Recent findings highlight a significant data breach involving stalkerware, a type of malicious software that covertly monitors individuals’ activities. This malware has been used to compromise the privacy of romantic partners, family members, and associates. It infiltrates devices to collect text messages, photos, location data, and more, posing severe risks…
Published: Aug 11, 2025
This week has highlighted the rapid pace of cyber threats, urging businesses to remain vigilant. Attackers are uncovering vulnerabilities in widely-used software and utilizing innovative tactics to bypass security measures. Even a single unpatched vulnerability can create pathways for data breaches or unauthorized system access. Time is of the essence—failure to regularly update defenses can result in severe consequences. The imperative is clear: proactive measures are essential to safeguard your business.
Here’s a summary of the most significant cybersecurity developments this week, including recent flaws in WinRAR and NVIDIA Triton, along with essential advanced attack strategies to be aware of. Let’s dive into the details.
⚡ Threat of the Week
Trend Micro Issues Warning on Actively Exploited 0-Day — Trend Micro has provided temporary mitigations to tackle serious security vulnerabilities in on-premise versions of Apex One Management Console, which are reportedly being exploited in the wild. The flaws include CVE-2025-54948 and CVE-2025-54987.
Weekly Cybersecurity Recap: BadCam Attack, WinRAR Vulnerabilities, and Notable Ransomware Incidents August 11, 2025 In a rapidly evolving landscape, cyber attackers are intensifying their efforts, prompting businesses to maintain vigilance. This week has seen a surge in discoveries of vulnerabilities in widely used software, alongside increasingly sophisticated methods to circumvent…
Published: Aug 11, 2025
This week has highlighted the rapid pace of cyber threats, urging businesses to remain vigilant. Attackers are uncovering vulnerabilities in widely-used software and utilizing innovative tactics to bypass security measures. Even a single unpatched vulnerability can create pathways for data breaches or unauthorized system access. Time is of the essence—failure to regularly update defenses can result in severe consequences. The imperative is clear: proactive measures are essential to safeguard your business.
Here’s a summary of the most significant cybersecurity developments this week, including recent flaws in WinRAR and NVIDIA Triton, along with essential advanced attack strategies to be aware of. Let’s dive into the details.
⚡ Threat of the Week
Trend Micro Issues Warning on Actively Exploited 0-Day — Trend Micro has provided temporary mitigations to tackle serious security vulnerabilities in on-premise versions of Apex One Management Console, which are reportedly being exploited in the wild. The flaws include CVE-2025-54948 and CVE-2025-54987.
Google Unveils Unpatched and Poorly Fixed Windows 0-Day Vulnerability
Dec 24, 2020
Google’s Project Zero team has disclosed details about a poorly addressed zero-day security flaw in the Windows print spooler API, potentially allowing malicious actors to execute arbitrary code. The flaw was made public after Microsoft failed to resolve it within 90 days of responsible disclosure on September 24. Initially identified as CVE-2020-0986, the vulnerability involves an elevation of privilege exploit in the GDI Print / Print Spooler API (“splwow64.exe”) reported to Microsoft by an anonymous user collaborating with Trend Micro’s Zero Day Initiative (ZDI) in late December 2019. With no patch provided for nearly six months, ZDI publicly issued a zero-day advisory on May 19, which led to exploitation in a campaign known as “Operation PowerFall” targeting an unnamed South Korean company. “splwow64.exe” is a core Windows system binary that facilitates 32-bit application compatibility.
Google Exposes Unpatched Windows Zero-Day Vulnerability On December 24, 2020, Google’s Project Zero disclosed details about a critical yet poorly patched zero-day vulnerability within the Windows print spooler API. This flaw opens the door for malicious actors to execute arbitrary code, creating significant risks for affected systems. The decision to…
Google Unveils Unpatched and Poorly Fixed Windows 0-Day Vulnerability
Dec 24, 2020
Google’s Project Zero team has disclosed details about a poorly addressed zero-day security flaw in the Windows print spooler API, potentially allowing malicious actors to execute arbitrary code. The flaw was made public after Microsoft failed to resolve it within 90 days of responsible disclosure on September 24. Initially identified as CVE-2020-0986, the vulnerability involves an elevation of privilege exploit in the GDI Print / Print Spooler API (“splwow64.exe”) reported to Microsoft by an anonymous user collaborating with Trend Micro’s Zero Day Initiative (ZDI) in late December 2019. With no patch provided for nearly six months, ZDI publicly issued a zero-day advisory on May 19, which led to exploitation in a campaign known as “Operation PowerFall” targeting an unnamed South Korean company. “splwow64.exe” is a core Windows system binary that facilitates 32-bit application compatibility.
Cybercrime Groups ShinyHunters and Scattered Spider Unite for Targeted Extortion Campaign Against Businesses
August 12, 2025
Cybercrime / Financial Security
A continuing data extortion initiative targeting Salesforce clients may soon expand its focus to encompass financial services and tech providers, as recent findings suggest collaboration between ShinyHunters and Scattered Spider. “This latest series of attacks attributed to ShinyHunters indicates a significant tactical shift, moving past their prior methods of credential theft and database exploitation,” reports ReliaQuest to The Hacker News. Their new approach incorporates strategies akin to those used by Scattered Spider, including highly-targeted vishing (voice phishing) and social engineering tactics, the use of applications that pose as legitimate tools, and Okta-themed phishing pages to deceive victims into revealing credentials during vishing attempts, alongside VPN obfuscation for data exfiltration. ShinyHunters, which first emerged in 2020, is a financially motivated group that has executed numerous data breaches targeting major corporations.
Cybercrime Alliances: ShinyHunters and Scattered Spider Collaborate in Targeted Extortion Campaigns August 12, 2025 Cybercrime / Financial Security Recent developments reveal an alarming partnership in the cybercrime landscape, as the notorious groups ShinyHunters and Scattered Spider are joining forces to escalate extortion attacks specifically targeting businesses, including Salesforce customers. This…
Cybercrime Groups ShinyHunters and Scattered Spider Unite for Targeted Extortion Campaign Against Businesses
August 12, 2025
Cybercrime / Financial Security
A continuing data extortion initiative targeting Salesforce clients may soon expand its focus to encompass financial services and tech providers, as recent findings suggest collaboration between ShinyHunters and Scattered Spider. “This latest series of attacks attributed to ShinyHunters indicates a significant tactical shift, moving past their prior methods of credential theft and database exploitation,” reports ReliaQuest to The Hacker News. Their new approach incorporates strategies akin to those used by Scattered Spider, including highly-targeted vishing (voice phishing) and social engineering tactics, the use of applications that pose as legitimate tools, and Okta-themed phishing pages to deceive victims into revealing credentials during vishing attempts, alongside VPN obfuscation for data exfiltration. ShinyHunters, which first emerged in 2020, is a financially motivated group that has executed numerous data breaches targeting major corporations.
On December 29, 2020, a bug in Google’s feedback tool was patched, which could have allowed attackers to access sensitive screenshots of Google Docs by embedding the documents on malicious websites. Discovered by security researcher Sreeram KL on July 9, this flaw earned him a reward of $3,133.70 through Google’s Vulnerability Reward Program. The feedback feature, designed to let users report issues while optionally including screenshots, is implemented across various Google services. Instead of replicating this feature, Google utilizes an iframe element that pulls content from “feedback.googleusercontent.com,” thereby posing a security risk.
Google Docs Vulnerability Exposed: Potential Risk for Private Documents Dec 29, 2020 A recently patched vulnerability in Google’s feedback mechanism poses the risk of exposing sensitive documents within Google Docs to potential attackers. The flaw allowed malicious actors to exploit the integration of the feedback feature across various Google services,…
On December 29, 2020, a bug in Google’s feedback tool was patched, which could have allowed attackers to access sensitive screenshots of Google Docs by embedding the documents on malicious websites. Discovered by security researcher Sreeram KL on July 9, this flaw earned him a reward of $3,133.70 through Google’s Vulnerability Reward Program. The feedback feature, designed to let users report issues while optionally including screenshots, is implemented across various Google services. Instead of replicating this feature, Google utilizes an iframe element that pulls content from “feedback.googleusercontent.com,” thereby posing a security risk.
Aug 13, 2025
Endpoint Security / Cybercrime
Cybersecurity researchers have unveiled a new campaign featuring an undocumented ransomware variant named Charon, targeting the public sector and aviation industry in the Middle East. According to Trend Micro, the attackers employed tactics reminiscent of advanced persistent threat (APT) groups, including DLL side-loading and process injection, successfully evading endpoint detection and response (EDR) systems. The use of DLL side-loading parallels techniques associated with the China-linked hacking group Earth Baxia, which has previously targeted government entities in Taiwan and the Asia-Pacific region to deploy a backdoor known as EAGLEDOOR, following the exploitation of a now-patched vulnerability in OSGeo GeoServer GeoTools. “The attack chain utilized a legitimate browser-related file, Edge.exe (originally cookie_exporter.exe), to sideload a…”
Charon Ransomware Targets Middle East Sectors with Advanced Evasion Techniques August 13, 2025 Endpoint Security / Cybercrime Recent investigations by cybersecurity experts have unveiled a new wave of malicious activity involving a previously unknown ransomware variant named Charon. This campaign has specifically targeted the public sector and aviation industry across…
Aug 13, 2025
Endpoint Security / Cybercrime
Cybersecurity researchers have unveiled a new campaign featuring an undocumented ransomware variant named Charon, targeting the public sector and aviation industry in the Middle East. According to Trend Micro, the attackers employed tactics reminiscent of advanced persistent threat (APT) groups, including DLL side-loading and process injection, successfully evading endpoint detection and response (EDR) systems. The use of DLL side-loading parallels techniques associated with the China-linked hacking group Earth Baxia, which has previously targeted government entities in Taiwan and the Asia-Pacific region to deploy a backdoor known as EAGLEDOOR, following the exploitation of a now-patched vulnerability in OSGeo GeoServer GeoTools. “The attack chain utilized a legitimate browser-related file, Edge.exe (originally cookie_exporter.exe), to sideload a…”
Warning: Publicly Available Exploit for SAP Solution Manager Vulnerability Discovered
Cybersecurity experts have issued a warning regarding a fully-functional exploit now circulating online, which targets SAP enterprise software. This exploit takes advantage of a vulnerability, identified as CVE-2020-6207, resulting from a lack of authentication checks in SAP Solution Manager (SolMan) version 7.2. SAP SolMan is a comprehensive application management solution that facilitates end-to-end application lifecycle management across distributed environments, serving as a central hub for managing SAP systems, including ERP, CRM, HCM, SCM, BI, and more. Researchers at Onapsis stated that successful exploitation could enable a remote, unauthenticated attacker to perform highly privileged administrative tasks within connected SAP SMD Agents, utilized for analyzing and monitoring SAP systems. This vulnerability has a critical CVSS base score of 10.0 and was addressed by SAP in a recent update.
Warning Issued for Fully-Functional Exploit Targeting SAP Solution Manager Vulnerability January 23, 2021 Cybersecurity experts have issued a cautionary alert regarding a newly released, publicly accessible exploit that poses significant risks to SAP enterprise software. This exploit takes advantage of a vulnerability, identified as CVE-2020-6207, which arises from a lack…
Warning: Publicly Available Exploit for SAP Solution Manager Vulnerability Discovered
Cybersecurity experts have issued a warning regarding a fully-functional exploit now circulating online, which targets SAP enterprise software. This exploit takes advantage of a vulnerability, identified as CVE-2020-6207, resulting from a lack of authentication checks in SAP Solution Manager (SolMan) version 7.2. SAP SolMan is a comprehensive application management solution that facilitates end-to-end application lifecycle management across distributed environments, serving as a central hub for managing SAP systems, including ERP, CRM, HCM, SCM, BI, and more. Researchers at Onapsis stated that successful exploitation could enable a remote, unauthenticated attacker to perform highly privileged administrative tasks within connected SAP SMD Agents, utilized for analyzing and monitoring SAP systems. This vulnerability has a critical CVSS base score of 10.0 and was addressed by SAP in a recent update.
August 12, 2025
Threat Intelligence / Enterprise Security
Cybersecurity experts are reporting a significant increase in brute-force traffic directed at Fortinet SSL VPN devices. A coordinated effort, noted by threat intelligence firm GreyNoise, was detected on August 3, 2025, involving over 780 unique IP addresses participating in the attack. In the last 24 hours alone, 56 unique malicious IP addresses have been identified, originating from countries including the United States, Canada, Russia, and the Netherlands.
Targets of this brute-force activity span across the United States, Hong Kong, Brazil, Spain, and Japan. GreyNoise emphasized that the attacks were specifically aimed at their FortiOS profile, indicating a deliberate targeting strategy rather than opportunistic behavior. The firm also reported observing two distinct waves of assaults before and after August 5, with one being a prolonged brute-force attack.
Fortinet SSL VPNs Targeted by Surge in Brute-Force Attacks as Threat Actors Shift Focus to FortiManager August 12, 2025 Threat Intelligence / Enterprise Security Cybersecurity experts have identified a notable increase in brute-force attack traffic directed at Fortinet SSL VPN devices, raising alarms in the cybersecurity community. According to the…
August 12, 2025
Threat Intelligence / Enterprise Security
Cybersecurity experts are reporting a significant increase in brute-force traffic directed at Fortinet SSL VPN devices. A coordinated effort, noted by threat intelligence firm GreyNoise, was detected on August 3, 2025, involving over 780 unique IP addresses participating in the attack. In the last 24 hours alone, 56 unique malicious IP addresses have been identified, originating from countries including the United States, Canada, Russia, and the Netherlands.
Targets of this brute-force activity span across the United States, Hong Kong, Brazil, Spain, and Japan. GreyNoise emphasized that the attacks were specifically aimed at their FortiOS profile, indicating a deliberate targeting strategy rather than opportunistic behavior. The firm also reported observing two distinct waves of assaults before and after August 5, with one being a prolonged brute-force attack.
Checkmarx has reported that a recent data breach appears to have stemmed from its GitHub repositories, with access facilitated by a supply chain attack that occurred on March 23, 2023. While the exact types of data that were compromised remain undisclosed, this incident highlights the vulnerabilities inherent in software development…