Cybersecurity News | Daily Recap [11 Aug 2025]

hendryadrian.com

hendryadrian.com

Daily Cybersecurity News Recap

Vulnerabilities & Patches

• A researcher won a $250,000 bounty for a Chrome sandbox escape (CVE-2025-4609) that allowed system command execution via Mojo IPC and was patched in May – Chrome Escape
• WinRAR’s critical path-traversal zero-day (CVE-2025-8088) was under active exploitation and is patched in v7.13 — update immediately – WinRAR Patch, WinRAR Exploit
• Xerox issued urgent updates for CVE-2025-8355 & CVE-2025-8356 in FreeFlow Core to fix SSRF and RCE — upgrade to 8.0.5 immediately – Xerox Fixes
• Over 29,000 Microsoft Exchange servers remain unpatched for CVE-2025-53786, risking full domain compromise via privilege escalation – Exchange Risk
• New “Win-DDoS” technique can weaponize public domain controllers via LDAP/RPC referrals to build powerful DDoS botnets without credentials – Win-DDoS

Device & Automotive Security

• Researchers disclosed BadCam vulnerabilities in Linux-based Lenovo webcams that enable persistent BadUSB-style attacks via firmware re-flashing and remote keystroke injection – BadCam, BadCam, BadCam
• Critical flaws in an automaker’s dealership platform and web portal could let attackers remotely unlock cars, access personal data, and impersonate users — urgent fixes needed – Dealer Flaws, Portal Flaws

Data Breaches & Leaks

• A Connex Credit Union breach exposed personal and financial data for 172,000 people (over 70,000 members reported), including Social Security numbers and account details — investigation ongoing – Connex Breach, Connex Breach
• Researcher Micah Lee uncovered a 410GB TeleMessage data leak containing plaintext messages from officials, exposing insecure messaging and server flaws – TeleMessage Leak

Ransomware & Crimeware

• The Embargo ransomware gang has processed over $34.2M in crypto since April 2024, targeting US healthcare, business services and manufacturing with links to BlackCat/Alphv and advanced tooling – Embargo Ransom
• Security firm Profero cracked DarkBit ransomware’s encryption, enabling free file recovery for victims of attacks tied to Iranian activity like MuddyWater – DarkBit Crack

Fraud & Scams

• Four Ghanaian nationals were extradited to the US and charged over a > $100M romance-scam and BEC operation that laundered funds via impersonation and middlemen – Ghana Scam
• A prolific SMS phishing operation evolved from Magic Cat into a stronger successor dubbed Magic Mouse, stealing tens of thousands of credit card details via phishing messages – SMS Scam

AI & Prompt Injection

• New research uses physics-inspired mathematical models to predict and reduce AI hallucinations, aiming to improve LLM reliability in safety-critical applications – AI Hallucinations
• Google patched a Gemini bug where malicious Calendar invites could hijack the assistant to leak data and control devices, underscoring prompt-injection risks for AI with broad permissions – Gemini Bug

Nation-state & Infrastructure Threats

• Finnish authorities charged a captain linked to a suspected Russian “shadow fleet” tanker for damaging subsea cables in the Baltic, disrupting energy and communications and raising regional security alarms – Shadow Fleet
• A Russian-linked group exploited a WinRAR zero-day (CVE-2025-8088) in targeted cyberespionage campaigns against European and Canadian organizations before the patch was released – WinRAR Exploit

Policy & Regulation

• The U.K. High Court rejected Wikimedia’s challenge to the Online Safety Act, leaving possible user-verification rules for platforms like Wikipedia in place pending category reclassification – Wikipedia Ruling

Guidance & Recap

• A concise four-step approach helps focus security on business-critical assets to improve efficiency and measurable results in exposure management – 6 Lessons
• Weekly threat roundup covering recent ransomware, supply-chain exploits, zero-day abuses, and state-sponsored activity to watch – Weekly Recap

Cybersecurity News | Daily Recap – hendryadrian.com