August 9, 2025

Hello all,

Hacker Summer Camp in Las Vegas has now concluded. There were quite a few new vulnerabilities and security gaps revealed, along with a nice quantity of new and interesting products. Expect that the next couple of weeks will have an increased amount warnings and patches as products and services announce what was fixed, and address some that were still exposed at the time of the reveals.

I was personally blessed to see the vendor showcase at Blackhat, and to attend Defcon. The most common word at the first was AI – in everything. It was actually more prevalent than the word Security. It will be interesting to see which vendors are still around next year as agentic AI comes into its own and security vendors finally start to figure out how to manage it and finally make serious dents in the threat actors’ weapons and tactics. At Defcon, the operative word, in my opinion, was curiosity. The myriad of talks, demonstrations, educational sessions, and competitive events showcased that the most important quality in a security-minded person is being curious. Curious how something works, how to make it do something different, how to make something to solve an issue that was observed, and simply curious to learn something new. It was a cornucopia of talent and creativity. I could go on, but I need to get to news items from the prior week.

Headline NEWS:

• Adobe had to issue an emergency patch for their AEM forms due to a zero-day defect that now has proof-of-concept (PoC) code available in the wild. Patch soon.
• Blackhat and Defcon, as mentioned a moment ago, took place in Las Vegas this past week and weekend. There are several linked articles that do a good job of describing the events and some of the goings on. And while not reported on in our links, BSidesLV also took place at the same time, providing excellent additional security related content to attendees.
• Google confirmed a data breach where information was exfiltrated. They are currently downplaying it, saying that most of the information was already publicly available. However, despite it being out there, the ability to correlate it to the Google infrastructure helps threat actors paint a better picture for their evil agentic AI’s “customer” relationship management systems (CRMs). I expect that we’ll hear more about this sometime soon.
• Microsoft hybrid Exchange Servers have a new vulnerability that is rated as a high-severity defect. There are over 28,000 servers exposed to the Internet that may be vulnerable to this defect. I personally don’t feel that it is a pants-on-fire issue since you need administrative permission to perform the exploit, but if chained with other recent CVE’s, this has the potential to be quite the defection storm. So patching is prudent.
• Squid Proxy has a critical Remote Code Execution (RCE) defect. If you use this in your environment, patch quickly to avoid becoming sushi.
• Trend Micro Apex One on-premise is under active exploitation due to a critical defect. If you use this product, patch immediately.

In Ransomware, Malware, and Vulnerabilities News:

• SonicWall Gen 7 Firewalls were suspected of having a zero day. Late last week Arctic Wolf, Blackpoint, Huntress and others, detected escalating successful ransomware attacks against fully patched Gen 7 SonicWall firewalls, implicating the SSL-VPN. After several days of puckered cheeks, and admins globally turning off, or severely limiting, SSL-VPNs on their devices, it was found that this was not a new defect. Instead, the issue stemmed from clients having improperly updated their SonicWalls to newer firmware versions, which resulted in insecure configurations and credentials being retained, allowing threat actors to infiltrate and quickly pivot to ransomware. Nevertheless, the damage was done, with many admins vowing to never use SonicWall SSL-VPN again, moving to other solutions.

In Other News Events of Note and Interest:

• AOL will end dial-up internet services. I didn’t even realize that this was a thing! I think that I still have a few AOL 3 ½ floppy discs advertising their service floating around my archives. In the late Jurassic period of the internet, or at least what now feels like it, we would turn on our computers, go make a cup of coffee while it booted up, open the AOL application, and then begin the war-dialing hunt for a modem connection that didn’t generate a busy-signal noise. If we were blessed to live in an area that had a handful of phone numbers, we would be rewarded with the warbling sounds of our modem negotiating up to a whopping maximum speed of 56.6k per second! Yep, the good ole days half a megabyte. Now we expect instant on, with internet speeds thousands of times faster than a dial-up modem could ever have even dreamed of seeing. It’s good to look back occasionally to see where we’ve come from, to hopefully make us a bit more patient, and a lot more grateful for the modern marvels that we use daily that we take for granted. Thank you AOL, I wish you well.

Musings:

As I transition back into the world of my ordinary day-to-day, being away and interacting with quite a few noobs – individuals that are new to the industry or to the disciplines of Cyber Security – has served as a nice reset for me. It reinforced that I need to be more patient and willing to educate. I have decades of technology experience and background that provide me with great context for many concepts that noobs rarely encounter anymore. It is not just my honor, it is my responsibility to mentor the up-and-coming generation of gurus and gray-beards so that they can excel. Everyone is on a journey, and it is a privilege to help others move forward, to overcome hurdles, and hopefully even surpass me as they run this marathon named life. We are all a work-in-progress. And if I’ve taken anything away from Blackhat and Defcon, it is that we are exponentially more effective together than we are individually.

So, Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Adobe issues emergency fixes for AEM Forms zero-days after PoCs released
• Black Hat, DEF CON major cybersecurity events at Las Vegas
• Google Confirms Data Breach: User Information Stolen
• Microsoft warns of high-severity flaw in hybrid Exchange deployments
• 28,000 Microsoft Exchange Servers Vulnerable to CVE-2025-53786 Exposed Online
• Critical Squid Proxy Flaw Allows Remote Code Execution by Attackers
• Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems 

Ransomware, Malware, and Vulnerabilities News

• CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence
• Senators ask US to probe data security issues with DeepSeek
• Ex-White House cyber guru talks Microsoft security fails
• 39-year-old Nigerian extradited to US from France over alleged hacking
• Man who ‘hacked’ Scottish computers charged in Switzerland
• WhatsApp Takes Down 6.8 Million Accounts Linked to Criminal Scam Centers
• Average global data breach cost now $4.44 million, Average US cost a record $10.22 million
• The Heat Wasn’t Just Outside: Cyber Attacks Spiked in Summer 2025
• Critical Alert: Akira Ransomware Surge Targets SonicWall Firewalls
• Gen 7 SonicWall Firewalls – SSLVPN Recent Threat Activity
• SonicWall Confirms Patched Vulnerability Behind Recent VPN Attacks, Not a Zero-Day
• Critical HashiCorp Vulnerability Execute Arbitrary Code on Underlying Host
• Critical Zero-Days Crack Open CyberArk Password Vaults
• Cyber Apocalypse Now: Black Hat 2025’s Most Terrifying Hacks and Security Breaches
• DEF CON hackers plug security holes in US water systems
• WinRAR zero-day exploited to plant malware on archive extraction
• When Good Accounts Go Bad: Exploiting Delegated Managed Service Accounts in Active Directory
• New Active Directory Lateral Movement Techniques that Bypasses Authentication and Exfiltrate Data
• Windows User Account Control Bypassed Using Character Editor to Escalate Privileges
• BitUnlocker – Multiple 0-days to Bypass BitLocker and Extract All Protected Data
• German researchers show ‘Windows Hell No’ flaw at Black Hat
• Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft
• Nvidia Releases Update for ‘Critical’ Vulnerabilities in Triton
• Cursor AI Code Editor Vulnerability Enables RCE via Malicious MCP File Swaps Post Approval
• Weaponized AI is making hackers faster, more aggressive, and more successful
• The top hacker on the leaderboard isn’t human
• Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools
• Microsoft’s new AI reverse-engineers malware autonomously, marking a shift in cybersecurity
• In first, Israeli cybersecurity firm exposes ChatGPT vulnerability
• Millions of Dell PCs with Broadcom chips open to attack
• 15,000 Jenkins Servers at Risk from RCE Vulnerability
• HTTP/1.1 Vulnerability Could Let Attackers Hijack Millions of Sites
• FUJIFILM Printer Flaw Allows Attackers to Trigger DoS Attacks
• QR codes are being weaponized in new quishing attacks, and most people don’t realize
• ClickFix Malware Campaign Exploits CAPTCHAs to Spread Cross-Platform Infections
• Lazarus Hackers Trick Users Into Believing Their Camera or Microphone is Blocked to Deliver PyLangGhost RAT
• Mustang Panda Attacking Windows Users With ToneShell Malware Mimic as Google Chrome
• Malicious Go, npm Packages Deliver Cross-Platform Malware, Trigger Remote Data Wipes
• New Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operations
• Hacker used a voice phishing attack to steal Cisco customers’ personal information
• Here’s how deepfake vishing attacks work, and why they can be hard to detect
• Hackers Uses Social Engineering Attack to Gain Remote Access in 300 Seconds
• Hackers are cracking mobile browsers to bypass security
• Hackers Went Looking for a Backdoor in High-Security Safes—and Now Can Open Them in Seconds
• Hackers are stealing Microsoft 365 accounts by abusing link-wrapping services
• Hackers strike US court system: Identities of informants compromised in wide hacking attack
• Federal courts step up security following major hack of electronic filing system
• WAFs protection Bypassed to Execute XSS Payloads Using JS Injection with Parameter Pollution
• Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands
• This Scary EV Charger Hack Could Burn Down Your House
• Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks
• Russian, Chinese coders secretly insert malicious code in open-source software, says new report
• Critical Android System Component Vulnerability Let Attackers Execute Remote Code without User Interaction
• US Adopts Submarine Cable Rules to Address China Security Risk
• Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind Security Risks
• Researchers uncover RCE attack chains in popular enterprise credential vaults
• UK warning – Schools and hospitals ‘very likely’ to be hacked
• Fort Smith district combats cyber breach ahead of Aug. 13 school start
• AI models can orchestrate sophisticated cyberattacks without human help, study finds
• Nearly half of all code generated by AI found to contain security flaws – even big LLMs affected
• Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise
• Ohio sets new cybersecurity rules for local governments, including public approval of ransomware payments
• Google says hackers stole its customers’ data by breaching its Salesforce database
• Tea Data Breach Shows Why You Should Be Wary of New Apps
• TeaOnHer, a rival Tea app for men, is leaking users’ personal data and driver’s licenses
• Confidential informants exposed in Louisiana sheriff’s office hack
• Allianz Life cyberattack gets worse as company confirms Social Security numbers stolen
• CTM360 spots Malicious ‘ClickTok’ Campaign Targeting TikTok Shop users
• Mozilla warns of phishing attacks targeting add-on developers
• Wave of 150 crypto-draining extensions hits Firefox add-on store
• Sonatype Uncovers Global Espionage Campaign in Open Source Ecosystems
• INTERVIEW: Nigerian Who Worked for Chinese Cybercrime Ring in Lagos Talks Systemic Fraud, EFCC’s Complicity
• Vietnamese Hackers Use PXA Stealer, Hit 4,000 IPs and Steal 200,000 Passwords Globally
• Fashion giant Chanel hit in wave of Salesforce data theft attacks
• Paul, amid cyberattack, warns residents of fraudulent invoices claiming to be city
• North Korean IT worker infiltrations exploded 220% over the past 12 months, with gen AI weaponized at every stage of the hiring process
• North Korea Hiding Malware Within JPEG Files to Attack Windows Systems Bypassing Detections
• Raspberry Robin Malware Attacking Windows Systems With New Exploit for CLFS Driver Vulnerability
• Lazarus Group rises again, this time with fake FOSS
• SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others
• New EDR killer tool used by eight different ransomware groups
• MA 911 dispatch apparent cyberattack
• PBS confirms data breach after employee info leaked on Discord servers
• Dialysis firm DaVita notifies 915K people of data breach that compromised SSNs and medical info
• Over 900,000 hit in massive healthcare data breach — names, addresses and Social Security numbers exposed online
• Air France and KLM disclose data breaches impacting customers
• Columbia University 2025 Data Breach Exposes Student Financial Records
• Dutch Caribbean islands respond to cyberattacks on courts, tax departments
• Spartanburg County, SC hit by cyberattack, some online services disrupted
• Data breach at French telecom giant Bouygues affects millions of customers
• Cisco Hacked – Attackers Stolen Profile Details of users Registered on Cisco.com
• Pandora confirms data breach amid ongoing Salesforce data theft attacks
• Northwest Radiologists data breach hits 350,000 in Washington
• Ransomware Attack on Highlands Oncology Exposes Data of Over 113,000 Patients
• Royal and BlackSuit ransomware gangs hit over 450 US companies
• Help Desk at Risk: Scattered Spider Shines Light on Overlook Threat Vector
• Ransomware gangs join attacks targeting Microsoft SharePoint servers
• Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
• Akira and Lynx Ransomware Attacking Managed Service Providers With Stolen Login Credential and Vulnerabilities
• Storm-2603 Using Custom Malware That Leverages BYOVD to Tamper with Endpoint Protections
• VexTrio Cybercrime Gang Run by Legit Ad Tech Firms 

Other News Events of Note and Interest

• Cool Tool: BloodHound 8.0 debuts with major upgrades in attack path management
• CISA & FEMA Prepare $100M+ in Cybersecurity Grants
• AOL will end dial-up internet service in September, 34 years after it’s debut
• Senators are trying to force ISPs to block all foreign pirate sites
• Jeff Moss on DEF CON and its shadow power
• Black Hat’s network ops center brings rivals together
• ConnectWise Retiring IT Nation Secure, Folds Cybersecurity Content Into Flagship Connect Conferences
• Open-source password recovery utility Hashcat 7.0.0 released
• Proxmox Backup Server 4.0 Released with Debian 13 Base
• AI industry horrified to face largest copyright class action ever certified
• AI Designs Computer Chips We Can’t Understand — But They Work Really Well
• AI referrals to top websites were up 357% year-over-year in June, reaching 1.13B
• Elon Musk says X plans to introduce ads in Grok’s responses
• Experts Warn That AI Is Getting Control of Nuclear Weapons
• Delta Air assures US lawmakers it will not personalize fares using AI
• ‘Don’t Trap Yourself:’ Broadcom’s Latest VMware Move
• Comcast is Shutting Down Its Email Service & Moving Customer Email Accounts to Yahoo Mail
• Cloudflare says Perplexity’s AI bots are ‘stealth crawling’ blocked sites
• Cloudflare Delists And Blocks Perplexity From Crawling Websites
• Perplexity Says Cloudflare Is Blocking Legitimate AI Assistants
• No more slip-ups: Teams will now ask you to hide sensitive info during screen sharing
• Download Windows 10 ISO files, save a copy before end of support
• Windows 10 extended security updates now require a Microsoft account
• Windows 11 25H2 quietly changes how desktop shortcuts work
• Windows 11’s New Mouse Options, Updated Settings App, and More
• Windows 11’s built-in Copilot Vision that can see your screen now works for free everywhere
• Microsoft lists reasons why your PC is blocking Windows 10 upgrades to Windows 11
• How to set up Windows 11 with a local account
• Microsoft Is Giving up on Windows 11 SE
• Microsoft increases Zero Day Quest prize pool to $5 million
• Microsoft has teased the future of Windows as an agentic OS
• Microsoft 365 will block the FPRPC protocol starting this month
• Available August 7: GPT-5 in Microsoft 365 Copilot
• Edge 139 is out with big performance boost, password improvements, and more