Cybersecurity News | Daily Recap [13 Aug 2025]

hendryadrian.com

hendryadrian.com

Patch & Vendor Updates

• Microsoft released August 2025 patches addressing over 100 vulnerabilities including a Kerberos zero-day (CVE-2025-53779) and multiple critical RCE/privilege escalation flaws — apply updates urgently. – MS Patch, MS Update, MS Brief
• Adobe fixed over 60 vulnerabilities across 13 products (Commerce, Substance 3D, Illustrator, Photoshop) to remediate potential code execution and privilege escalation risks. – Adobe Patch, Adobe Fixes
• Chipmakers including Intel, AMD, and Nvidia published advisories fixing flaws in processors, drivers and AI frameworks ranging from privilege escalation to remote code execution. – Chipmaker Patches
• SAP released an August update fixing 26 vulnerabilities including 4 critical code-injection flaws in S/4HANA and Landscape Transformation — prioritize SAP fixes. – SAP Update
• ICS/OT vendors (Siemens, Schneider Electric, Honeywell, ABB, Phoenix Contact) issued Patch Tuesday advisories addressing code execution and remote access flaws in industrial products. – ICS Patch
• Fortinet and Ivanti released August 2025 security bulletins fixing critical/high-severity issues (including CVE-2025-25256), with active exploits reported — patch immediately. – Vendor Patches

Active Exploits & Device Threats

• Fortinet warned about a critical FortiSIEM flaw (CVE-2025-25256) with in-the-wild exploit code—upgrade affected systems now. – FortiSIEM Alert
• Security teams observed a global brute-force wave targeting Fortinet SSL VPNs that later pivoted to FortiManager devices, signaling active credential-stuffing campaigns. – Fortinet Brute
• Over 3,300 unpatched Citrix NetScaler devices remain vulnerable to CitrixBleed bugs (session hijack/MFA bypass), linked to outages at the Pennsylvania AG/OAG offices. – Citrix Bleed, PA Outage

Ransomware & Data Breaches

• A ransomware attack claimed by RansomHub at Manpower exposed personal data of about 140,000 individuals (~500GB of HR/financial files). – Manpower Breach
• Hackers leaked approximately 2.8M Allianz Life records from Salesforce compromises tied to groups like ShinyHunters and Scattered Spider, underscoring SaaS risks. – Allianz Leak, Allianz Follow-up
• New Charon ransomware targets Middle East public-sector and aviation organizations using APT-like evasion techniques, raising regional security concerns. – Charon Report, Charon Coverage
• Researchers cracked the encryption for DarkBit ransomware, enabling free file recovery for victims of campaigns linked to the MuddyWater cluster. – DarkBit Decrypt
• U.S. law enforcement dismantled BlackSuit ransomware infrastructure and seized about $1M in cryptocurrency as part of Operation Checkmate. – BlackSuit Takedown, Crypto Seizure
• WestJet confirmed a June 2025 cyberattack exposed passenger travel documents and personal details (financial data reportedly safe). – WestJet Breach

Supply Chain & Access Economy

• Researchers found the XZ-Utils backdoor (CVE-2024-3094) still present in dozens of Docker Hub images, amplifying software supply-chain risks. – Docker Backdoor, XZ Research
• Initial access brokers are selling enterprise access cheaply (often between $500–$1,000), lowering the barrier for large-scale intrusions on dark web markets. – Low-cost IABs, Access Economy
• Unit42 profiles the flexible “Muddled Libra” strike teams—loosely organized cybercriminal personas that evolve tradecraft and complicate attribution. – Muddled Libra

Nation-state & Espionage

• Reports attribute the hack of the U.S. PACER federal court filing system to Russia, exposing sensitive legal records and highlighting persistent nation-state threats. – PACER Hack
• New espionage group “Curly COMrades” deploys the MucorAgent backdoor against government and energy sectors, showing advanced persistence and evasion. – Curly COMrades
• Following attacks attributed to actors linked to China and Iran, DEF CON volunteers mobilized to assist U.S. water utilities via the DEF CON Franklin initiative to shore up critical infrastructure defenses. – DEF CON Franklin

AI, SOC & Future Threats

• AI-powered SOC capabilities are automating alert triage, detection and investigation to reduce inefficiencies, though skilled human analysts remain essential for complex threats. – AI SOC
• A webinar warns the next wave of AI-enabled attacks (deepfakes, synthetic identities) will elevate identity-centric defenses as the primary line of defense. – AI Webinar

Fraud, Law Enforcement & Misc

• Four Ghanaian nationals were extradited for roles in romance scams and BEC schemes that stole over $100M, demonstrating international cooperation on fraud. – Ghana Extradition
• An active phishing campaign impersonates the UK Home Office to steal sponsor-license credentials and enable fraud/extortion against immigration sponsors. – Home Office Phish
• Microsoft is removing legacy PowerShell 2.0 from Windows 11/Server (update scripts) and advises ignoring certain benign CertEnroll errors introduced by in-development features. – PowerShell Removal, CertEnroll Notice
• Android’s pKVM hypervisor earned SESIP Level 5 certification, raising the bar for on-device security for biometric and AI workloads. – pKVM Cert
• Healthcare continues to suffer large incidents—over 275M patient records were exposed across >700 breaches in 2024—reinforcing the need for HIPAA-compliant password management. – Healthcare Risk

Cybersecurity News | Daily Recap – hendryadrian.com