Hackers are weaponizing a critical SAP NetWeaver vulnerability (CVE-2025-31324) to deploy the evasive Auto-Color Linux malware, with Darktrace uncovering a sophisticated attack against a U.S. chemicals firm. The malware now features advanced evasion tactics, including suppressing malicious behavior when disconnected from its command servers to thwart analysis. Security teams must urgently patch systems as Chinese state hackers and ransomware groups join the exploitation wave.