SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales which may have slipped below the radar.
We offer a priceless abstract of tales that won’t warrant a whole article, however are nonetheless vital for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the most recent vulnerability discoveries and rising assault methods to important coverage modifications and trade studies.
Listed below are this week’s tales:
Gladinet vulnerability exploited within the wild
A vulnerability affecting Gladinet’s CentreStack and Triofox merchandise has been exploited within the wild, Huntress warns. CentreStack is a cellular entry and safe sharing answer whereas Triofox is a safe file entry answer. Huntress earlier this 12 months found exploitation of CVE-2025-30406, a hardcoded machine key problem affecting the merchandise, and it has now detected exploitation of a brand new vulnerability, CVE-2025-11371, which permits unauthenticated native file inclusion. Gladinet is conscious of the difficulty and is within the means of offering a workaround to clients till a patch is developed.
US universities focused by payroll pirates
Microsoft has warned {that a} cybercrime group it tracks as Storm-2657 has been concentrating on US universities in an effort to hack worker accounts on HR platforms reminiscent of Workday. The aim is to divert wage funds to accounts managed by the attackers. Most of these menace actors are often known as “payroll pirates”. The assaults seen by Microsoft don’t contain exploitation of Workday vulnerabilities. As an alternative the hackers are leveraging social engineering ways and the dearth of MFA to compromise accounts.
Zimbra vulnerability exploited in assault on Brazilian army
StrikeReady warned {that a} Zimbra vulnerability tracked as CVE-2025-27915 was exploited earlier this 12 months to focus on Brazil’s army. The assault concerned a malicious ICS calendar file. There don’t seem like different public studies describing exploitation of CVE-2025-27915, which has been described as an XSS flaw permitting an attacker to execute arbitrary JavaScript and carry out unauthorized actions on the sufferer’s Zimbra account, together with e mail redirection and information exfiltration.
Mic-E-Mouse assault
A workforce of researchers from the College of California have disclosed the small print of an assault methodology they’ve named Mic-E-Mouse, which leverages the high-performance optical sensors on a mouse to snoop on customers. The researchers confirmed that speech induces refined floor vibrations that the mouse’s sensor can detect. The audio high quality is initially poor, however the researchers confirmed how it may be processed to enhance its high quality. Alternatively, accuracy continues to be low in actual world setting assessments.
Two arrested in UK over nursery chain hack
Two unnamed people, reportedly aged 17 and 22, have been arrested within the UK over a cyberattack that focused the nursery chain Kido. Hackers stole the names, addresses, and images of 8,000 kids and began leaking them so as to persuade Kido to pay a ransom. The hackers additionally known as impacted mother and father to extend the strain on the nursery chain. In response to pushback from different hackers, the kids’s pictures have been blurred, and later all the info was taken offline.
Brightstar and Decisely information breaches influence over 100,000
Brightstar and Decisely Insurance coverage Companies have every disclosed information breaches impacting greater than 100,000 individuals. IGT and its lottery enterprise Brightstar mentioned unauthorized entry was found practically one 12 months in the past, however it took till just lately to find out what kind of information was compromised and who was impacted. Decisely found unauthorized entry in December 2024 and began notifying affected people in June 2025. The information breach at Decisely impacted private data associated to its accomplice MetLife.
WordPress plugin vulnerability exploited
Hackers have been trying to exploit CVE-2025-5947, a essential vulnerability within the Service Finder Bookings plugin, to hack WordPress web sites. The plugin is a part of the premium Service Finder theme, which has been acquired by roughly 6,000 web sites. The vulnerability was patched on July 17 and disclosed by Defiant on July 31. Exploitation began on August 1 and Defiant’s Wordfence firewall has already blocked practically 14,000 assaults.
Honeypot information exhibits ICS/OT assaults from Russia and Iran
An ICS/OT honeypot run by Forescout, designed to imitate a water therapy plan, has been focused by a Russia-linked group named TwoNet, which tried to deface the related HMI, disrupt processes, and manipulate different ICS. TwoNet has been concerned in hacktivist assaults, however lots of its actions appear pushed by revenue. Forescout’s honeypots additionally noticed assault makes an attempt which were linked to Russia and Iran.
OpenAI disrupts ChatGPT abuse
OpenAI has revealed one other report describing the actions it has taken in opposition to the malicious use of ChatGPT. The corporate has seen Russian, Chinese language and (North) Korean menace actors abusing its AI assistant for malware improvement, phishing, scams, and affect operations.
ClayRat Android spyware and adware targets Russia
Zimperium has detailed ClayRat, an Android spyware and adware primarily concentrating on Russian customers. The malware has been distributed by Telegram channels and phishing websites, disguised as widespread apps reminiscent of WhatsApp, TikTok, and YouTube. As soon as it has been put in on a tool, ClayRat can steal SMS messages, notifications, and name logs, take images with the contaminated machine’s entrance digicam, and ship messages or make calls from the sufferer’s telephone.
Associated: In Different Information: PQC Adoption, New Android Spyware and adware, FEMA Information Breach
Associated: In Different Information: LockBit 5.0, Division of Struggle Cybersecurity Framework, OnePlus Vulnerability
