Cybersecurity News | Daily Recap [20 Aug 2025]

This recap highlights recent major data breaches, including incidents involving Orange Belgium and the NY Business Council, and discusses the dismantling of the RapperBot DDoS operation by U.S. authorities. It also covers critical vulnerabilities in browsers, active exploits of enterprise systems, and emerging AI threats, emphasizing the need for timely patches and strategic defenses. #OrangeBelgium #RapperBot #PromptFix #GodRAT

Daily Cybersecurity News Recap

Major Incidents & Data Breaches

Orange Belgium reported a July cyberattack that exposed data for 850,000 customers including names and PUK codes, prompting notifications and mitigation steps – Orange Belgium
A breach at the Business Council of New York State leaked sensitive personal and medical records for nearly 47,000 people, including SSNs and health data – NY Business Council
Australia’s TPG/iiNet suffered a compromise affecting over 280,000+ records after employee credential misuse accessed order systems – iiNet/TPG Breach
Research exposed multiple security flaws at McDonald’s digital systems that risked sensitive data and client-side abuse, underscoring disclosure importance – McDonald’s Findings, Intel Exposure

Botnets & DDoS

U.S. authorities dismantled the RapperBot DDoS-for-hire operation, charging a 22-year-old operator after the botnet launched hundreds of thousands of attacks across 80+ countries, peaking at 6 terabits per second – RapperBot (SecurityWeek), RapperBot (The Record), RapperBot (CyberExpress), RapperBot (HackerNews)

Ransomware & Extortion

Pharmaceutical firm Inotiv confirmed a ransomware breach by the Qilin gang that encrypted systems and resulted in theft of about 162,000 files, disrupting operations and triggering SEC reporting – Inotiv (SecurityWeek), Inotiv (The Record), Inotiv (BleepingComputer)

Microsoft Outages & Updates

Microsoft is investigating outages affecting Office.com and Copilot along with a Teams “couldn’t connect” sidebar error, while issuing emergency Windows updates to fix recovery/reset and upgrade failures (error 0x8007007F) and addressing SSD corruption tied to some Phison controllers — users should follow provided workarounds and patch guidance – Copilot/Office Outage, Teams Workaround, Emergency Windows Patch, Upgrade Fix 0x8007007F, SSD Failures

Browsers & Critical Vulnerabilities

A critical bug in Chrome’s V8 engine (CVE‑2025‑9132) could enable remote code execution—users should update immediately as Google and Mozilla have also released high-severity patches for Chrome and Firefox – Chrome CVE-2025-9132, Chrome/Firefox Patches

Enterprise Exploits & Known-Exploited CVEs

Active exploits include a public chained SAP NetWeaver exploit enabling RCE and data theft, Apache ActiveMQ compromises used to deploy DripDropper on cloud Linux hosts, and CISA added a Trend Micro Apex One RCE (CVE‑2025‑54948) to its KEV catalog—apply vendor patches and mitigations now – SAP Chained Exploit, ActiveMQ / DripDropper, Trend Micro KEV

Password Managers

Six popular password managers can leak logins via clickjacking on malicious sites, potentially affecting about 40 million users; vendors are patching but users should disable autofill until updates arrive – Password Managers

AI Threats & Governance

Researchers disclosed PromptFix, a technique that hides malicious prompts (e.g., fake CAPTCHAs) to coerce AI browsers/assistants into automating scams (“Scamlexity”); organizations are also warned about invisible shadow AI agents and urged to adopt controls — governance guidance was discussed in Black Hat’s CISO series – PromptFix, Shadow AI Webinar, Black Hat CISO Series

APTs & Targeted Malware

A new GodRAT campaign targeting trading firms uses steganography and Gh0st RAT code (linked to Winnti/APT41), while North Korean actors reused GitHub and cloud platforms to spear-phish diplomatic missions using tools like MoonPeak and Xeno RAT—monitor for these IOCs – GodRAT, North Korea / GitHub Attacks

Supply Chain & Privacy Concerns

Citizen Lab found multiple popular VPN apps share hidden ownership and insecure practices risking user privacy, and PyPI implemented protections to block domain-resurrection hijacks that threaten package supply chains—review VPN trust and package governance policies – VPN Ownership Report, PyPI Protections

Detection, Email Security & Observability

Experts urge an EDR-like evolution for email security to add layered resilience and post-breach controls against threats like BEC, while Okta open-sourced Auth0 Sigma rules to improve detection of account takeover and misconfiguration—integrate these into SIEM/SOAR playbooks – Email EDR, Okta Auth0 Rules

Resilience & Industry Moves

Seemplicity raised $50 million to expand its AI-driven exposure management platform, while guidance on turning BIA insights into resilient BCDR practices emphasizes automated backups, testing and ransomware detection for faster recovery – Seemplicity Funding, BIA to Resilience

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print