Weekly Cybersecurity Recap - 11 August 2025

Introduction

This week’s cybersecurity roundup spans everything from AI-powered phishing scams in Brazil to vulnerabilities in enterprise vault systems, high-profile airline breaches, and even red teamers dismantling GPT-5’s safeguards in under a day. We also cover a $1M crypto heist via malicious Firefox extensions, landmark cybersecurity education reforms in the UAE, and renewed warnings about social engineering scams.

Threat Campaigns and Malware

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims

Cybercriminals in Brazil are weaponizing legitimate generative AI website-building tools like DeepSite AI and BlackBox AI to create convincing replicas of government websites. These fake portals mimic agencies such as the State Department of Traffic and Ministry of Education, luring victims into making fraudulent PIX payment transfers. The attackers boost their scam sites’ visibility using SEO poisoning, dramatically increasing the reach and success rate of the campaign.

GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions

A large-scale campaign, dubbed GreedyBear, has been uncovered involving over 150 malicious Firefox extensions impersonating well-known crypto wallets such as MetaMask, TronLink, Exodus, and Rabby. The operation has stolen more than $1 million using a technique known as Extension Hollowing to bypass Mozilla safeguards. This attack highlights how browser extensions remain an underestimated security risk in the crypto space.

SocGholish Malware Spread via Ad Tools; Delivers Access to LockBit, Evil Corp, and Others

Operators of the SocGholish malware are now leveraging Traffic Distribution Systems like Parrot TDS and Keitaro TDS to redirect victims to malicious content. SocGholish infections give attackers a foothold they can sell to ransomware groups including Evil Corp, LockBit, Dridex, and Raspberry Robin. Recent campaigns have even reversed roles, using Raspberry Robin itself as a delivery vehicle for SocGholish.

Vulnerabilities and Exploits

CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials

Security researchers have identified 14 vulnerabilities — collectively called “Vault Fault” — affecting CyberArk Secrets Manager, Self-Hosted, Conjur Open Source, and HashiCorp Vault. Exploiting these flaws could let attackers bypass authentication entirely and extract enterprise secrets, tokens, and identity system credentials remotely.

Attackers Target the Foundations of Crypto: Smart Contracts

Beyond traditional wallet theft, cybercriminals are increasingly exploiting vulnerabilities or intentionally deploying malicious smart contracts. One recent scam tricked victims into funding a fake trading arbitrage contract, hiding malicious transfer functions in the code to siphon off over $900,000. Such schemes underscore the risks of interacting with opaque blockchain code, especially for non-technical users.

Policy and Education

UAE to teach cybersecurity from grade 1 to 12 in landmark curriculum overhaul

Starting in the 2025–26 academic year, the UAE will integrate cybersecurity education into the national curriculum from Grade 1 through Grade 12. The initiative aims to prepare students for a digitally connected world by introducing teaching materials on digital safety, cyber hygiene, and responsible technology use.

UAE Cybersecurity Council warns public of six social engineering scams

The UAE Cybersecurity Council has issued a public warning about six prevalent social engineering methods. Criminals often gather personal data, build rapport online, and then exploit this trust to extract sensitive information before disappearing. Officials urge citizens to avoid posting details online they wouldn’t share in person.

High-Profile Breaches

Air France, KLM Say Hackers Accessed Customer Data

Air France and KLM have reported that attackers compromised a third-party platform used for customer service, exposing personal details including names, contact information, loyalty program numbers, and service request summaries. While passwords and payment details were not mentioned, the breach highlights persistent third-party risk in airline operations.

AI Security

Red Teams Jailbreak GPT-5 With Ease, Warn It’s ‘Nearly Unusable’ for Enterprise

Two separate security testing teams successfully bypassed GPT-5’s safety mechanisms within 24 hours of release using multi-turn “storytelling” attacks. Researchers warn that the model’s raw form, even with OpenAI’s internal prompt layer, leaves exploitable gaps, making it ill-suited for secure enterprise deployment without substantial additional safeguards.