![Cybersecurity News | Daily Recap [07 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [07 Aug 2025]")
Recent cybersecurity updates highlight critical vulnerabilities in Microsoft Exchange Server and ongoing data breaches involving Air France, KLM, and Bouygues Telecom, emphasizing the importance of prompt patching and security awareness. Threat actors like ShinyHunters, Scattered Spider, and LockBit continue to target healthcare, telecom, and financial sectors, while malware activities such as MATCHBOIL and Akira ransomware demonstrate evolving attack techniques. #CVE-2025-53786 #ShinyHunters #ScatteredSpider #LockBit #MATCHBOIL #Akira
Microsoft Exchange Vulnerabilities
- Multiple alerts from Microsoft, CISA, and researchers warn of a critical CVE-2025-53786 vulnerability affecting hybrid and on-premises Exchange Server deployments that could enable privilege escalation and compromise cloud environments, urging immediate patching and server updates β Exchange Vulnerability Warning, CISA Exchange Alert, Microsoft Exchange Flaw, Exchange Vulnerability Disclosure, Microsoft Exchange Hybrid Warning
- Microsoft plans to block Exchange Web Services (EWS) traffic in hybrid environments by October 2025 to reduce exposure to vulnerabilities like CVE-2025-53786, requiring organizations to update Exchange servers and adjust coexistence setups β EWS Access Changes
Data Breaches & Cyberattacks
- Air France and KLM confirm customer data breaches via third-party platforms linked to ShinyHunters and Scattered Spider, exposing contact details and elevating phishing risks β Air France & KLM Breach, Air France-KLM Data Breaches, KLM Third-Party Breach, Google Salesforce Hack, Google Confirms Salesforce Breach, Google Salesforce Disclosure
- Bouygues Telecom, Franceβs third-largest mobile operator, suffered a cyberattack exposing personal data of 6.4 million customers, amid concerns over state-sponsored espionage targeting French telecoms β Bouygues Telecom Attack
- Ransomware groups PEAR and SafePay targeted healthcare provider Think Big and Ridgefield Public Schools respectively, stealing sensitive personal and medical info and threatening data leaks, illustrating increasing ransomware risks in healthcare and education sectors β PEAR Ransomware Healthcare, SafePay School Ransomware
- Misconfigured AWS bucket at IMDataCenter led to a leak of 38GB of sensitive personal data, posing risks of identity theft and financial crime β IMDataCenter Data Leak
- A ransomware attack on US kidney dialysis provider DaVita resulted in theft of clinical data of over 900,000 patients by the Interlock gang, further highlighting healthcare cyber risks β DaVita Ransomware Incident
- Founders of the Cryptomixer Samourai Wallet pleaded guilty to laundering over $200 million for cybercriminals via untraceable Bitcoin mixing services, emphasizing ongoing crypto crime enforcement β Cryptomixer Money Laundering
- Nigerian hacker Chukwuemeka Victor Amachukwu extradited to the US for orchestrating spearphishing and tax fraud schemes causing over $3 million in losses, spotlighting international cooperation against cybercrime β Nigerian Hacker Extradition, Tax Fraud Theft Arrest
Malware & Threat Actor Activity
- UAC-0099 threat actor group targets Ukrainian defense using MATCHBOIL loader malware and sophisticated espionage tools delivered through spear-phishing with HTA files β UAC-0099 MATCHBOIL Malware
- Akira ransomware employs Intel CPU tuning drivers to disable Microsoft Defender and escalate privileges via BYOVD attacks, evading detection on Windows endpoints including recent SonicWall SSLVPN breaches β Akira BYOVD Technique
- Fake VPN and spam blocker apps tied to VexTrio Viper ad fraud campaign defraud users monetizing through subscriptions and ads while leveraging sophisticated cloaking and traffic redirection β VexTrio Fake Apps Fraud
- New βGhost Callsβ evasion tactic abuses TURN servers in Zoom and Microsoft Teams to hide command-and-control traffic within legitimate conferencing data, complicating detection efforts β Ghost Calls C2 Abuse
- Researchers reveal PLoB, a behavioral fingerprinting framework combining AI and graph analytics to detect malicious logins and early-stage credential compromise β PLoB Behavioral Detection
Supply Chain & Open-Source Threats
- Malicious Go and npm packages discovered delivering cross-platform malware with remote data wipe capabilities, exposing supply chain risks in open-source ecosystems β Malicious Go & npm Packages
- Pythonβs supply chain remains vulnerable after attacks like the Ultralytics YOLO package compromise; experts stress adoption of advanced security tools to protect development environments β Python Supply Chain Webinar
- Enterprise secrets management platforms CyberArk Conjur and HashiCorp Vault patched critical remote code execution vulnerabilities affecting sensitive data security worldwide β CyberArk & Vault Vulnerabilities
- Amazon ECS vulnerability ECScape discovered enabling cross-container privilege escalation and credential theft, prompting AWS to recommend enhanced isolation practices β Amazon ECS ECScape Flaw
AI Security & Risks
- Enterprise AI assistants are demonstrated to be vulnerable to stealthy data theft and manipulation attacks, emphasizing security gaps in widely integrated generative AI tools β AI Assistants Exploitation
- Emerging risks in agentic AI systems include context manipulation, supply chain attacks, and authentication challenges, calling for stronger threat modeling and security protocols β Agentic AI Threats
- 2025 marks a shift in cloud defense with AI as both a powerful tool and attack surface, requiring security teams to adapt for real-time AI-driven threat monitoring and protection β AI-Powered Cloud Security
Other Notable Incidents & Trends
- New HTTP request smuggling attacks impact major CDN providers like Akamai and Cloudflare, affecting millions of sites; migrating to HTTP/2+ recommended to mitigate risks β HTTPRequest Smuggling Attacks
- The Black Hat USA 2025 conference highlighted innovations in autonomous security, AI-driven threat detection, and vulnerability management from vendors like CrowdStrike and Claroty β Black Hat 2025 Highlights
- Alliance for Creativity and Entertainment (ACE) took down Rare Breed TV, a major IPTV piracy service offering 28,000 illegal channels, though its website remains live β Rare Breed IPTV Shutdown
- US energy sector faces thousands of exposed services and cybersecurity blind spots on non-standard ports and IPv6, with ongoing exploits by nation-state actors raising systemic risk concerns β Energy Sector Vulnerabilities
- Automakersβ privacy practices vary widely; research praises Honda for improvements following California fines, advocating stronger privacy protections industry-wide β Automaker Privacy Research
- Tornado Cash cofounder convicted on lesser money transmission charges, highlighting regulatory scrutiny of crypto privacy tools β Tornado Cash Conviction
- Critical vulnerabilities patched in platforms like WWBN AVideo, MedDream PACS, and Eclipse ThreadX, with detection rules released to aid cybersecurity defenses β WWBN & MedDream Vulnerabilities