Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On September 9, 2025, SAP released its September 2025 Security Patch Day update with patches for 21 vulnerabilities. The most severe of these, CVE-2025-42944, is a maximum-severity deserialization vulnerability of untrusted Java objects in SAP NetWeaver that resides in the RMI-RP4 module. A remote unauthenticated threat actor can exploit this vulnerability by submitting a malicious payload to an open port to achieve arbitrary OS command execution.

On 19 August 2025, the Arctic Wolf Cybersecurity Operations Center (cSOC) uncovered and remediated a sophisticated delivery chain: a threat actor leveraged GitHub’s repository structure together with paid placements on Google Ads to funnel users toward a malicious download hosted on a lookalike domain. By embedding a commit‑specific link in the advertisement, the attackers made the download appear to originate from an official source, effectively sidestepping typical user scrutiny.

The consequences of a successful cyber attack can be stark. Organizations often face significant financial damage due to lost revenue due to downtime, plus compliance, legal, and regulatory costs, and legal fees arising from potential lawsuits, not to mention reputational damage. These costs can quickly blow the average out of the water, with many organizations facing seven-figure costs to restore their operations and fully remediate a breach. The numbers tell the story.

One can’t discuss the modern state of endpoint security without mentioning a term that has quickly become ubiquitous with security solutions: artificial intelligence (AI). With a constantly evolving threat landscape and many security challenges plaguing organizations (e.g sprawling attack surfaces, monitoring and continuity gaps, alert overload, and limited resources), it’s clear that endpoint security must evolve as well, and the most-promising advancement is AI.

On August 20, 2025, Salesloft published an advisory describing a security issue potentially affecting the Salesloft Drift integration with Salesforce. On August 26, Google Threat Intelligence Group (GTIG) provided additional details about the campaign, in which a threat actor known as UNC6395 authenticated against Salesforce customer instances using compromised OAuth tokens tied to the Salesloft Drift integration with Salesforce.

On August 26, 2025, Citrix released fixes for a critical vulnerability in Citrix NetScaler ADC and Gateway (CVE-2025-7775) that has been exploited on unpatched appliances. The issue stems from a memory overflow flaw that could allow Remote Code Execution (RCE) and/or Denial of Service (DoS) by remote threat actors.