🕵🏻‍♂️ [InfoSec MASHUP] 33/2025

🔓 BREACHES & SECURITY INCIDENTS

🇳🇴 🇷🇺 Norwegian police believe pro-Russian hackers were behind a sabotage incident at a dam in April, which affected water flow but did not pose a danger. The police warned that cyberattacks on Western nations are growing more frequent and violent since Russia's invasion of Ukraine. Officials suggest that state actors use such hacks to demonstrate their capabilities and intimidate others.

🇺🇸 The Interlock ransomware gang has been confirmed as the source of a cyberattack on Saint Paul, Minnesota, which disrupted city services in July. The attack affected many systems, but emergency services remained operational, and the city refused to pay the ransom. The gang claims to have stolen over 66,000 files, but officials say residents' personal information is not at risk.

🇺🇸 Hackers have leaked sensitive data from Allianz Life, exposing 2.8 million records of customers and business partners. The breach is part of a series of Salesforce attacks linked to the ShinyHunters group, which used social engineering to steal information. Allianz Life confirmed a data breach last month but could not comment further as the investigation continues.

🇰🇵 Hackers have breached a North Korean government hacker's computer and leaked important information about the Kimsuky espionage group. They revealed that Kimsuky targets South Korean agencies and conducts cybercrime to fund North Korea's nuclear program. This hack provides rare insight into the group's operations and collaboration with Chinese hackers.

🇳🇱 The Netherlands' National Cyber Security Centre (NCSC) has warned that a serious vulnerability in Citrix NetScaler, known as CVE-2025-6543, has been exploited to breach critical organizations in the country. This flaw allows attackers to gain remote control and erase evidence of their intrusions. Organizations are urged to update their systems to fix the vulnerability and check for signs of compromise.

→ More breaches:

• Connex Credit Union data breach impacts 172,000 members

• Manpower discloses data breach affecting nearly 145,000 people

🔗 Partners and Affiliates

🔐 NordVPN Threat Protection Pro™ Campaign (July 2 - August 13)

With its user-friendly interface, robust security features, and commitment to privacy, NordVPN continues to be a popular choice for individuals seeking online protection and unrestricted internet access.

Special Offer: get up to 73% off with a 2-year plan!

🥷🏻 CYBERCRIME, CYBER ESPIONAGE, APT’s

💸 Over $300 million in cryptocurrency linked to cybercrime has been frozen through two major initiatives involving law enforcement and private companies. The T3+ Global Collaborator Program has helped freeze more than $250 million in criminal assets since its launch in September 2024. A joint operation between the U.S. and Canada has also uncovered over $74 million in fraud losses, aiding in the freezing of stolen assets.

🇷🇺 🇺🇸 Russian government hackers are believed to be behind a breach of the U.S. court filing system, PACER. They targeted midlevel criminal cases, potentially accessing sensitive information about confidential informants. The U.S. Courts confirmed the cyberattack and are working to enhance security to prevent future incidents.

🇷🇺 📂 Russian hackers exploited a WinRAR vulnerability, known as CVE-2025-8088, to target organizations in Europe and Canada. They used spearphishing emails to send malicious files disguised as resumes. Fortunately, none of the targets were compromised, and the vulnerability has since been patched.

🇺🇸 🇷🇺 The U.S. government seized $1 million in Bitcoin and servers from a Russian ransomware gang linked to the BlackSuit and Royal malware. This gang has targeted over 450 victims in critical sectors like healthcare and energy, demanding more than $500 million in ransom. The operation involved global law enforcement agencies working together to combat cybercrime.

🗓️ {Cyber,Info}Sec Events: My list of past and future {cyber,info}sec related events — Feel free to contribute by submitting issues or pull requests (and don’t forget to star the project); Thanks! 😉

👨🏻‍⚖️ 👀 GOVERNMENT, POLITICS, AND PRIVACY

🇺🇸 🇷🇺 The U.S. has imposed sanctions on the Russian cryptocurrency exchange Garantex and its successor Grinex, targeting their leaders for arrest due to their involvement in over $100 million of illicit transactions. The Treasury Department accused Garantex of facilitating various crimes, including ransomware and drug trafficking, and has offered up to $6 million in rewards for information leading to the arrest of its leaders. Six additional organizations were also sanctioned for their ties to Garantex and Grinex.

🇪🇺 👀 The EU's Chat Control proposal requires communication services to scan messages for child sexual exploitation material and report suspicious content to the police. This plan includes mandatory age verification, blocking access for minors, and could lead to significant privacy violations and false reports. Critics argue that this approach may not effectively reduce abuse and could harm anonymity for vulnerable groups.

🇷🇺 📲 Russia is limiting calls on WhatsApp and Telegram, claiming they are used for criminal and terrorist activities — Both apps argue they protect user privacy and are being targeted for defying government control. This move comes as Russia promotes its own messaging app, raising concerns about increased surveillance.

🇺🇸 🫆 A new database in California now allows the public to access thousands of previously confidential police records related to misconduct and use of force. This free resource, which includes almost 12,000 cases, aims to help victims' families, journalists, and attorneys better understand police actions and accountability. The database is part of ongoing efforts to increase transparency in law enforcement and improve police accountability.

🔗 Partners and Affiliates

🌐 Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.

🦠 MALWARE & THREATS

🏦 🇧🇷 A new Android trojan called PhantomCard is targeting banking customers in Brazil by using NFC relay fraud to steal credit card information. The malware is distributed through fake app pages, tricking users into installing it and providing their card details and PIN. Researchers warn that similar threats are increasing globally, complicating the security landscape for financial organizations.

🎣 ✈️ A new phishing campaign is tricking users by using a Japanese character that looks like a forward slash in fake Booking.com links. This character makes the URLs appear legitimate, leading users to malicious sites that can install malware. To stay safe, always check the actual domain of links before clicking.

⌨️ A new malware called PS1Bot uses malvertising to infect computers and perform various malicious activities like stealing information and logging keystrokes. It operates stealthily by executing code in memory to avoid detection. This malware is part of a campaign that has been active since early 2025 and shares similarities with previous threats.

🇷🇺 A new cyber-espionage group called Curly COMrades is using a complex malware called MucorAgent to target government and energy organizations in Georgia and Moldova. The malware provides persistent access by hijacking scheduled tasks and using various tools for data exfiltration. Despite its stealthy methods, the group's activities have been detected by cybersecurity systems.

🔙 🚪 Researchers found the XZ Utils backdoor in 35 Docker Hub images, raising concerns about software supply chain security. This backdoor allows attackers to gain unauthorized remote access and execute commands through SSH. Even after many months, the risk continues as compromised images propagate throughout the Docker ecosystem.

💎 🇰🇷 Sixty malicious Ruby gems have been downloaded over 275,000 times, stealing credentials from users, especially in South Korea. These gems mimic legitimate tools for platforms like Instagram and WordPress, but they actually exfiltrate sensitive information to attackers. Developers are warned to carefully check the libraries they use to avoid falling victim to such scams.

🤖 🧰 AI, CRYPTO, TECH & TOOLS

🔓 OpenAI's GPT-5, released on August 7, has faced backlash for poor performance in security and safety metrics. Security researchers found significant vulnerabilities in the model, scoring it very low on assessments. Despite claims of strong safety features from Microsoft and OpenAI, external tests revealed GPT-5 is almost unusable for enterprises without extensive prompting.

🐛 🧠 VULNERABILITIES, RESEARCH, AND THREAT INTELLIGENCE

→ From the Patching Department:

• Microsoft Patch Tuesday, August 2025 Edition

• Adobe Patches Over 60 Vulnerabilities Across 13 Products

• Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia

• Cisco Patches Critical Vulnerability in Firewall Management Platform

• SAP Patches Critical S/4HANA Vulnerability

• Over 29,000 Exchange servers unpatched against high-severity flaw

• Over 3,000 NetScaler devices left unpatched against CitrixBleed 2 bug

🧨 A new vulnerability called MadeYouReset allows attackers to bypass limits on HTTP/2 requests, enabling large-scale distributed denial-of-service (DDoS) attacks — This exploit can overwhelm servers by sending thousands of requests, impacting various products like Apache Tomcat and F5 BIG-IP. Experts warn that protecting against this and similar vulnerabilities is increasingly important as HTTP/2 remains a key part of web infrastructure.

🔓 Researchers at SquareX have found a way to bypass account security that uses passkeys, which are meant to be more secure than passwords. The attack takes advantage of compromised browser environments to manipulate the authentication process without needing access to the user's device. Users can be tricked into installing malicious browser extensions or visiting vulnerable websites, allowing attackers to hijack their login credentials.

💰 A researcher named 'Micky' received a $250,000 reward from Google for finding a serious vulnerability in Chrome that allowed for a sandbox escape. The flaw was reported on April 22 and was fixed in May. This security issue had a high severity rating and required users to visit a malicious website to be exploited.

🐛 🚗 A security researcher discovered flaws in a carmaker's online portal that could let hackers remotely unlock cars and access customer data. The vulnerabilities allowed the researcher to create an admin account, giving him access to sensitive information and the ability to control vehicles. The carmaker has since fixed the issues, but the incident highlights serious security risks in dealership systems.

🐛 🎦 Researchers found vulnerabilities in some Lenovo webcams that could allow hackers to turn them into malicious devices for BadUSB attacks. This means attackers can remotely control the webcams to inject harmful commands into connected computers. Lenovo has released firmware updates to fix these issues and prevent exploitation.

🛰️ ICS, OT & IoT

🩹 Rockwell Automation has announced critical vulnerabilities in its FactoryTalk, Micro800, and ControlLogix products. These flaws could allow attackers to disable security features or execute remote code. Rockwell has patched these issues, and they have not been exploited yet.

🩹 In August 2025, major companies like Siemens and Schneider Electric released advisories addressing critical vulnerabilities in their industrial control systems. Siemens identified multiple high-severity issues that could allow code execution or unauthorized access, while Schneider Electric highlighted flaws in its EcoStruxure products that could lead to sensitive data exposure. Other companies, including Honeywell and ABB, also published advisories to inform customers about security patches for their products.

💥 Researchers have found a surge in attacks exploiting a critical security flaw in Erlang/OTP SSH, mainly targeting operational technology (OT) firewalls. This vulnerability, known as CVE-2025-32433, allows attackers to execute code without needing credentials. The flaw has been linked to attacks on sectors like healthcare and agriculture in multiple countries, with attackers using reverse shells for unauthorized access.

💬 CONNECT

Follow me on Mastodon for quick daily updates and bite-sized content.

Prefer using an RSS feed? Add Infosec MASHUP to your feed here.

Enjoying our newsletter? Forward it to a colleague—
it’s one of the best ways to support us.

Thanks for reading today’s newsletter, and if you're enjoying it and want to support my work, you can buy me a coffee ☕ over at https://www.buymeacoffee.com/0x58

See you next time!

-X.