Top 5 Cybersecurity News Stories September 05, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. SAP S/4HANA Critical Vulnerability CVE-2025-42957 Exploited in the Wild

A critical command injection flaw (CVE-2025-42957, CVSS 9.9) in SAP S/4HANA is under active exploitation. An RFC-exposed function module lets low-privileged users inject ABAP code and bypass authorization checks, enabling full compromise. Attackers could modify databases, create SAP_ALL superusers, dump password hashes, and disrupt business processes.

SecurityBridge observed exploitation affecting on-prem and Private Cloud deployments and warned that reversing the patch to craft exploits is relatively easy. Organizations should immediately apply SAP’s fixes, monitor for suspicious RFC calls or new admin accounts, enforce network segmentation and backups, and restrict RFC usage via SAP UCON and authorization object S_DMIS activity 02.
Read more on The Hacker News

2. Tire giant Bridgestone confirms cyberattack impacts manufacturing

Bridgestone Americas confirmed a cyberattack that disrupted operations at some North American facilities and is under investigation. The company says rapid containment limited the incident’s scope, with no evidence of customer data compromise or deeper network infiltration. Reports initially highlighted outages at two plants in Aiken County, South Carolina, followed by disruptions in Joliette, Quebec.

Bridgestone Americas, representing 43% of the corporation, operates 50 production facilities with 55,000 employees and reported $12 billion in sales and $1.2 billion operating profit in 2024. While forensic analysis continues, Bridgestone states the event was contained early and limited to a subset of facilities.
Read more on BleepingComputer

3. More Cybersecurity Firms Hit by Salesforce-Salesloft Drift Breach

SecurityWeek reports additional victims of the Salesforce–Salesloft Drift breach, with Proofpoint, SpyCloud, Tanium, and Tenable confirming exposure in their Salesforce instances. Google previously attributed the campaign to UNC6395, which used compromised OAuth tokens tied to the Drift chatbot integration to export large data volumes.

The attack—now estimated to impact over 700 organizations—affected firms beyond those currently using Drift. Disclosed data included CRM fields and contact details (names, emails, phone numbers, and location references) and, for Tenable, support case metadata. The companies say no product platforms were breached and have rotated credentials, removed the application, secured systems, and increased Salesforce monitoring.
Read more on SecurityWeek

4. Threat actors abuse X’s Grok AI to spread malicious links

BleepingComputer details a malvertising technique exploiting X’s Grok AI to amplify malicious links. Advertisers place a hidden URL in a video card’s “From:” metadata field to evade scanning, then reply to the post asking Grok for the link. Grok parses the field and publishes the clickable URL, boosting visibility, trust, and reach.

Guardio Labs researcher Nati Tal, who dubbed the tactic “Grokking,” observed links funneling through shady ad networks to scams, fake CAPTCHA pages, info-stealing malware, and other payloads. Mitigations include scanning all fields, blocking hidden links, and sanitizing Grok’s context handling. X acknowledged receipt; no public response was available. 
Read more on BleepingComputer

5. Google Fined $379 Million by French Regulator for Cookie Consent Violations

France’s data protection authority (CNIL) fined Google $379 million (€325 million) and Shein $175 million (€150 million) for violating cookie consent rules. CNIL found both set advertising cookies without valid consent; Google allegedly steered account creation toward personalized ads while obscuring generic options, rendering consent invalid under Article 82.

Despite adding a refuse option in October 2023, CNIL said deficiencies persisted. CNIL deemed Gmail’s promotional and social tab ads subject to explicit consent under France’s CPCE. Google must comply within six months or face €100,000 daily penalties and plans to appeal. Related developments include U.S. actions against Disney and Apitor.
Read more on The Hacker News

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!