Critical SAP S/4HANA Vulnerability Under Active Exploitation in the Wild
Active exploitation of the SAP S/4HANA security flaw has been confirmed by SecurityBridge in a security alert published on their website. This exploitation has not been attributed to any known threat actors and currently no specific sectors or victims have been established at this time, but in the wild exploitation has been confirmed. Disclosed on 11th August 2025 and tracked as CVE-2025-42957 (CVSS 9.9), this vulnerability is a critical ABAP code injection flaw within SAP S/4HANA S4CORE versions 102 – 108 that allows low privileged users to take complete control of a target SAP system.
Key Threat Points
Primary Concerns
Complete System Takeover
Exploitation of this vulnerability can allow threat actors to gain complete control over your SAP system including the ability to modify the SAP database, create superuser accounts with SAP_ALL privileges, download password hashes, and alter business processes.
Change of Scope
This vulnerability allows a threat actor to change scope, meaning that it could be used in conjunction with another exploit to affect resources outside of the intended vulnerable component including lateral movement and privilege escalation capabilities.
Operational Disrupt
With complete control of the application and access to the host OS, attackers could deploy malware or ransomware on the SAP servers. They might encrypt vital business data or disrupt SAP services, leading to costly downtime.
Mitigations
Applying Patches
SAP have addressed this flaw in its August 2025 security patch day update. The mitigations apply to both on-premises and private-cloud S/4HANA instances.
Workarounds
Currently no vendor-supported workarounds exist; patching is the only full mitigation.
References:
CVE-2025-42957: Critical SAP S/4HANA Code Injection Vulnerability (Security Bridge)
Critical SAP S/4HANA Vulnerability Under Attack (DarkReading)
Protect Your SAP S/4HANA from Critical Code Inject… (SAP Community)
PromptLock: When Ransomware Starts Thinking for Itself
Threat Level: High (PoC, not seen in the wild)
Impact: Data encryption, theft, adaptive evasion
Platforms: Windows, Linux, macOS
First Reported: August 2025
Sources: ESET Research
A New Milestone in Ransomware Evolution
August 2025 saw something we’ve all been expecting but hoping wouldn’t happen so soon: the first functional ransomware strain to run its own AI model locally. ESET researchers dubbed it PromptLock, and while it’s currently a proof of concept (PoC) rather than a campaign in the wild, it’s still a shot across the bow.
Unlike “AI-assisted” development we’ve seen before, PromptLock actively embeds a general-purpose language model into its operations. The model in use? gpt-oss:20b, executed locally through the Ollama API. This isn’t about speeding up dev work — it’s about ransomware that can think on its feet while running.
Technical Overview
Execution and Encryption
- Built in Golang, PromptLock calls the Ollama API to spin up a local LLM instance.
- The model dynamically generates Lua scripts to enumerate filesystems, encrypt targets, and exfiltrate data.
- It uses the SPECK-128 algorithm for encryption — not the most sophisticated, but plenty disruptive.
- Targeting is selective: business-critical assets (docs, DBs, archives) are prioritised.
Evasion and Adaptability
- Running its LLM offline means there are no obvious cloud API calls to spot.
- It can adapt its execution flow in real time, modifying file names, directory structures, and encryption routines to sidestep static detection and heuristic rules.
- Because the scripts are generated on the fly, indicators of compromise (IOCs) are slippery — they’ll shift constantly.
Delivery
Initial access hasn’t been nailed down. ESET suggests phishing or generic malware loaders, but the modular design could bolt onto any number of entry vectors.
Current Threat Landscape
At this stage, PromptLock is still being described as experimental. The PoC demonstrates the concept of AI-powered ransomware but hasn’t been seen deployed in actual attacks. Some features (like data destruction routines) are still incomplete.
Even so, it confirms what many have warned about: adversaries are moving from using AI to build malware into embedding AI as part of malware execution. That’s a seismic shift.
Business Impact (When it Matures)
When – not if – PromptLock evolves beyond proof of concept, the business impact could be severe. Its cross-platform capability to strike Windows, Linux, and macOS systems at once broadens the potential victim pool significantly. Adaptive targeting and rapid encryption compress defenders’ response windows, leaving little time to react before critical systems are locked down. The combination of exfiltration and encryption enables effective double extortion, giving attackers more leverage over victims. On top of that, automated theft of sensitive data raises the risk of compliance failures and potential penalties under GDPR and similar regulatory frameworks.
Response Preparation
- Integrate the latest ESET-published IOCs but expect them to age out quickly.
- AI-aware monitoring will assist in watching for unusual local AI/ML model activity on endpoints.
- Keep offline/air-gapped copies that ransomware can’t rewrite.
- DLP and network controls will catch covert exfil attempts even if they’re obfuscated.
- Harden entry points for phishing resilience, patching, and least privilege still matter.
Response Preparation
PromptLock isn’t active in the wild yet — but it doesn’t need to be. The proof of concept alone shows ransomware authors are moving from predictable playbooks to malware that can literally rewrite its own rules mid-attack.
That should be enough to jolt defenders into rethinking strategy. The next generation of ransomware won’t simply execute – it will reason whilst doing so.
References:
ESET discovers PromptLock, the first AI-powered ransomware | | ESET
AI Evasion: The Next Frontier of Malware Techniques – Check Point Blog
IOCs (hash) to detect: ESET Research Discovers AI-Powered Ransomware and Other Threats – Rule – SOC Prime Platform
Attackers Abuse Velociraptor for C2 Tunnelling
In late August 2025, cyber security researchers uncovered a novel attack in which malicious actors exploited Velociraptor, which is an open-source forensic and endpoint monitoring tool. According to research published by the Sophos Counter Threat Unit Research Team, the threat actor used the tool to download and execute Visual Studio Code with the likely intention of creating a tunnel to an attacker-controlled command-and-control (C2) server.
The attack chain began with the use of msiexec to fetch an MSI file from a Cloudflare Workers domain which was used as a staging server for Velociraptor, a tunnelling tool, and the remote administration utility Radmin. Once Velociraptor was installed, it connected to a malicious C2 endpoint via another Cloudflare Workers domain. The attackers then executed a PowerShell-encoded command to download Visual Studio Code (code.exe) from the same infrastructure, launching it with the tunnel option enabled—permitting remote access and execution. The threat actors were also observed utilising the msiexec Windows utility again to download additional payloads from the workers[.]dev folder.
Sophos, the security firm investigating the incident, emphasised that this sort of misuse of legitimate tools represents a growing trend. Using incident-response or forensic utilities like Velociraptor allows attackers to obtain a foothold while avoiding the need to deploy bespoke malware. Organisations are warned to treat any unexpected appearance of these tools as a possible precursor to malicious activity such as ransomware deployment.
Organisations should monitor for and investigate unauthorized use of Velociraptor and treat observations of this tradecraft as a precursor to ransomware. Sophos have released two Indicators of Compromise (IoCs) associated with this security incident.
Indicator: files[.]qaubctgg[.]workers[.]dev
Type: Domain name
Context: Hosted tools used in August 2025 Velociraptor campaign
Indicator: velo[.]qaubctgg[.]workers[.]dev
Type: Domain name
Context: C2 server used in August 2025 Velociraptor campaign
References:
Velociraptor incident response tool abused for remote access – Sophos News
Detecting Velociraptor misuse :: Velociraptor – Digging deeper!
Attackers Abuse Velociraptor Forensic Tool to Deploy Visual Studio Code for C2 Tunneling
Get Norm’s threat bulletin direct to your inbox
Norm tracks and monitors the latest security trends and cyber threats and collates these into a fortnightly threat bulletin.
You can receive this bulletin for free, every fortnight, by entering your business email address below:
