Cybersecurity News | Daily Recap [15 Aug 2025]

hendryadrian.com

hendryadrian.com

Nation-state Activity

• Norway confirms a pro-Russian intrusion that allowed control of a dam’s systems in April, underscoring growing risks to critical infrastructure – Norway Dam, Dam Suspect
• Reports link Russian actors to breaches of U.S. federal court systems and other incidents, highlighting ongoing nation-state targeting – Russia Activity
• Hackers exploited a Microsoft vulnerability to breach Canada’s House of Commons, compromising employee and device data and raising state‑sponsored concerns – Canada House

Crypto & Enforcement

• The U.S. Treasury renewed sanctions on Garantex and its successor Grinex for facilitating over $100M in illicit crypto transactions tied to ransomware groups – Garantex Sanctions, Grinex Sanctions, Treasury Renewal
• Global law enforcement and private partners froze over $300 million in crypto tied to scams, money laundering and terrorist financing via coordinated operations – $300M Seized
• Turkish exchange BTCTurk halted withdrawals after a breach that saw about $49 million (mostly Ethereum) stolen, though cold-wallet user assets remain protected – BTCTurk Theft

Vulnerabilities & Patches

• Cisco patched a critical RCE in Secure Firewall Management Center (CVE-2025-20265, CVSS 10.0) exploitable via RADIUS authentication and advised mitigations if patching is delayed – Cisco FMC, FMC CVSS10
• Rockwell Automation released fixes for critical and high-severity flaws in FactoryTalk, Micro800 and ControlLogix that could allow RCE, privilege escalation and DoS – Rockwell Fixes
• Xerox patched two critical RCE vulnerabilities in its FreeFlow Core print orchestration platform that could permit arbitrary code execution in printing workflows – Xerox RCE
• Plex urged immediate updates after patching a flaw affecting versions 1.41.7.x–1.42.0.x, stressing timely patching to avoid exploitation – Plex Patch
• Critical vulnerabilities disclosed in zero‑trust platforms including Zscaler, Netskope and Check Point could enable auth bypass and privilege escalation; mitigations are recommended now – Zero Trust Report

Malware & Campaigns

• The Crypto24 ransomware group uses custom EDR‑evasion tools, privilege escalation and cloud exfiltration to target large organizations across sectors – Crypto24
• Black Hat highlights included AI guardrail bypasses, security‑chip vulnerabilities and a widespread malvertising campaign distributing PS1Bot malware targeting sensitive information – Black Hat Recap
• Active government and police email accounts are being sold on the dark web for as little as $40, enabling impersonation and access to sensitive systems – Stolen Emails

Policy, Strategy & Tech

• Microsoft warns support for Windows 10 version 22H2 ends on October 14, 2025, urging upgrades to Windows 11 or enrollment in Extended Security Updates to maintain protections – Windows EOL
• A federal appeals court upheld the FCC’s telecom breach reporting rule requiring notification for breaches of ≥500 customers’ PII within seven days, reinforcing disclosure obligations – FCC Rule
• Tight cybersecurity budgets and staffing shortages are accelerating adoption of AI-driven defenses and automation, reshaping vendor relationships and risk posture – AI Defense Shift
• As agentic AI systems gain autonomy, privacy is shifting toward trust-based models and raises verification, legal privilege and accountability questions – Zero Trust + AI
• Google says Android’s protected pKVM earned SESIP Level 5 certification, marking a major assurance milestone for device protection against advanced attackers – Android pKVM

Supply Chain & Software Risk

• A backdoor found in public Docker images and the sale of stolen identities from Italian hotels highlight ongoing supply-chain and data-theft risks that underscore secure software development and image hygiene – Supply Chain Notes

Cybersecurity News | Daily Recap – hendryadrian.com