Cybersecurity Newsfeed

📅 13/08/25

🛡️ Vulnerabilities

• SAP August 2025 Patch Tuesday fixes 26 flaws, including CVE-2025-42957/42950 (CVSS 9.9) RCE in S/4HANA More info
• 35 Docker Hub images, including Debian, still contain XZ Utils backdoor CVE-2024-3094 More info
• CISA adds CVE-2013-3893, CVE-2007-0671, CVE-2025-8088 to KEV catalog of exploited vulnerabilities More info
• Citrix NetScaler CVE-2025-6543 exploited to breach critical orgs; NCSC issues detection script More info
• Microsoft August 2025 Patch Tuesday fixes 107 flaws, incl. zero-day CVE-2025-53779 Kerberos EoP More info
• “Sleepwalk” side-channel attack extracts cryptographic keys via CPU context switch power spikes More info

🎯 Adversaries

• Muddled Libra (Scattered Spider) operates as fluid network of personas across diverse cybercrimes More info
• New ransomware “Charon” targets Middle East public sector, aviation using APT-like tradecraft More info

📈 Trends

• Fortinet SSL VPN brute-force attacks spike; pivot from FortiOS to FortiManager after Aug 5 More info
• ShinyHunters-SC Spider collaboration suspected as Salesforce campaign targets financial services More info

📁 Breaches & Leaks

• ShinyHunters leaks 2.8M Allianz Life records stolen in Salesforce OAuth app campaign More info
• C/side report warns of mobile browser PWA-based credential theft via malicious service workers More info

🗃️ Hunting

• Cisco Talos tracks “PS1Bot” modular PowerShell/C# info-stealer malware campaign More info

⬅ Back to Archive