On August 25, 2025, a zero-click vulnerability in Zendesk's Android SDK was disclosed, enabling attackers to hijack support accounts and steal tickets. The flaw, stemming from weak token generation, prompted Zendesk to issue a patch after responsible disclosure.

On August 25, 2025, Microsoft Windows users were warned about a global email attack installing UpCrypter malware, granting hackers full system control. The attack, reported by DeepWatch and Fortinet, uses spoofed sites to trick users into downloading RATs, targeting sectors like manufacturing and healthcare.

The hacker group Lab Dookhtegan claimed responsibility for disrupting communications on 39 tankers and 25 containerships belonging to the National Iranian Tanker Company (NITC) and the Islamic Republic of Iran Shipping Lines (IRISL). The attack, which targeted systems sanctioned by the U.S., disabled tracking and satellite links.

Researchers discovered a novel AI attack that hides data-theft prompts within images processed by AI systems, exploiting downscaling algorithms. The attack, tested on Google Gemini CLI and Vertex AI Studio, involves prompt injections to bypass AI guardrails and manipulate outputs.

On August 25, 2025, a comprehensive operational dump from the North Korean Kimsuky APT organization appeared on a dark web forum, including virtual machine images and phishing kits. The leak, exposing the group’s infrastructure and tactics, contained thousands of stolen South Korean GPKI certificates and keys.

The Hacker News reports on the Picus Blue Report 2025, which analyzed over 160 million attack simulations, revealing that organizations are only detecting 1 out of 7 simulated attacks. Key issues include log collection failures, misconfigured detection rules, and performance problems.

A research team has developed Chimera, an AI system using LLM agents to simulate both normal and malicious employee activities within enterprise settings. The goal is to create realistic datasets for insider threat detection, generating diverse datasets across various scenarios.

GBHackers Security published an article listing the top 10 incident response companies for 2025, highlighting trends like sophisticated data exfiltration and ransomware. The selection focused on specialization, rapid deployment, and expertise in areas like cloud forensics and regulatory compliance.

Malware persistence techniques allow attackers to maintain access to compromised systems despite reboots or resets. Wazuh helps detect and block techniques like scheduled tasks and modified system files.

The article discusses the need for organizations to rethink their approach to securing infrastructure due to increasing cyber threats and cloud adoption. The article emphasizes prioritizing detection across a wide attack surface, behavior-based detection, and resilient backups.

On August 25, 2025, Keeper CEO and Co-Founder Darren Guccione explored why traditional cybersecurity tools fail to keep up with today's threats. Guccione suggests a unified platform built on zero trust, least privilege, and AI-powered automation is needed to redefine modern defense.

Security Boulevard published an article discussing Shadow IT as a cybersecurity challenge, involving employees using unsanctioned apps and devices. TrustCloud's platform helps organizations discover unmanaged applications, assess risks, and align them with compliance controls.

In 2025, endpoint detection and response (EDR) solutions are critical for cybersecurity, continuously monitoring endpoint activity to detect suspicious activities. The article reviews the Top 10 Best EDR Companies for 2025, highlighting the importance of proactive threat hunting and rapid incident response.

French retailer Auchan suffered a cyberattack, announced on August 21, 2025, exposing sensitive customer data, including names and addresses. The breach, the second significant incident within a year, prompted Auchan to notify the French Data Protection Authority (CNIL).

The Hacker News published a weekly cybersecurity recap on August 25, 2025, covering password manager plugin vulnerabilities, an Apple 0-day fix, and news about a spy extension for Chrome. The recap also included updates on Hyundai, Microsoft, and Telegram/WhatsApp.

On August 25, 2025, Attaxion launched Agentless Traffic Monitoring for its exposure management platform, providing network traffic visibility without agents. This feature uses real-time NetFlow data and threat intelligence to identify malicious traffic, offering a 30-day free trial.

An article discusses the Integrated SIEM-SOAR-EDR Platform, combining SIEM, SOAR, and EDR to combat advanced cyber threats. Organizations adopting this platform report a 90% reduction in response time and 40–60% fewer false positives.

The Enterprise Security Weekly podcast, released on August 25, 2025, features an interview with Harish Peri from Okta, previewing the Oktane event and discussing securing Agentic AI. The podcast also covers indirect prompt injection issues and other cybersecurity news.

On August 25, 2025, Transparent Tribe (APT36) targeted Indian Government entities using spear-phishing emails with malicious desktop shortcut files for Windows and BOSS Linux systems. The group uses weaponized .desktop shortcut files to deploy the Poseidon backdoor for data collection and credential harvesting.

Cybersecurity researchers discovered attackers distributing proxyware malware through fake YouTube video download pages, tricking users into installing malicious executables. The operation leverages GitHub for malware hosting, leading to widespread infections, particularly in South Korea.

CISA issued a security alert on August 25 and 26, 2025, regarding the active exploitation of a Git vulnerability (CVE-2025-48384), mandating patching by September 15, 2025, for federal agencies. CISA also alerted about Citrix Session Recording flaws.

Researchers discovered that AI deep learning models are vulnerable to a Rowhammer-based attack called OneFlip, which can flip a single bit in neural network weights. This attack can backdoor AI systems without significantly impacting performance, potentially causing autonomous vehicles to misinterpret their environment.

On August 25, 2025, scammers used Google Ads to promote fake Tesla websites to obtain illicit preorders for the unreleased Optimus humanoid robot and other items. These sites, mimicking Tesla's official domain, demand a $250 non-refundable deposit and collect credit card information.

A malvertising campaign used sponsored results on Microsoft’s search platform to deliver a weaponized PuTTY that established persistence and executed Kerberoasting to target Active Directory service accounts.

Security researcher Mattia “0xbro” Brollo revealed three severe vulnerabilities in vtenext CRM (versions 25.02 and earlier) that allow attackers to bypass authentication and execute arbitrary code. These include XSS and session hijacking, SQL injection, and a direct password reset flaw.

GreyNoise reported a significant spike in scanning activity, with nearly 1,971 IP addresses probing Microsoft Remote Desktop Web Access and RDP Web Client authentication portals. The scans test for timing flaws to verify usernames for future credential-based attacks.

A report details how Chinese APT groups use proxy and VPN services to hide their infrastructure, focusing on services like WgetCloud. The investigation revealed over 1,000 IPs with a similar SSL certificate, primarily in China, complicating attribution and detection of malicious activities.