![Cybersecurity News | Daily Recap [12 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [12 Aug 2025]")
Active exploitation of CVE-2025-6543 in Citrix NetScaler has led to breaches in critical sectors, while vulnerabilities in Erlang/OTP SSH and WinRAR are being actively targeted by threat groups. These incidents highlight the ongoing risks posed by remote code execution flaws, supply-chain attacks, and ransomware campaigns affecting various organizations and systems. #CVE2025-6543 #WinRAR #ErlangOTP #Manpower #SaintPaul #Yes24 #MedusaLocker #Kimsuky
Vulnerabilities & Active Exploits
- The Dutch NCSC and multiple reports confirm active exploitation of CVE-2025-6543 in Citrix NetScaler, leading to web shells and breaches in critical sectors β Citrix NetScaler, NetScaler Exploits, NetScaler Breaches
- A surge of attacks exploiting CVE-2025-32433 in Erlang/OTP SSH has targeted OT networks (notably firewalls), with many incidents observed before patches were applied β Erlang/OTP, Erlang/OTP Surge
- A high-severity WinRAR zero-day (CVE-2025-8088) was abused in supply-chain-style attacks by groups including RomCom and PaperWerewolf, deploying malware families like MythicAgent, SnipBot and RustyClaw β WinRAR 0-day, WinRAR RomCom, WinRAR Two Groups, WinRAR Details
- SAP released patches for multiple flaws including critical code-injection issues in S/4HANA; organizations are urged to apply updates to prevent active exploitation β SAP Patches
- SonicWall attributes recent Gen7 firewall attacks to a year-old, patched defect (CVE-2024-40766), with Akira-affiliated ransomware observed in the campaign β SonicWall Attack
- Xerox issued fixes for FreeFlow SSRF and RCE flaws (CVE-2025-8355, CVE-2025-8356) that could enable remote compromise of enterprise print workflows β Xerox Flaws
Ransomware & Data Breaches
- Staffing firm Manpower disclosed a December 2024 breach affecting nearly 145,000 people, with the attack claimed by RansomHub β Manpower Breach
- The city of Saint Paul was hit by the Interlock ransomware gang, disrupting services though officials say residentsβ personal data wasnβt compromised β St Paul Attack, St Paul Ransomware
- South Korea ticketing giant Yes24 suffered a second ransomware outage in under two months, raising concerns over repeat breaches and recovery practices β Yes24 Ransomware
- Ransomware-as-a-Service group MedusaLocker is actively recruiting pentesters to refine attacks against ESXi, Windows, and ARM targets β MedusaLocker Hiring
APTs, Leaks & Extortion
- Cyber extortionists ShinyHunters and Scattered Spider are reportedly collaborating in targeted extortion campaigns using advanced social-engineering and VPN impersonation tactics against businesses including Salesforce β ShinyHunters & Scattered Spider
- New APT βCurly COMradesβ used ngen COM hijacking and custom tooling to run long-term espionage against government and energy sectors in Georgia and Moldova, consistent with Russian-aligned activity β Curly COMrades
- Leak claims exposed internal data and tools from North Koreaβs Kimsuky group after two ethical hackers published the trove, potentially disrupting future campaigns β Kimsuky Leak
Crime Takedowns & Fraud
- U.S. and Ghanaian authorities extradited three suspects tied to a transnational romance and BEC scam that stole over $100 million, underscoring international cooperation against cyber fraud β Romance Scam Bust, Ghana Extradition
Cloud, OT & Transportation Risks
- Researchers showed a seven-year-old CPU side-channel (L1TF-Reloaded) can still leak sensitive data in public clouds, challenging assumptions about old mitigations on platforms like GCP and AWS β Cloud CPU Risk
- Critical flaws in smart bus systems (including an MQTT backdoor and poor segmentation) could allow tracking, remote control, and spying of vehicles, leaving public transit exposed β Smart Buses Flaws
- New vulnerabilities in the TETRA radio protocol threaten law enforcement and critical-comms with replay and injection attacks against TEA1β4 encryption, urging immediate review of deployed systems β TETRA Flaws
Product Updates, Support & Funding
- Microsoft confirmed Windows 11 23H2 Home and Pro will reach end-of-support on 11 Nov 2025, urging upgrades to 24H2 while noting possible compatibility blocks for some devices β Windows 11 EoS
- Microsoft is testing Windows 365 Reserve, a cloud-based disaster-recovery desktop service offering up to 10 days of temporary access per user for resilience after device failures or attacks β Windows 365 Reserve
- 1Kosmos raised $57 million in Series B to expand its passwordless identity verification and authentication platform for stronger anti-impersonation and zero-trust integrations β 1Kosmos Funding
- OneNote gained a long-requested βpaste as text onlyβ feature for Windows and Mac, improving user workflow and reducing accidental formatting leaks β OneNote Update
Events, Strategy & Analysis
- CodeSecCon 2025 (virtual) spotlights software security challenges from AI-driven threats to supply-chain risks and offers practical guidance for improving application security β CodeSecCon
- An analysis compares Enterprise Browsers versus secure enterprise browser extensions across control, coverage, and operational impact as organizations harden browser-based workspaces β Browser Battle