News – August 2025

August 31, 2025

As AI tools become more integrated into daily work, the security risks attached to them are also evolving in new directions. Researchers at Trail of Bits have demonstrated a method where malicious prompts are hidden inside images and then revealed during processing by large language models. The technique takes advantage of how AI platforms downscale images ...

August 29, 2025

Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their primary objective has shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics. Unlike traditional on-premises ransomware, ...

August 29, 2025

WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of “specific targeted users.” The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate ...

August 29, 2025

One of Australia’s largest banks has apologised to staff who found out they had been fired through an automated email asking them to hand back their laptops. ANZ’s retail banking executive Bruce Rush said it was “not our intention to share such sensitive news with you in this way” as the firm cuts jobs in its ...

August 29, 2025

If a system is popular with users, you can bet it’s just as popular with cybercriminals. Although Windows still dominates, second place belongs to macOS. And this makes it a viable target for attackers. With various built-in protection mechanisms, macOS generally provides a pretty much end-to-end security for the end user. This post looks at how ...

August 28, 2025

On 5 September 2025, cyber security professionals and industry leaders will gather online for a free, expert-led webinar: “Securing systems, data, and people: What are cyber security experts’ concerns for the future?”. This session serves as a precursor to the IET’s Cyber Security for Critical Industries Conference 2025, offering attendees a valuable glimpse into the ...

August 28, 2025

In June, Terend Micro researchers identified and investigated an unusual security incident involving the installation of two malware families, C6DOOR and GTELAM, on a victim’s host. Trend Micro investigation determined that the malware was delivered through a legitimate input method editor (IME) software, Sogou Zhuyin. As brief explanation, an IME is a tool that interprets sequences ...

August 28, 2025

Based on new information identified by GTIG, the scope of this compromise is not exclusive to the Salesforce integration with Salesloft Drift and impacts other integrations. GTIG now advise all Salesloft Drift customers to treat any and all authentication tokens stored in or connected to the Drift platform as potentially compromised. On August 28, 2025, GTIG ...

August 28, 2025

European banks temporarily froze PayPal transactions worth billions after fraud system failure triggered widespread suspension of direct debits and delayed payments for online merchants and customers. A number of German lenders, including Bayerische Landesbank, Hessische Landesbank and DZ-Bank, reportedly halted direct debits linked to the online payment platform after detecting suspicious activity. German newspaper Süddeutsche Zeitung ...

August 28, 2025

Manitoba’s auditor general says a rural municipality failed to properly investigate a cyber attack that resulted in the loss of hundreds of thousands of dollars. Tyson Shtykalo investigated the cybersecurity breach that led to the Municipality of Westlake-Gladstone, west of Winnipeg, losing more than $472,000 over the course of a few weeks in 2019 and 2020. Read ...