Weekly Cybersecurity Recap - 25 August 2025

Introduction

This past week brought a wave of critical developments across the cybersecurity landscape, from large-scale breaches and social engineering campaigns to new frameworks designed to secure AI. Organizations faced threats ranging from ransomware and backdoors to clickjacking in password managers, while researchers shed light on systemic flaws across major platforms. Here’s a breakdown of the most important updates.

Exploits and Vulnerabilities

Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware

A patched flaw in Microsoft Windows has been exploited to deliver the PipeMagic backdoor in ransomware attacks. CVE-2025-29824, a privilege escalation vulnerability in the Windows Common Log File System, was used by threat actors to deploy PipeMagic, first seen in industrial-focused RansomExx campaigns. Researchers note that PipeMagic enables full remote access and command execution, making the flaw especially dangerous despite Microsoft’s April 2025 patch.

Apple Patches Zero-Day Flaw Used in 'Sophisticated' Attack

Apple addressed CVE-2025-43300 in its ImageIO framework, an out-of-bounds write vulnerability actively exploited in targeted attacks. Apple described the exploitation as “extremely sophisticated,” warning that malicious image files could lead to memory corruption. This is the latest in a series of zero-day flaws patched by Apple this year, underscoring the ongoing pressure on defenders to monitor evolving attack vectors.

Password Managers Vulnerable to Data Theft via Clickjacking

A security researcher revealed that nearly a dozen major password managers were vulnerable to clickjacking attacks, enabling the theft of highly sensitive credentials. The findings, presented at DEF CON, affected browser extensions of widely used services such as 1Password, LastPass, Bitwarden, and NordPass. These flaws highlight the persistent risks in tools that are supposed to safeguard identity and authentication data.

Intel Employee Data Exposed by Vulnerabilities

A researcher discovered flaws in Intel systems that exposed employee information, including through an authentication bypass on an internal India-based portal. Although Intel patched the vulnerabilities in late 2024, the disclosure highlights the lingering risks in employee-facing infrastructure that can be leveraged by attackers.

Malware and Threat Campaigns

Cybercriminals Deploy CORNFLAKE.V3 Backdoor via ClickFix Tactic and Fake CAPTCHA Pages

Threat group UNC5518 has been observed using deceptive CAPTCHA lures to trick victims into granting system access, which is then used to deploy the CORNFLAKE.V3 backdoor. Researchers from Mandiant noted that the access gained is often sold to other groups as part of a growing access-as-a-service ecosystem.

Hackers Using New QuirkyLoader Malware to Spread Agent Tesla, AsyncRAT and Snake Keylogger

QuirkyLoader, a newly discovered malware loader, is being used in spam campaigns to distribute a wide range of malicious payloads. Since November 2024, campaigns have delivered well-known threats such as Agent Tesla, Remcos RAT, and Snake Keylogger, making QuirkyLoader an increasingly versatile tool for cybercriminals.

Hackers target Workday in social engineering attack

Hackers impersonating IT and HR staff breached a third-party vendor’s customer support system linked to Workday. This gave them access to customer names, emails, and phone numbers, which could be used for further social engineering. While Workday confirmed no compromise of its core systems, the incident highlights the continuing risks posed by third-party vendors.

AI and Security

New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework

The U.S. National Institute of Standards and Technology (NIST) has released a concept paper proposing AI-specific overlays to its SP 800-53 framework. These controls are designed to address unique risks associated with AI, such as data poisoning, adversarial prompts, and misuse of generative models. This initiative marks an important step in formalizing standards around AI security.

Agentic AI promises a cybersecurity revolution - with asterisks

Experts predict that agentic AI could significantly reshape cybersecurity by automating defenses and reducing repetitive workloads. However, they caution that AI agents are still in early stages and raise difficult questions about trust, accountability, and governance. CISOs are urged to proceed carefully before adopting this emerging technology.

Regional News

UAE: Warning issued as over 12,000 WIFI breaches recorded in 2025

The UAE’s Cyber Security Council reported more than 12,000 Wi-Fi breaches so far in 2025, accounting for 35% of all cyberattacks in the country. Hackers are exploiting open and free Wi-Fi networks to steal banking data, passwords, and personal information. The Council is urging citizens to avoid unsecured connections and prioritize safe browsing practices.