🕵🏻‍♂️ [InfoSec MASHUP] 32/2025

For a broader pulse on the cybersecurity landscape, we’re proud to spotlight our colleagues at Stack Report this issue.

Stay up to date with the Stack Report. News and insights for IT and cybersecurity professionals straight to your inbox every Tuesday & Thursday. Subscribe here!

🔓 BREACHES & SECURITY INCIDENTS

🇫🇷 Bouygues Telecom has confirmed a data breach affecting 6.4 million customers. The cyberattack exposed personal information, including contact details and bank account numbers. Bouygues has reported the incident to France's data protection agency, CNIL.

🇫🇷 🇳🇱 Air France and KLM reported a data breach affecting an unknown number of customers, where attackers accessed a customer service platform. The airlines confirmed that personal and financial information was not compromised and have notified affected individuals. They have taken steps to prevent future breaches and reported the incident to the relevant authorities.

🇳🇱 🇷🇺 Dutch prosecutors are restoring their networks after a cyberattack linked to Russian hackers. They confirmed that no data was stolen, but the attack exploited a vulnerability in Citrix devices. This incident follows the Netherlands' strong support for Ukraine amid ongoing tensions with Russia.

🇩🇰 Pandora has confirmed a data breach where customer names, birthdates, and email addresses were stolen due to ongoing attacks targeting Salesforce databases. The company has enhanced its security measures and reassured customers that no passwords or financial information were compromised. Many other companies, including Adidas and Qantas, have also been affected by similar attacks.

🇺🇸 PBS confirmed a data breach that exposed the contact information of nearly 4,000 employees. The information was leaked on Discord servers, primarily among fans of "PBS Kids". While the sharing seems to stem from curiosity rather than malicious intent, there are concerns about potential misuse of the data.

🇺🇸 Cisco reported a data breach affecting user accounts on Cisco.com due to a voice phishing attack that compromised a company representative. Cybercriminals accessed a third-party CRM system and stole basic profile information like names, email addresses, and phone numbers, but no sensitive data or passwords were taken. Cisco is enhancing security measures and investigating the incident while notifying affected users as required by law.

🇹🇭 🏥 Yummy — A private hospital in Thailand was fined 1.2 million baht for using patient records as snack bags. The data protection authority found the hospital's paper files repurposed for crispy crepe pouches. This case was one of five major data law violations announced by the Personal Data Protection Committee.

🇺🇸 👗 Chanel has experienced a data breach due to ongoing Salesforce data theft attacks, affecting only U.S. customers. Personal information, including names and contact details, was accessed from a third-party database. Salesforce stated that its platform was not compromised, but customers need to improve their security practices to prevent such attacks.

🇺🇸 Northwest Radiologists in Bellingham, Washington, reported a data breach affecting about 350,000 residents. Personal information, including names, Social Security numbers, and health details, was compromised between January 20 and January 25, 2025. The organization is now offering free credit monitoring and has improved its security measures.

→ More breaches:

• Columbia University data breach impacts nearly 870,000 individuals

• Over 1 Million Impacted by DaVita Data Breach

• U.S. Judiciary confirms breach of court electronic records service

🔗 Partners and Affiliates

🔐 NordVPN Threat Protection Pro™ Campaign (July 2 - August 13)

With its user-friendly interface, robust security features, and commitment to privacy, NordVPN continues to be a popular choice for individuals seeking online protection and unrestricted internet access.

Special Offer: get up to 73% off with a 2-year plan!

🥷🏻 CYBERCRIME, CYBER ESPIONAGE, APT’s

💸 ⚖️ The founders of the Samourai Wallet cryptocurrency mixer, Keonne Rodriguez and William Lonergan Hill, pleaded guilty to laundering over $200 million for criminals. They face up to five years in prison and have agreed to forfeit over $237 million. Their service helped users conduct anonymous transactions, facilitating illegal activities such as drug trafficking and fraud.

💬 ❌ WhatsApp has removed 6.8 million accounts linked to criminal scams in an effort to combat online fraud. Meta, WhatsApp's parent company, is introducing new tools to help users identify scams, such as alerts for unfamiliar group additions. Scammers are using various platforms to target victims and steal personal information or money.

🗣️ A group called UNC6040 is using voice phishing (vishing) to trick employees into giving access to their Salesforce accounts for data theft. They impersonate IT support and convince victims to approve a malicious version of Salesforce's Data Loader app, allowing attackers to exfiltrate sensitive information.

→ Google says hackers stole its customers’ data in a breach of its Salesforce database

🕵🏻‍♂️ 🇰🇵 CrowdStrike investigated over 320 cases of North Korean operatives taking IT jobs in the past year. This activity, driven by the group Famous Chollima, has increased significantly and now spans multiple countries. North Korean workers are using generative AI to enhance their job applications and perform tasks across various roles.

🇨🇳 A new report reveals that Chinese companies are creating hacking tools for state-sponsored hackers linked to cyberattacks, including the Silk Typhoon group. This group has targeted various sectors, such as defense and healthcare, and has connections to multiple Chinese firms that work with the government. The findings suggest that these companies may be involved in offensive operations and that their tools could be used by different government agencies.

🗓️ {Cyber,Info}Sec Events: My list of past and future {cyber,info}sec related events — Feel free to contribute by submitting issues or pull requests (and don’t forget to star the project); Thanks! 😉

👨🏻‍⚖️ 👀 GOVERNMENT, POLITICS, AND PRIVACY

🇺🇦 🇷🇺 Ukraine's Defence Intelligence agency claims to have hacked classified data from Russia's nuclear submarine, the "Knyaz Pozharsky". The leaked information includes sensitive technical details and operational manuals, exposing vulnerabilities in Russia's naval capabilities. This incident raises concerns for Russia about safeguarding its military secrets.

🇺🇸 The U.S. Cybersecurity and Infrastructure Security Agency announced $100 million in cybersecurity grants for states and localities, but experts say this funding is less than previous years and insufficient for growing needs. The grants come with conditions that could lead to long-term financial burdens for recipients. Many state officials are urging Congress to reauthorize and increase these cybersecurity programs, as current funding falls short of what is necessary to protect against rising cyber threats.

🇬🇧 The UK's Online Safety Act has failed to protect privacy and resulted in increased VPN usage as people seek to bypass invasive age verification requirements. The law has made it harder for adults to access important support services while creating significant risks for personal data security. Critics warned about these issues before its implementation, highlighting the law's ineffectiveness and detrimental impact on online communities.

🇺🇸 Illumina will pay $9.8 million to settle claims that its products sold to the U.S. government had cybersecurity vulnerabilities — The company was accused of not having a proper security program and failing to fix issues in its products. A former employee's whistleblower lawsuit led to this settlement.

🇺🇸 The U.S. Senate confirmed Sean Cairncross as the national cyber director with a vote of 59-35. Cairncross, nominated by President Trump, has held various leadership roles but lacks direct cyber experience. His confirmation adds another key cyber leader to the Trump administration.

🔗 Partners and Affiliates

🌐 Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.

🦠 MALWARE & THREATS

💸 Akira ransomware is using a legitimate Intel CPU tuning driver to disable Microsoft Defender during attacks. It registers the driver as a service to gain access and loads a malicious tool that turns off Defender's protections. Security experts recommend monitoring for Akira-related activity and only downloading software from official sources to avoid malware.

🇺🇦 The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about cyber attacks by a group called UAC-0099, targeting government and defense sectors using phishing emails. These attacks deliver malware, including MATCHBOIL, MATCHWOK, and DRAGSTARE, through links disguised as court summons. The malicious software can steal sensitive information and execute commands remotely.

👀 CTM360 has identified a global malware campaign called "ClickTok" that targets TikTok Shop users by spreading spyware through fake websites. This scam tricks victims into entering their login and payment information, allowing attackers to steal cryptocurrency. Users are advised to be cautious, avoid suspicious downloads, and verify website authenticity to protect themselves.

🎣 Mozilla has alerted add-on developers about a phishing campaign targeting their accounts on the AMO platform. The phishing emails pretend to be from Mozilla and ask developers to update their accounts to keep access to features. Developers are advised to verify email sources and avoid clicking on suspicious links.

🐧 Cybersecurity researchers have discovered a new Linux backdoor called Plague, which allows attackers to steal credentials and gain silent access to systems. This malware integrates with authentication processes and evades detection by security tools, making it difficult to identify. Plague also employs techniques to erase evidence of its activity, enhancing its stealth.

📡 A state-sponsored group called CL-STA-0969 has been targeting telecom networks in Southeast Asia to gain remote access and control. They used various sophisticated malware tools but did not exfiltrate any data from the compromised systems. This group shares similarities with other known cyber espionage actors, indicating a broader ongoing threat to telecommunications infrastructure.

🇻🇳 Vietnamese hackers are using a tool called PXA Stealer to infect over 4,000 IP addresses in 62 countries, stealing more than 200,000 passwords and other sensitive data. This malware operates through advanced techniques to avoid detection and sells stolen data on underground platforms via Telegram. Research shows that the cybercriminals have created a complex system to automate their operations and maximize profits from their thefts.

🤖 🧰 AI, CRYPTO, TECH & TOOLS

🏝️ Hacker Summer Camp 🇺🇸

• Black Hat USA 2025 – Summary of Vendor Announcements (Part 1)

• Black Hat USA 2025 – Summary of Vendor Announcements (Part 2)

• Black Hat USA 2025 – Summary of Vendor Announcements (Part 3)

• Black Hat USA 2025 – Summary of Vendor Announcements (Part 4)

• EFF at the Las Vegas Security Conferences

👀 🍎 Research from Lumia Security reveals that Apple’s Siri assistant sends sensitive data to Apple servers more often than its privacy policies suggest. This includes dictating messages through apps like WhatsApp, raising concerns about end-to-end encryption. Apple claims these practices are not privacy violations, but the complexity of data handling may confuse users about their privacy.

🚨 🐛 Microsoft and the Cybersecurity and Infrastructure Security Agency revealed a serious vulnerability in on-premises Microsoft Exchange that could allow hackers to compromise network management tools. This flaw was highlighted during a presentation at the Black Hat cybersecurity conference, where the researcher demonstrated its potential exploitation. Microsoft plans to secure customer environments by blocking certain traffic and issuing emergency patches to affected federal agencies.

🦠 🤖 Microsoft has introduced Project Ire, an autonomous AI system that can analyze and classify software to detect malware without human help. It uses advanced tools to reverse engineer software, achieving high accuracy in identifying malicious files. The system aims to improve cybersecurity by automating complex processes, ultimately helping to protect users from evolving threats.

💬 WhatsApp is launching a new security feature to help users identify potential scams when added to group chats by unknown contacts. The feature shows a safety overview with details about the group and allows users to exit without viewing the chat. Additionally, WhatsApp notifies users when contacted by people outside their contacts to help them stay safe from scams.

🔢 Proton fixed a bug in its Authenticator app for iOS that exposed users' TOTP secrets in plaintext logs. The issue was discovered after a user reported that their sensitive data was visible in the app's debug logs. The bug has been resolved in the latest version of the app, but users are reminded to secure their devices to protect their information.

🤖 🔎 Perplexity, the AI answer engine, is using hidden crawlers to bypass website rules that block its access. Despite websites disallowing its crawlers, Perplexity has been observed modifying its identity and using stealth tactics to scrape content. In response, Cloudflare has blocked Perplexity's stealth crawling and emphasized the importance of ethical crawling practices.

→ Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities

🐛 🧠 VULNERABILITIES, RESEARCH, AND THREAT INTELLIGENCE

➝ From the Patching Department:

• Adobe issues emergency fixes for AEM Forms zero-days after PoCs released

• Google addresses six vulnerabilities in August’s Android security update

  • Android’s August 2025 Update Patches Exploited Qualcomm Vulnerability

• Trend Micro Patches Apex One Vulnerabilities Exploited in Wild

🐛 🤖 Wiz has found serious vulnerabilities in Nvidia's Triton Inference Server that could let attackers take control of servers running AI models. Two of these vulnerabilities are highly severe and can lead to data theft and manipulation of AI responses. This poses a major risk for organizations using Triton for AI and machine learning.

🐛 🤖 A vulnerability in the AI code editor Cursor allowed attackers to execute arbitrary code without user approval by exploiting an indirect prompt injection issue. This flaw, tracked as CVE-2025-54135, let attackers modify sensitive files and launch malicious commands. Cursor has since addressed this issue in version 1.3, along with other related vulnerabilities.

🔎 SonicWall is investigating a possible new security flaw after noticing a rise in attacks targeting its firewalls with SSL VPN enabled. Recent reports indicate that Akira ransomware is exploiting these devices, leading to multiple breaches. Users are advised to take precautions, such as disabling SSL VPN services and enforcing multi-factor authentication.

→ SonicWall urges customers to disable SSLVPN amid reports of ransomware attacks

💰 Microsoft is hosting the Zero Day Quest hacking contest in spring 2026, offering up to $5 million for vulnerability submissions. Researchers can submit vulnerabilities from various Microsoft products between August and October 2025, with bonuses for critical issues. The event will allow top researchers to collaborate with Microsoft teams and includes training sessions for all participants.

💰 Microsoft has increased rewards in its .NET bug bounty program to $40,000 for certain vulnerabilities. This change aims to better reflect the difficulty of finding and exploiting these security issues. The program now covers more technologies and offers various payouts for different types of vulnerabilities.

🛰️ ICS, OT & IoT

💬 CONNECT

Follow me on Mastodon for quick daily updates and bite-sized content.

Prefer using an RSS feed? Add Infosec MASHUP to your feed here.

Enjoying our newsletter? Forward it to a colleague—
it’s one of the best ways to support us.

Thanks for reading today’s newsletter, and if you're enjoying it and want to support my work, you can buy me a coffee ☕ over at https://www.buymeacoffee.com/0x58

See you next time!

-X.