A zero-click remote code execution vulnerability (CVE-2025-43300) in Apple's iOS, affecting iOS 18.6.1, was disclosed, allowing execution via malicious DNG files. Apple addressed the vulnerability in iOS 18.6.2, iPadOS 18.6.2, and macOS Sequoia 15.6.1, as reported on August 25, 2025.

On August 25, 2025, GBHackers reported on Mac.c, a new macOS infostealer marketed on the dark web, designed for rapid data exfiltration. The malware, priced at $1,500 monthly, targets iCloud Keychain entries, browser passwords, and cryptocurrency wallet data.

In August 2025, researchers discovered credential harvesting attacks exploiting SendGrid, using phishing emails to bypass security gateways. Attackers use three email themes to trick users into providing credentials, directing victims to phishing pages.

A new Android malware, 'Android.Backdoor.916.origin,' posing as an antivirus from Russia's FSB, targets Russian business executives. The malware can snoop on conversations and exfiltrate data, connecting to a C2 server for commands.

Cybersecurity News reports on KorPlug malware, which uses O-LLVM obfuscation to evade detection. Researchers analyzed the malware's control flow, identifying obfuscation strategies and the need for binary patching for deobfuscation.

A data breach affecting numerous Italian hotels revealed that valid credentials were stolen between 2023 and 2024 via infostealer malware. The compromise stemmed from a centralized SaaS cloud platform, with potential compromise of an IT staff account.