SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped underneath the radar.
We offer a useful abstract of tales that will not warrant a whole article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a set of noteworthy developments, starting from the newest vulnerability discoveries and rising assault strategies to vital coverage modifications and trade stories.
Listed below are this week’s tales:
Gladinet vulnerability exploited within the wild
A vulnerability affecting Gladinet’s CentreStack and Triofox merchandise has been exploited within the wild, Huntress warns. CentreStack is a cellular entry and safe sharing answer whereas Triofox is a safe file entry answer. Huntress earlier this 12 months found exploitation of CVE-2025-30406, a hardcoded machine key situation affecting the merchandise, and it has now detected exploitation of a brand new vulnerability, CVE-2025-11371, which permits unauthenticated native file inclusion. Gladinet is conscious of the problem and is within the technique of offering a workaround to prospects till a patch is developed.
US universities focused by payroll pirates
Microsoft has warned {that a} cybercrime group it tracks as Storm-2657 has been concentrating on US universities in an effort to hack worker accounts on HR platforms corresponding to Workday. The purpose is to divert wage funds to accounts managed by the attackers. Some of these menace actors are often known as “payroll pirates”. The assaults seen by Microsoft don’t contain exploitation of Workday vulnerabilities. As an alternative the hackers are leveraging social engineering ways and the shortage of MFA to compromise accounts.
Zimbra vulnerability exploited in assault on Brazilian navy
StrikeReady warned {that a} Zimbra vulnerability tracked as CVE-2025-27915 was exploited earlier this 12 months to focus on Brazil’s navy. The assault concerned a malicious ICS calendar file. There don’t look like different public stories describing exploitation of CVE-2025-27915, which has been described as an XSS flaw permitting an attacker to execute arbitrary JavaScript and carry out unauthorized actions on the sufferer’s Zimbra account, together with e mail redirection and information exfiltration.
Mic-E-Mouse assault
A group of researchers from the College of California have disclosed the small print of an assault technique they’ve named Mic-E-Mouse, which leverages the high-performance optical sensors on a mouse to listen in on customers. The researchers confirmed that speech induces delicate floor vibrations that the mouse’s sensor can detect. The audio high quality is initially poor, however the researchers confirmed how it may be processed to enhance its high quality. However, accuracy continues to be low in actual world atmosphere exams.
Two arrested in UK over nursery chain hack
Two unnamed people, reportedly aged 17 and 22, have been arrested within the UK over a cyberattack that focused the nursery chain Kido. Hackers stole the names, addresses, and pictures of 8,000 kids and began leaking them with the intention to persuade Kido to pay a ransom. The hackers additionally referred to as impacted mother and father to extend the stress on the nursery chain. In response to pushback from different hackers, the youngsters’s photos have been blurred, and later all the information was taken offline.
Brightstar and Decisely information breaches influence over 100,000
Brightstar and Decisely Insurance coverage Companies have every disclosed information breaches impacting greater than 100,000 folks. IGT and its lottery enterprise Brightstar stated unauthorized entry was found practically one 12 months in the past, however it took till not too long ago to find out what sort of knowledge was compromised and who was impacted. Decisely found unauthorized entry in December 2024 and began notifying affected people in June 2025. The info breach at Decisely impacted private data associated to its companion MetLife.
WordPress plugin vulnerability exploited
Hackers have been trying to exploit CVE-2025-5947, a crucial vulnerability within the Service Finder Bookings plugin, to hack WordPress web sites. The plugin is a part of the premium Service Finder theme, which has been acquired by roughly 6,000 web sites. The vulnerability was patched on July 17 and disclosed by Defiant on July 31. Exploitation began on August 1 and Defiant’s Wordfence firewall has already blocked practically 14,000 assaults.
Honeypot information reveals ICS/OT assaults from Russia and Iran
An ICS/OT honeypot run by Forescout, designed to imitate a water remedy plan, has been focused by a Russia-linked group named TwoNet, which tried to deface the related HMI, disrupt processes, and manipulate different ICS. TwoNet has been concerned in hacktivist assaults, however a lot of its actions appear pushed by revenue. Forescout’s honeypots additionally noticed assault makes an attempt which have been linked to Russia and Iran.
OpenAI disrupts ChatGPT abuse
OpenAI has revealed one other report describing the actions it has taken in opposition to the malicious use of ChatGPT. The corporate has seen Russian, Chinese language and (North) Korean menace actors abusing its AI assistant for malware improvement, phishing, scams, and affect operations.
ClayRat Android spyware and adware targets Russia
Zimperium has detailed ClayRat, an Android spyware and adware primarily concentrating on Russian customers. The malware has been distributed by way of Telegram channels and phishing websites, disguised as common apps corresponding to WhatsApp, TikTok, and YouTube. As soon as it has been put in on a tool, ClayRat can steal SMS messages, notifications, and name logs, take photographs with the contaminated system’s entrance digital camera, and ship messages or make calls from the sufferer’s cellphone.
Associated: In Different Information: PQC Adoption, New Android Spy ware, FEMA Knowledge Breach
Associated: In Different Information: LockBit 5.0, Division of Struggle Cybersecurity Framework, OnePlus Vulnerability
