were patched in May 2025.

Attackers used the two vulnerabilities together to deploy malware in two stages. One set injects a malicious listener into Apache Tomcat to intercept HTTP requests and execute Java code. The other processes encoded password parameters similarly. Both were delivered via Java Expression Language (EL) injection over HTTP GET requests. Payloads were Base64-encoded, written in parts to temporary directories, and reconstructed to evade detection.

CISA did not confirm attribution. Reports cited by The Register suggest a possible Chinese actor targeting an Australian entity, but official details on threat actors or victims remain unclear.

3. Fortra Releases Critical Patch for CVSS 10.0 GoAnywhere MFT Vulnerability

Fortra has disclosed a critical flaw in GoAnywhere Managed File Transfer (MFT) software, CVE-2025-10035, with a maximum CVSS score of 10.0. The vulnerability is a deserialization issue in the License Servlet that allows attackers with a forged license signature to deserialize arbitrary objects, potentially leading to command injection. Exploitation requires the system to be publicly accessible. Fortra advises updating to version 7.8.4 or the Sustain Release 7.6.3, or restricting public access to the Admin Console if immediate patching isn’t possible. While no in-the-wild attacks have been reported, previous GoAnywhere vulnerabilities, including CVE-2023-0669 (CVSS 7.2) and CVE-2024-0204 (CVSS 9.8), were exploited by ransomware groups to steal data or create admin users.

Ryan Dewhurst of watchTowr notes the new flaw impacts the same license code path as the earlier widely exploited CVE-2023-0669, suggesting high likelihood of future attacks. Organizations with internet-facing GoAnywhere instances should patch immediately and restrict external access.

4. SolarWinds Releases Third Patch to Fix Web Help Desk RCE Bug

SolarWinds has released a hotfix for a critical Web Help Desk (WHD) vulnerability, CVE-2025-26399, which allows unauthenticated remote code execution. This marks the third attempt to address an older flaw, CVE-2024-28986, affecting WHD 12.8.3 and earlier versions. The issue impacts WHD 12.8.7 and arises from unsafe deserialization in the AjaxProxy component. Successful exploitation lets attackers run commands on the host machine.

SolarWinds notes that CVE-2025-26399 is a patch bypass of previous flaws, creating a chain of vulnerabilities. The original CVE-2024-28986 was flagged by CISA in the Known Exploited Vulnerabilities catalog. The new flaw was reported via Trend Micro’s Zero Day Initiative (ZDI), and no in-the-wild exploitation has been observed yet.

The hotfix requires updating to WHD 12.8.7, replacing key JAR files in the /lib directory, and restarting the service. Organizations are advised to apply the update immediately to prevent potential attacks.

5. GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security

GitHub announced upcoming changes to authentication and publishing to counter recent npm supply chain attacks, including the Shai-Hulud incident. Measures include local publishing with mandatory 2FA, short-lived seven-day granular tokens, and trusted publishing via OpenID Connect (OIDC), which eliminates npm tokens and adds cryptographic proof for each publish. The npm CLI will also generate provenance attestations, allowing users to verify the source and build environment. GitHub plans to deprecate legacy tokens, migrate users from TOTP to FIDO-based 2FA, shorten token lifetimes, enforce 2FA for local publishing, and expand trusted publishing providers. These changes follow Shai-Hulud, a self-replicating npm worm that harvested secrets, and a malicious package fezbox, which used QR codes to steal browser credentials. Both incidents highlight evolving supply chain threats and sophisticated obfuscation techniques.

GitHub’s update aligns with broader ecosystem efforts, including NuGet and RubyGems, to improve supply chain security and enforce stricter administrative and publishing controls.

6. ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

Researchers have disclosed the ShadowV2 botnet, a “DDoS-for-hire” platform targeting misconfigured Docker containers on AWS. ShadowV2 deploys Go-based malware to co-opt infected systems as attack nodes and uses a Python-based command-and-control (C2) framework hosted on GitHub Codespaces.

The botnet leverages advanced techniques, including HTTP/2 Rapid Reset attacks, Cloudflare Under Attack Mode bypass, and large-scale HTTP floods. It spreads via Docker by creating temporary Ubuntu containers, installing tools, and executing a Go ELF binary that communicates with a C2 server for commands. Operators can manage users, configure attacks, and control targets through a structured API and web interface.

ShadowV2 demonstrates the growing sophistication of cybercrime-as-a-service, combining containerization, modular RAT functionality, and an operator-friendly interface. The disclosure coincides with other large-scale DDoS activity, including Cloudflare’s mitigation of attacks exceeding 22 Tbps, and highlights ongoing threats from botnets like AISURU, which targets routers and cameras worldwide for DDoS and proxy functionality.

09/10/2025-09/17/2025 Chaos Mesh Critical GraphQL Flaws, New FileFix Phishing Variant Deploys StealC Malware, Self-Replicating Worm Hits 180+ npm Packages And More.

1. Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Cybersecurity researchers have disclosed multiple critical flaws in Chaos Mesh that could allow attackers to take over Kubernetes clusters. An attacker with minimal in-cluster network access could exploit these vulnerabilities to run fault injections (e. g., shutting down pods, disrupting networks) and steal privileged tokens for further malicious activity.

Chaos Mesh is an open-source chaos engineering platform that simulates system failures during development. The vulnerabilities, dubbed Chaotic Deputy, include:

• ● CVE-2025-59358 (7.5): Exposes an unauthenticated GraphQL debug server, enabling cluster-wide denial-of-service.
• ● CVE-2025-59359, CVE-2025-59360, CVE-2025-59361 (all 9.8): Command injection flaws in key mutations.

An attacker could chain these bugs for remote code execution, even under default settings. JFrog attributed the issues to weak authentication in the Controller Manager. The flaws were patched in Chaos Mesh v2.7.3 (released August 21, 2025). Users are urged to upgrade immediately or restrict network access if patching is delayed.

2. New FileFix Phishing Variant Deploys StealC Malware via Steganography

A new variant of the FileFix phishing tactic has emerged, delivering the StealC infostealer through multilingual phishing sites that impersonate Meta account suspension warnings. First observed in June 2025, the campaign uses Bitbucket-hosted images with steganography to hide payloads, tricking victims into copying malicious commands into Windows File Explorer’s address bar. This launches PowerShell scripts that bypass antivirus tools and install StealC, which steals credentials, browser data, and cryptocurrency wallets.

Unlike traditional phishing with attachments, this approach leverages social engineering and a patched Windows flaw (CVE-2025-24071), though many systems remain unprotected. Analysts note refinements like obfuscated JavaScript and dynamic payloads, with detections spiking globally across North America, Europe, and Asia.

Security firms warn the campaign’s stealth makes it harder to detect, echoing earlier FileFix-linked RAT attacks. Experts urge enterprises to patch systems, enable advanced threat protection, and monitor clipboard activity to counter this evolving malware delivery method.

3. Self-Replicating Worm Hits 180+ npm Packages to Steal Credentials in Latest Supply Chain Attack

Researchers have uncovered a major software supply chain attack on the npm registry, affecting more than 500 packages across multiple maintainers.  Dubbed the Shai-Hulud attack, the campaign trojanizes packages by injecting a malicious script (“bundle.js”) that installs TruffleHog to scan developer machines for secrets (e. g., GITHUB_TOKEN, NPM_TOKEN, AWS keys). Stolen credentials are exfiltrated to attacker-controlled servers and abused to create GitHub Actions workflows for persistence. The malware targets both Windows and Linux and spreads automatically by republishing infected packages, making it function like a self-propagating worm.
Notably impacted are packages maintained under @ctrl, @nativescript-community, and @crowdstrike. CrowdStrike confirmed malicious packages were published but said its Falcon platform is unaffected. Researchers warn the worm’s cascading compromise could spread widely given npm’s interdependencies. Developers are urged to audit environments, rotate tokens, and upgrade packages immediately.
The campaign follows last month’s s1ngularity attack, with experts calling it one of the most severe JavaScript supply chain incidents to date.

4. Critical CVE-2025-5086 Flaw in DELMIA Apriso Actively Exploited, CISA Warns

A critical flaw in Dassault Systèmes’ DELMIA Apriso (CVE-2025-5086, CVSS 9.0) is being actively exploited, according to CISA, which added it to its Known Exploited Vulnerabilities list on September 12, 2025. The bug stems from deserialization of untrusted data, enabling remote code execution.

DELMIA Apriso is a core Manufacturing Operations Management (MOM) platform used in automotive, aerospace, and consumer goods. Versions from 2020–2025 are vulnerable, exposing factories to production halts, data theft, or sabotage. Federal agencies must patch by October 2, but private firms face no mandate despite escalating risks.

Exploits observed in the wild inject payloads for ransomware or espionage, leveraging Apriso’s integration with physical machinery. Dassault has issued fixes, but patching in industrial settings is difficult due to downtime costs and legacy systems.
Experts urge immediate updates, network segmentation, and zero-trust strategies, warning that delays could trigger global supply chain disruptions and long-term industrial security fallout.