Microsoft's August 2025 Patch Tuesday addresses 111 vulnerabilities, with 44 elevation-of-privilege (EoP) flaws that let attackers escalate from initial access to full system control. The update marks the second consecutive month with no actively exploited bugs.

Key concerns include a maximum-severity Azure OpenAI vulnerability (already mitigated by Microsoft), the publicly known "BadSuccessor" Windows Kerberos flaw, and four critical SQL Server bugs enabling injection attacks. The patch also fixes 34 remote code execution vulnerabilities and 16 information disclosure issues.

Security researchers highlight two near-maximum severity flaws: CVE-2025-50165 in Windows Graphics and CVE-2025-53766 in GDI+, both exploitable without user interaction. Organizations should prioritize patching SharePoint, SQL Server, and graphics-related vulnerabilities immediately.

Source: Dark Reading

Google confirmed a major data breach on August 5, 2025, after cybercriminal group ShinyHunters compromised its corporate Salesforce database in June. The attackers used sophisticated voice phishing, impersonating IT support to trick Google employees into granting system access through a malicious Data Loader app.

The breach exposed contact information for small and medium businesses, with ShinyHunters claiming to have stolen 2.55 million records. Google completed email notifications to all affected users by August 8, emphasizing that payment data and advertising products remained secure.

ShinyHunters demanded 20 Bitcoins ($2.3 million) from Google, though they later claimed this was done "for the lulz." The group has targeted major companies including Cisco, Qantas, and LVMH brands throughout 2025, typically using delayed extortion tactics.

Source: Cybersecurity News

The Jersey Cyber Security Centre is warning local businesses about a dangerous new cyberattack called 'ToolShell' that exploits vulnerabilities in Microsoft SharePoint software. The attack has hit organizations worldwide, with 31% of successful breaches occurring in the US, followed by Mauritius, Germany, and France.

Five Jersey organizations were identified as highly vulnerable and took immediate action, including shutting down critical systems. The attack combines two security flaws to steal data, damage systems, and enable ransomware attacks.

JCSC director Matt Palmer stressed that outdated software creates serious risks, as Microsoft's patches don't work on older, unsupported systems. The centre recommends organizations install security updates within 14 days and isolate any systems that can't be patched.

Source: Jersey Evening Post

Air France and KLM disclosed yesterday that hackers breached their customer service platform, stealing personal data including names, email addresses, phone numbers, and rewards program details. The airlines quickly cut off the attackers' access and stressed that sensitive information like passwords, credit card details, and passport data remained secure.

Both airlines reported the incident to their respective data protection authorities and are notifying affected customers. Security experts suspect the breach may be linked to the ShinyHunters group, which has targeted Salesforce platforms to attack major brands like Chanel and Dior. The incident highlights how cybercriminals increasingly focus on software-as-a-service platforms that store vast amounts of customer data.

Source: Dark Reading

Columbia University revealed that hackers breached its network on May 16, stealing personal data from nearly 870,000 current and former students, applicants, and employees. The stolen information includes names, Social Security numbers, birth dates, contact details, academic records, and financial aid information.

The university discovered the breach after experiencing a technical outage on June 24. Working with cybersecurity experts, they found that an unauthorized actor had accessed their systems and stolen 460GB of data.

While there's no evidence the stolen data has been misused yet, Columbia isn't ruling out future misuse. The university is offering two years of free credit monitoring through Kroll and urging affected individuals to monitor their accounts for suspicious activity.

Source: Dark Reading

Bouygues Telecom, one of France's largest telecommunications companies, discovered a cyberattack on August 4 that compromised personal information of 6.4 million customers. Hackers accessed contact details, contract data, and bank account numbers for both individual and business customers.

The company assured customers that passwords and payment card information weren't compromised. Affected customers are being notified by email and text, with warnings to watch for fraudulent communications.

This follows another recent attack on French telecom Orange in July, highlighting the sector's vulnerability to cybercriminals.

Source: SecurityWeek

OPSWAT's 2025 Threat Report reveals a staggering 127% increase in malware complexity over six months, with legacy security systems missing one in every 14 threats. The analysis of 890,000 sandbox scans shows attackers are using multi-stage execution chains and hiding payloads in benign formats like .NET Bitmaps and Google services.

Critical infrastructure sectors including manufacturing, energy, and utilities face the heaviest targeting. New techniques like ClickFix clipboard attacks are spreading among criminal and nation-state actors. The report warns that signature-based defenses can't handle today's evasive, behavior-driven malware, urging organizations to adopt dynamic, behavioral detection systems.

Source: Industrial Cyber

Luxury fashion house Chanel notified customers of a data breach discovered July 25, affecting a subset of US client care contacts. Hackers accessed names, email addresses, mailing addresses, and phone numbers through a compromised third-party Salesforce provider.

The breach is part of a larger wave targeting Salesforce customers since March, using voice phishing tactics to trick employees into authorizing malicious apps. Other luxury brands hit include Adidas, Dior, and Tiffany & Co.

Threat actors identifying as ShinyHunters typically follow up with extortion demands, giving victims 72 hours to pay Bitcoin ransoms or face data publication on underground forums.

Source: Dark Reading

SonicWall has confirmed that recent ransomware attacks targeting its SSL VPN products weren't caused by a new zero-day vulnerability, but rather were the result of attackers exploiting the previously patched CVE-2024-40766 flaw. The attacks affected fewer than 40 customers and appear linked to legacy credentials left over during migrations from Generation 6 to Generation 7 firewalls.

Attackers exploited outdated or weak credentials that weren't updated during hardware upgrades. SonicWall is urging customers to immediately change their credentials and upgrade to SonicOS 7.3.0, which includes enhanced multi-factor authentication, login attempt lockouts, and stronger password policies to prevent future attacks.

Source: Cyber Security News

Darktrace's latest research reveals cybercriminals are increasingly using artificial intelligence to scale and sharpen their attacks. The company detected over 12.6 million malicious emails between January and May 2025, with threat actors leveraging AI-powered tools like large language models to create convincing phishing campaigns at unprecedented speed.

Advanced persistent threat groups, ransomware-as-a-service operations, and malware distributors are all adopting AI technology. Notable threats include the LameHug malware powered by open-source AI and sophisticated ClickFix social engineering campaigns. Chinese-linked actors exploited critical vulnerabilities in government infrastructure weeks before public disclosure, highlighting the evolving threat landscape that traditional security tools struggle to counter.

Source: Industrial Cyber