Weekly Cybersecurity Recap - 1 September 2025

Introduction

From groundbreaking AI-powered threats to urgent zero-day fixes, last week’s cybersecurity landscape underscored the speed at which attackers innovate and the vigilance defenders must maintain. Here’s a recap of the most significant developments

Threats and Campaigns

Hackers steal data from Salesforce instances in widespread campaign

Researchers at Google Threat Intelligence Group revealed that hackers stole user credentials from Salesforce customers by abusing a third-party tool. The campaign, which unfolded earlier this month, enabled attackers to harvest credentials that could be leveraged for follow-up attacks. This highlights once again how third-party services can expand the threat surface for enterprises.

Hackers Target Popular Nx Build System in First AI-Weaponized Supply Chain Attack

The Nx build platform - downloaded more than 4 million times weekly - became the first known case of a supply chain attack where adversaries weaponized AI assistants to facilitate data theft. Thousands of developer credentials were compromised, demonstrating how widely used open-source platforms can quickly become high-value targets for attackers.

Someone Created the First AI-Powered Ransomware Using OpenAI's gpt-oss:20b Model

ESET researchers disclosed PromptLock, the first ransomware strain powered by AI. Written in Golang, PromptLock uses the gpt-oss:20b model locally via the Ollama API to generate malicious Lua scripts on the fly. By integrating AI in real time, the ransomware takes customization and automation to a new level, signaling a worrying shift in cybercriminal tactics.

Vulnerabilities

WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp patched a serious vulnerability in its iOS and macOS apps, which may have been exploited in targeted zero-day campaigns. Tracked as CVE-2025-55177, the flaw stemmed from insufficient authorization of linked device synchronization messages. Researchers noted its potential connection to a recently disclosed Apple zero-day, emphasizing the growing risks posed by zero-click exploits.

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Security researchers disclosed three vulnerabilities in the Sitecore Experience Platform that could be chained to achieve information disclosure and remote code execution. The flaws, if exploited together, open a path for attackers to compromise critical web infrastructure, raising concerns for enterprises that rely on Sitecore for digital content management.

AI and Emerging Tech

How AI is reshaping cybersecurity operations

Artificial intelligence is transforming enterprise security operations, forcing CISOs to adapt their teams and defenses. Generative AI tools are already embedded into workflows, with a Boston Consulting Group survey showing that half of organizations are using them to redesign processes. Looking ahead, 77% of security leaders believe AI agents will be critical to enterprise functions within the next five years.

Cybersecurity signals: Connecting controls and incident outcomes

A new study by Marsh McLennan’s Cyber Risk Intelligence Center analyzed thousands of organizations’ cyber self-assessments against real-world claims data. The research revealed which controls most effectively reduce breach risks, providing CISOs with evidence-based insights on where to focus security budgets for maximum impact.

Regional and Industry Insights

UAE Cybersecurity Council warns 60 per cent of financial attacks start with stolen credentials

The UAE Cybersecurity Council revealed that stolen credentials are the entry point for 60% of financial cyberattacks. Officials emphasized that adopting safe digital practices could cut risks by as much as 40%, underscoring the importance of basic security hygiene in protecting high-value assets.

UAE Cybersecurity Council stresses importance of device updates

The Council also urged UAE users to keep essential devices updated, including laptops, smartphones, routers, and smart home systems. Outdated software leaves systems vulnerable to malware, data theft, and breaches, particularly when used on unsecured networks. Enabling automatic updates was highlighted as a key step in closing security gaps.

Cisco outlines 5 steps to boost cybersecurity in UAE healthcare sector

Cisco published guidance for UAE healthcare providers, identifying five priority steps to strengthen defenses. With patient records increasingly targeted, and many hospitals still relying on outdated systems, the company stressed the urgency of building resilience against cyberattacks that could jeopardize both data security and patient care.

Business Moves

CrowdStrike Buys Onum for $290M to Boost SIEM Data Ingestion

CrowdStrike announced its plan to acquire Madrid-based Onum for $290M. Onum, a telemetry pipeline management startup founded by Devo’s former CTO, will enhance CrowdStrike’s ability to ingest and process third-party data. The move reflects CrowdStrike’s strategy to expand its platform capabilities and improve SIEM efficiency in handling complex enterprise data flows.