![Cybersecurity News | Daily Recap [06 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [06 Aug 2025]")
Trend Micro patch critical Apex One zero-day vulnerabilities actively exploited in the wild, emphasizing the need for immediate updates to prevent attacks. Multiple vendors, including Adobe, Google, and Dell, release urgent patches for zero-day flaws and firmware vulnerabilities affecting numerous organizations and systems. #ApexOne #AdobeAEM #DellControlVault3
Vulnerabilities & Patches
- Trend Micro patches two critical Apex One zero-day vulnerabilities (CVE-2025-54948, CVE-2025-54987) exploited in the wild, urging immediate updates β Apex One Patches, Apex One Zero-Day, Apex One Exploits
- Adobe issues urgent out-of-band fixes for critical zero-days in AEM Forms after public PoCs, addressing remote code execution risks β Adobe AEM Patches, Adobe Emergency Fixes
- Google releases emergency Android patches fixing two actively exploited Qualcomm vulnerabilities enabling remote code execution β Android Security Bulletin, Google Qualcomm Patches
- Critical firmware flaws in Dell ControlVault3 impact over 100 laptop models, enabling Windows login bypass and implant persistence, now patched β Dell Firmware Flaws, ReVault Vulnerabilities, ControlVault Risk
- A critical code execution flaw dubbed MCPoison affects the AI coding tool Cursor, allowing malicious MCP config file swaps; patched in version 1.3 β Cursor Vulnerability, Cursor MCPoison
- SonicWall SSL VPN zero-day actively exploited to bypass MFA and deploy Akira ransomware, with advisories urging monitoring and patching β SonicWall Zero-Day
- CISA adds three actively exploited old vulnerabilities in D-Link routers to its KEV catalog, emphasizing risks to networked devices β D-Link Router Flaws
Data Breaches & Cybercrime
- WhatsApp removes 6.8 million scam-linked accounts and introduces new safety features to combat fraud, collaborating with OpenAI β WhatsApp Scam Takedown, WhatsApp Security Features
- Social engineering campaigns linked to the ShinyHunters group target Google and Pandora through Salesforce data theft attacks exposing sensitive customer information β Google Data Breach, Pandora Breach
- PBS employee contact data leaked on Discord, raising privacy concerns though no malicious activity yet reported β PBS Data Leak
- DaVita dialysis provider confirms ransomware attack compromising health data of over 900,000, triggering law enforcement investigation β DaVita Ransomware
- Two U.S. senators seek answers from UnitedHealth Group over a breach at subsidiary Episource impacting 5.4 million patient records β UnitedHealth Data Breach
- Fraudster extradited from France to US over a $2.5 million hack targeting tax prep businesses involving phishing and identity theft β Tax Hack Extradition
- JSCEAL malware campaign targets millions via fake crypto app ads using advanced evasion techniques and signed payloads β JSCEAL Malware
Espionage & Nation-State Threats
- New cyberespionage campaign by UAC-0099 targets Ukraineβs defense sector with malware including Matchboil, Matchwok, and Dragstare delivered via phishing β Ukraine Cyberespionage, CERT-UA Warning
- Researchers expose active infrastructure for Candiruβs DevilsTongue spyware linked to Hungary, Saudi Arabia, and Indonesia amid concerns over continued espionage threats β Candiru Spyware
- British intelligence warns of increasingly sophisticated cyber threats against UK critical infrastructure amid legislative delays, urging improved defenses β UK Infrastructure Threats
Artificial Intelligence in Cybersecurity
- Microsoft launches Project Ire, an AI system that autonomously reverse engineers software for malware classification to speed threat detection β Project Ire Launch, Project Ire Details
- AI reduces vCISOsβ workloads by 68% amid a 319% demand surge from SMBs, transforming scalable cybersecurity service delivery β AI Impact on vCISOs
- AI-driven innovations showcased at Black Hat USA 2025 highlight advances in threat intelligence, automation, and proactive cyber defense tools β Black Hat 2025 Highlights
- Pentera enhances adversarial testing with AI-powered automation and natural language commands, enabling real-time security validation in hybrid environments β AI in Adversarial Testing
- Googleβs AI Big Sleep detects 20 security flaws in popular open-source projects, improving vulnerability management and transparency β Big Sleep Discoveries
Security Best Practices & Insights
- Multi-factor authentication (MFA) significantly reduces phishing risks but must be combined with strong password hygiene for effective account protection β MFA Limitations
- Jeff Moss recalls the origins and evolution of DEF CON, highlighting its role as a crucible of cybersecurity issues from AI risks to supply chain threats β DEF CON Insights
- National Bank of Canada suffers a major outage disrupting online and mobile banking with cause under investigation β Canada Bank Outage