🚨Week 33: Microsoft Fixes 100 CVEs in August, Cisco Warns of Max-Severity Flaw, Plex Warns Users, Russia Restricts WhatsApp & Telegram Calls, Extortion Demand to Google and more.

August 2025 Patch Tuesday

Microsoft shipped 111 security updates this month, including 13 critical vulnerabilities and a zero-day flaw in Kerberos (CVE-2025-53779). While no active exploitation is reported, several issues are high-risk and demand immediate attention.

Key Points

• Zero-Day – Kerberos EoP (CVE-2025-53779): A privilege escalation bug in Windows Server 2025 tied to delegated Managed Service Accounts (dMSA). Though difficult to exploit, if chained with other vulnerabilities it could allow full domain compromise.

• Windows Graphics RCE (CVE-2025-50165, CVSS 9.8): A pre-authentication remote code execution flaw triggered via a malicious JPEG image. Exploits could run with SYSTEM privileges, making it a priority patch.

• Windows GDI+ RCE (CVE-2025-53766): A buffer overflow in the metafile parser, exploitable with no user interaction. Broad attack surface as many apps render WMF graphics.

• Attack Surface: Updates span Windows OS, Azure services, Microsoft 365 Copilot, SQL Server, graphics subsystems, and network components.

• Lifecycle Note: Non-LTSC Windows 10 support ends October 2025, meaning future vulnerabilities will go unpatched.

Next Steps

• Patch immediately: Focus on Kerberos, Graphics, and GDI+ vulnerabilities.

• Prioritize high-risk systems: Windows Server 2025 and Windows 11 24H2.

• Mitigate exposure: Review systems handling image files and graphics rendering, which are prime exploit paths.

• Plan migrations: Begin moving off Windows 10 non-LTSC before October to avoid unsupported environments.

💻 Malware and Vulnerabilities

Plex urges urgent patch for undisclosed server flaw: Plex has warned users running versions 1.41.7.x to 1.42.0.x of Plex Media Server to update immediately after patching a newly found vulnerability. The company has not yet assigned a CVE or disclosed technical specifics but emphasized that users should install version 1.42.1.10060 to prevent potential exploits. Link

Cisco warns of CVSS 10 flaw in Firewall Management Center: Cisco disclosed CVE-2025-20265, a maximum-severity (CVSS 10.0) vulnerability in its Secure Firewall Management Center. The flaw lies in RADIUS authentication and could let attackers execute privileged commands remotely. Patches are available, and disabling RADIUS is recommended if updates cannot be applied immediately. Link

Microsoft fixes 100+ vulnerabilities in August Patch Tuesday: Microsoft released updates for over 100 flaws, including a publicly disclosed SQL Server zero-day. The patches span multiple products and carry critical severity ratings. Users are advised to update quickly to avoid potential exploitation. Link

📈 Breaches and Incidents

Manpower discloses data breach: Staffing giant Manpower confirmed a data breach but withheld details on the scale and nature of compromised information. Investigations remain ongoing. Link

Norway blames Russia for dam sabotage: Norway’s intelligence chief accused Russian-linked hackers of orchestrating the April 2025 sabotage of a hydropower dam, intensifying geopolitical tensions over energy infrastructure. Link

Connex Credit Union breach impacts 172,000: Connex Credit Union reported a breach affecting 172,000 members. Exposed data includes sensitive personal and financial information, though technical details remain undisclosed. Link

UK House of Commons data breach fallout: The UK Parliament confirmed a cyber incident impacting the House of Commons, leading to heightened scrutiny of political cybersecurity. Link

Italian hotel guest IDs leaked online: Hackers leaked over 90,000 ID documents; including passports; belonging to Italian hotel guests, now circulating on underground forums. Link

Afghan refugee data exposed in second breach: A second major data breach tied to Afghan refugees in the UK has surfaced, sparking fresh concerns over the safety of vulnerable populations. Link

🚨 Threat Intel & Info Sharing

Rapid7 unpacks August Patch Tuesday: Rapid7’s security blog provides detailed analysis of Microsoft’s August Patch Tuesday, covering a zero-day and dozens of critical flaws, with remediation advice. Link

Blue Locker ransomware targets Pakistan energy sector: Researchers reported “Blue Locker,” a new ransomware strain attacking Pakistan’s oil and gas companies. The campaign highlights rising regional threats against critical energy infrastructure. Link

Stolen government emails sold for $40: Active police and government email accounts are being sold on the dark web for as little as $40, enabling phishing, impersonation, and fraud schemes. Link

ShinyHunters extorts Google: Cybercrime group ShinyHunters reportedly demanded ransom from Google while boasting it had evaded NSA detection tools. The claims remain unverified. Link

SBI fraud via call-centre data leak: Police in Gurugram, India arrested 18 suspects after a ₹2.6 crore fraud exploiting stolen SBI credit card customer data from call-centres. Link

Kaspersky midyear report: phishing surges: Kaspersky’s Securelist mid-2025 report highlights rising phishing and scam activity, with increasingly sophisticated techniques fueling global cybercrime. Link

UK visa-sponsorship phishing campaign: A phishing scheme targeting the UK Home Office’s visa sponsorship system has been uncovered, with fraudsters impersonating officials to steal applicant data. Link

Fake Minecraft installer spreads malware: A malicious installer posing as Minecraft was spotted delivering information-stealing malware, with children and gamers among primary targets. Link

Turkish crypto exchange compromise: A Turkish cryptocurrency exchange suffered a breach, resulting in data exposure and potential financial theft affecting thousands of users. Link

Cyber risks top three in manufacturing: A new industry report identifies cybersecurity as one of the three biggest risks facing manufacturers, alongside operational disruptions and supply chain threats. Link

Severe cyber events could cost $300B globally: Analysts warn that a major cyber incident could inflict as much as $300 billion in losses worldwide, underscoring systemic vulnerabilities. Link

⚖️ Laws, Policies and Regulations

TRM coalition freezes $250M in illicit crypto: TRM Labs’ T3 Financial Crime Unit has launched the “T3+” program to expand global collaboration against crypto-related crime. Since September 2024, the coalition, joined by Binance, has frozen over $250 million in criminal assets. Link

Russia restricts WhatsApp and Telegram calls: Russia’s telecom watchdog Roskomnadzor restricted voice calls on WhatsApp and Telegram, citing security risks tied to criminal and terrorist use. Critics say the move curtails free communication and raises censorship concerns. Link

NIST proposes AI-specific cybersecurity framework: NIST has published a concept paper on a cybersecurity framework for AI systems, aiming to address AI-specific risks and enhance trustworthiness in deployment. Link

White House cyber director unveils ITI reforms: The U.S. National Cyber Director released recommendations for reforming the Information Technology Industry (ITI), targeting national resilience and stronger cyber defense coordination. Link

⚖️ Cybersecurity Start Ups and VCs

1Kosmos Raises $57M to Expand Passwordless Security: Cybersecurity startup 1Kosmos secured $57M in a Series B round led by Forgepoint Capital and Oquirrh Ventures, plus a $10M credit line from Bridge Bank. Founded in 2018, the company provides blockchain-based, passwordless authentication to prevent account takeover and identity fraud. Funds will support R&D, adding AI capabilities, go-to-market initiatives, and talent acquisition, focusing on North America, Asia-Pacific, the Middle East, and India. 1Kosmos has tripled its business for two consecutive years and aims to continue this rapid growth.

📊 Trends, Reports, Analysis

Trend Micro reports that Crypto24 ransomware uses legitimate admin tools (PSExec, AnyDesk, gpscript.exe) alongside custom malware to bypass endpoint detection, steal credentials, exfiltrate data, and deploy ransomware stealthily. Attacks target large enterprises across finance, tech, manufacturing, and entertainment globally, often during off-hours.

Key Risks

• EDR Bypass: Custom RealBlindingEDR disables endpoint protection.

• Credential Theft & Data Exfiltration: Keyloggers and lateral movement exploit privileged accounts.

• High Stealth: Attacks evade traditional detection without layered defenses.

Recommended Actions

• Enforce least-privilege access and monitor scheduled tasks/services.

• Enable endpoint self-protection to block tampering.

• Strengthen network monitoring and layered defenses.

• Accelerate incident response and threat hunting.

Link: Trend Micro Report

📅 Upcoming Events

Virtual Event: Generative AI & Cybersecurity: Risks and Opportunities

Generative AI is reshaping the cybersecurity landscape, empowering Security Operations Centers (SOCs) with intelligent automation, predictive analytics, and faster incident response. However, with this innovation comes a new class of threats: AI-generated phishing campaigns, polymorphic malware, and code exploits crafted by LLMs.

Register your interest to join here.

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.