![Cybersecurity News | Daily Recap [08 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [08 Aug 2025]")
Recent cybersecurity incidents highlight significant data breaches, with Optus, Columbia University, and Bouygues Telecom exposed to public scrutiny and legal penalties. Efforts to disrupt ransomware gangs like BlackSuit/Chaos and the threat of malware such as SocGholish and GreedyBear demonstrate ongoing threats and evolving attack techniques. #BlackSuit #SocGholish
Daily Cybersecurity Recap
Data Breaches & Disclosures
- Australia’s regulator is pursuing civil penalties against Optus over the 2022 breach that exposed millions of customers’ personal data, highlighting legal fallout from poor data security – Optus Penalty
- A major incident at Columbia University exposed sensitive records for roughly 860k–870k individuals, prompting credit monitoring offers and investigations into a politically-motivated actor – Columbia Breach, Columbia Breach, Columbia Breach
- French telco Bouygues Telecom confirmed a breach affecting about 6.4M customers’ contact and contract details while authorities investigate the scope – Bouygues Breach, Bouygues Breach
- Air France and KLM disclosed customer data exposure after a third-party platform hack linked to ShinyHunters, underscoring third-party supply-chain risk – Air France/KLM
- Roundup: assorted incidents including an Amazon ECS privilege escalation, the Alera Group breach, and urgent Exchange responses illustrate continuing enterprise exposure – In Other News
Ransomware & Law Enforcement
- U.S. and international ops disrupted the gangs behind BlackSuit/Royal (rebranded as Chaos), which hit 450+ organizations and extorted over $370M, demonstrating major takedown progress – BlackSuit Takedown, BlackSuit Takedown
- A new EDR-killer from RansomHub is being used by at least eight ransomware groups to disable endpoint protections using obfuscated drivers and stolen certificates, raising detection concerns – EDR Killer
- North Korea-linked group ScarCruft added the VCD ransomware to its toolkit, signaling an increased blend of espionage and financially-motivated disruption – ScarCruft Ransom
Malware & Supply-Chain Attacks
- Ad networks and Traffic Distribution Systems are being abused to push SocGholish and loaders that chain into LockBit, Evil Corp and other payloads, amplifying drive-by compromise risk – SocGholish Spread
- Malicious developer packages on RubyGems, PyPI and NPM have been found stealing credentials, hijacking crypto staking and even embedding destructive data‑wiping logic, forcing registry security changes – Malicious Packages, Malicious Packages
- The GreedyBear campaign infiltrated Mozilla’s add‑ons with 150+ fake wallet extensions that drained crypto (using techniques like Extension Hollowing) and deployed AI-generated scams across platforms – GreedyBear, GreedyBear
Vulnerabilities & Patching
- CISA ordered federal agencies to urgently patch CVE-2025-53786 in Microsoft Exchange to prevent potential domain compromises and limited-logging stealth attacks – Exchange Patch
- Microsoft will block insecure FPRPC file-access in Microsoft 365 apps for Windows by default starting late August 2025, with admin controls for re-enablement to reduce legacy-protocol risk – FPRPC Block
- SonicWall says recent SSLVPN attacks exploited a known flaw CVE-2024-40766 (not a zero‑day), stressing patching and correct password handling after Akira ransomware activity reports – SonicWall Flaw, SonicWall Flaw
Threat Actors & Account Risks
- Decentralized actor Scattered Spider continues to exploit social engineering, insider help‑desk abuse and account takeovers, underlining the need for robust human‑centric defenses – Scattered Spider
- Leaked credentials are up 160%, increasingly driving breaches and highlighting the importance of credential monitoring, MFA and rapid incident response – Credential Spike
Legal, Policy & Judiciary
- U.S. federal courts are tightening digital security after PACER exposures to better protect sensitive case documents amid an escalation in targeted attacks – Judiciary Security
- Germany’s top court limited law enforcement spyware use to investigations of serious crimes, reinforcing privacy and fundamental-rights protections against broad device surveillance – Spyware Ruling
Space & Infrastructure Risk
- Researchers warn insecure open‑source satellite management software can be hacked to manipulate or disable satellites, raising fresh national‑security and supply‑chain concerns for space operators – Satellite Hacks
Events & Vendor Changes
- Black Hat USA 2025 vendor announcements highlighted AI-driven detection, risk management and resilience tools, showing continued vendor investment in advanced security tech – Black Hat
- Microsoft will retire the Lens PDF scanner app on iOS/Android by December 2025 and encourage migration to Microsoft 365 Copilot, affecting mobile scanning workflows – Lens Retirement