Major Incidents or Breaches

  • The Office of the Pennsylvania Attorney General experienced a cyberattack that disrupted email, phone systems, and their website.
  • Manpower disclosed a data breach affecting 140,000 individuals after the RansomHub ransomware group stole sensitive information in January.
  • US investigators confirmed that Russian hackers breached the US court electronic filing system, accessing court records and sealed filings.
  • Norwegian police attributed suspected sabotage at a dam to pro-Russian hackers, who accessed and manipulated a remote valve control system.

Newly Discovered Vulnerabilities

  • Fortinet disclosed a critical pre-authentication remote code execution vulnerability (CVE-2025-25256) in FortiSIEM, with exploit code observed in the wild. A surge in brute-force attacks against Fortinet SSL VPNs and FortiManager was also reported.
  • CISA added two N-able N-central vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation.
  • Zoom and Xerox released critical security updates addressing privilege escalation and remote code execution flaws in Zoom Clients for Windows and FreeFlow Core, respectively.
  • Microsoft’s August 2025 Patch Tuesday addressed 111 vulnerabilities, including a publicly known Kerberos zero-day and multiple high-severity flaws.
  • Intel, AMD, and Nvidia published advisories for numerous vulnerabilities in their products as part of their coordinated Patch Tuesday releases.
  • A new downgrade attack was demonstrated against Microsoft Entra ID, enabling bypass of FIDO authentication by coercing users into weaker authentication methods.
  • A critical vulnerability (CVSS 10) in an Erlang-based OT platform was observed being actively exploited to target operational technology networks.

Notable Threat Actor Activity

  • North Korean threat actors deployed a variety of malware, including stealers, backdoors, and ransomware, against South Korean targets in a multi-pronged campaign.
  • Pro-Russian hackers were linked to both the sabotage of a Norwegian dam and the breach of the US court system.
  • A significant increase in brute-force attacks targeting Fortinet SSL VPN appliances was observed, raising concerns of potential zero-day exploitation.

Trends, Tools, or Tactics of Interest

  • Phishing and scam campaigns are increasingly leveraging AI, deepfakes, Telegram, Google Translate, and Blob URLs, with new methods targeting biometric data.
  • A new malvertising campaign is distributing the modular PS1Bot malware, which uses multi-stage in-memory attack techniques.
  • Persistent exploitation of older vulnerabilities, such as CVE-2017-11882, continues to be reported.
  • AI-based tools are gaining traction in penetration testing, with an automated pen tester becoming a top bug hunter on HackerOne.
  • Open source AI models are reportedly less effective in vulnerability research compared to commercial and underground models.
  • Data brokers are facing scrutiny for hiding privacy opt-out tools from search engines, with regulatory pressure increasing for transparency.
  • Reports highlight the continued presence of the XZ Utils backdoor in legacy Docker images, though the risk of exploitation is considered low.

Regulatory or Policy Developments Affecting the Security Industry

  • CISA and partners released new asset inventory guidance aimed at improving operational technology (OT) security practices.
  • Increased policy attention in the US on data broker practices, with calls for improved visibility and accessibility of consumer privacy controls.
  • Microsoft announced the removal of PowerShell 2.0 from Windows 11 and Windows Server starting August 2025, following its long-standing deprecation.