Weekly Cybersecurity Recap - 8 September 2025

Global and Regional Cybersecurity Updates

Cybersecurity Council warns UAE homes over vulnerable smart devices

Nearly three-quarters of smart home devices in the UAE are vulnerable to cyberattacks if not properly secured, the country’s Cybersecurity Council has warned. Connected technologies such as voice assistants, surveillance systems, and automated lighting and cooling units are increasingly being targeted by hackers - particularly when users rely on default settings or neglect basic security measures.

Nigeria partners Kaspersky to address cybercrime

Nigeria’s National Information Technology Development Agency (NITDA) signed a memorandum of understanding (MoU) with Kaspersky Global to strengthen the country’s cybersecurity ecosystem. Kaspersky will support training programs, launch awareness campaigns such as the Cybersecurity Alphabet initiative, and engage in joint research to improve national cyber defense literacy.

Google Fined $379 Million by French Regulator for Cookie Consent Violations

The French CNIL fined Google $379 million (€325 million) and Shein $175 million (€150 million) for violating cookie consent rules. Investigators found both companies placed advertising cookies on user browsers without prior consent. While Shein updated its systems, it plans to appeal the fine.

Emerging Threats and Exploits

Researchers warn of zero-day vulnerability in SiteCore products

Google’s Mandiant team uncovered a zero-day vulnerability in the SiteCore content management system. The exploit involved exposed ASP.NET keys being leveraged for ViewState deserialization, enabling attackers to execute remote code.

Cybercriminals Exploit X's Grok AI to Bypass Ad Protections and Spread Malware to Millions

Cybercriminals have weaponized X’s AI assistant Grok to bypass ad protections and distribute malicious links at scale. The method exploits limitations in X’s promoted ads system, using text, images, and video to slip past controls and attract hundreds of thousands of impressions.

Malicious npm Packages Exploit Ethereum Smart Contracts to Target Crypto Developers

Two malicious npm packages were discovered that exploit Ethereum smart contracts to execute hidden malicious activity. Researchers warned this marks a growing trend where attackers embed malware inside blockchain operations to evade detection.

Critical SAP S/4HANA Vulnerability Under Attack, Patch Now

A code injection vulnerability in SAP S/4HANA (CVE-2025-42957) is now being actively exploited. With a 9.9 CVSS score, the flaw allows attackers with limited privileges to inject ABAP code for full system takeover. Although SAP issued a patch, unpatched systems remain at serious risk.

Hackers Turn Red Team AI Tool Into Citrix Exploit Engine

Threat actors are misusing HexStrike-AI, an open-source offensive security framework, to automate Citrix NetScaler attacks. Originally designed for penetration testing, the tool links LLMs to 150+ security utilities, making exploitation highly efficient.

Market and Industry Insights

Software commands 40% of cybersecurity budgets as gen AI attacks execute in milliseconds

IBM’s latest Cost of a Data Breach Report revealed that software accounts for 40% of cybersecurity spending - outpacing hardware, outsourcing, and personnel costs. The shift reflects how organizations are prioritizing faster defenses against generative AI-driven attacks, which can strike in milliseconds compared to an average 181 days to detect a breach.

More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach

Proofpoint, SpyCloud, Tanium, and Tenable confirmed exposure of Salesforce data in the OAuth token-based breach linked to Salesloft Drift. Google researchers attributed the campaign to threat actor UNC6395, which exported large volumes of customer data from compromised instances.

Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack

Cloudflare reported automatically blocking the largest-ever volumetric DDoS attack, which peaked at 11.5 terabits per second. The short-lived, 35-second attack caused traffic surges designed to overwhelm targets but was contained by Cloudflare’s defenses.