Friday Wrap Up: 22 August 2025
It’s been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
π¨ Major Cyberattacks & Data Breaches This week saw breaches across industries β from HR platforms to healthcare β showing how attackers continue to exploit trusted systems.
π Workday discloses data breach linked to Salesforce attacks (Published on 8/18/2025, BleepingComputer). Read More
π Hacker finds flaws in McDonaldβs staff & partner hubs, exposing APIs and sensitive documents (Published on 8/20/2025, Dark Reading). Read More
πΏ Nearly 1M medical marijuana patient records exposed, including SSNs and health files (Published on 8/21/2025, Hackread). Read More
π‘οΈ Malware & Vulnerabilities Fresh malware families and critical zero-days kept defenders busy, with both Apple and Microsoft under the spotlight.
π§© Microsoft dissects PipeMagic backdoor disguised as ChatGPT app (Published on 8/19/2025, SecurityWeek). Read More
π Apple patches zero-day CVE-2025-43300 across all platforms β update now (Published on 8/21/2025, Malwarebytes). Read More
π§ APT36 hackers abuse Linux .desktop files for malware delivery in India (Published on 8/22/2025, BleepingComputer). Read More
π°οΈ Chinese Silk Typhoon hackers exploited Commvault zero-day in new campaign (Published on 8/22/2025, SecurityWeek). Read More
π‘ DDoS, Outages & Infrastructure Attacks on availability and critical services made headlines, alongside a major Microsoft service disruption.
πΆ DOJ charges 22-year-old for RapperBot botnet tied to 370K DDoS attacks (Published on 8/19/2025, The Hacker News). Read More
π Microsoft investigates outage impacting Copilot and Office.com users in North America (Published on 8/20/2025, BleepingComputer). Read More
π Espionage & Data Extraction Nation-state operations escalated this week, targeting infrastructure, cloud, and telecom networks with precision.
π΅οΈ FBI warns FSB-linked hackers exploiting 7-year-old Cisco flaws for espionage (Published on 8/20/2025, The Hacker News). Read More
βοΈ Chinese Murky/Genesis/Glacial Panda escalate cloud & telecom espionage (Published on 8/22/2025, The Hacker News). Read More
π» Ransomware & Law Enforcement Actions Governments pushed back on ransomware operators, even as fake campaigns tried to muddy the waters.
π° US seizes $2.8M from Zeppelin ransomware operator after indictment (Published on 8/18/2025, SecurityWeek). Read More
π Europol confirms fake $50K Qilin ransomware reward was a troll hoax (Published on 8/21/2025, BleepingComputer). Read More
π§ Vulnerability Research & Industry Analysis Researchers uncovered critical flaws in next-gen networks and infrastructure setups.
πΆ New 5G attack βSni5Gectβ bypasses need for fake base stations (Published on 8/18/2025, SecurityWeek). Read More
π Citizen Lab report reveals hidden VPN networks with shared ownership & flaws (Published on 8/19/2025, Hackread). Read More
π₯οΈ Hackers abuse VPS services for stealthy infrastructure setup (Published on 8/21/2025, Dark Reading). Read More
βοΈ AI, Policy & Regulation Encryption debates and AI security risks took center stage as governments and researchers clashed over control.
π U.K. drops Apple encryption backdoor order after U.S. pushback (Published on 8/19/2025, The Hacker News). Read More
π€ Perplexityβs Comet AI browser tricked into buying fake items online (Published on 8/20/2025, BleepingComputer). Read More
π₯ TikTok shifts to AI-driven moderation, triggering mass layoffs & backlash (Published on 8/22/2025, Gizmodo). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!
Don’t forget that you can also subscribe to the Friday Wrap Up on Substack and receive it in your inbox every Friday. Never miss an edition of the Friday Wrap Up!
Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.