Cybersecurity Newsletter 11 August, 2025
In this week’s news: Ransomware negotiator accused of receiving percentage from attackers, MedusaLocker ransomware gang is looking for new pentesters, U.S. Judiciary confirms breach of court electronic records service, Google Calendar invites let researchers hijack Gemini to leak user data, Connex Credit Union data breach impacts 172,000 members, CyberArk and HashiCorp Flaws Enable Remote Vault Takeover Without Credentials, Google disclosed a Salesforce Customer Relationship Management (CRM) breach
A former ransomware negotiator, whose identity has not been publicly disclosed, is under investigation by the U.S. Department of Justice for alleged clandestine agreements with criminal groups. Federal authorities suspect the ex-negotiator pocketed kickbacks from ransomware groups to steer negotiations in their favor.
https://www.suspectfile.com/cybercrime-and-corrupt-negotiators-the-dark-side-of-ransomware-negotiations/
MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters. The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent the ransomware in exchange for a cut of the profits.
- https://securityaffairs.com/181033/hacking/medusalocker-ransomware-group-is-looking-for-pentesters.html
- http://z6wkgghtoawog5noty5nxulmmt2zs7c3yvwr22v4czbffdoly2kl4uad.onion/
Google fixed a bug that allowed maliciously crafted Google Calendar invites to remotely take over Gemini agents running on the target's device and leak sensitive user data. The attack unfolded without requiring any user involvement beyond typical interactions with the assistant, which occur daily for users of Gemini.
https://www.bleepingcomputer.com/news/security/google-calendar-invites-let-researchers-hijack-gemini-to-leak-user-data/
The U.S. Federal Judiciary confirms that it suffered a cyberattack on its electronic case management systems hosting confidential court documents and is strengthening cybersecurity measures. The organization stated that, while most documents in the system are public, certain sealed filings contain sensitive information that is now protected with stricter access controls aimed at blocking hackers.
https://www.bleepingcomputer.com/news/security/us-judiciary-confirms-breach-of-court-electronic-records-service/
Google confirmed a breach in a Salesforce CRM instance affecting the data of prospective Google Ads customers. The website Databreaches.net reported that the attackers have sent an extortion demand to the Tech giant. Google Threat Intelligence Group confirmed that one of its Salesforce database systems, used to store contact information and related notes for small and medium-sized businesses, was breached by the threat actor ShinyHunters (aka UNC6040).
https://securityaffairs.com/181017/data-breach/google-confirms-salesforce-crm-breach-faces-extortion-threat.html
A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious botnet and use it to conduct powerful distributed denial-of-service (DDoS) attacks. The approach has been codenamed Win-DDoS by SafeBreach researchers Or Yair and Shahak Morag, who presented their findings at the DEF CON 33 security conference today.
https://thehackernews.com/2025/08/new-win-ddos-flaws-let-attackers-turn.html
Connex, one of Connecticut's largest credit unions, warned tens of thousands of members that unknown attackers had stolen their personal and financial information after breaching its systems in early June.
https://www.bleepingcomputer.com/news/security/connex-credit-union-discloses-data-breach-impacting-172-000-people/
Cybersecurity researchers have discovered over a dozen vulnerabilities in enterprise secure vaults from CyberArk and HashiCorp that, if successfully exploited, can allow remote attackers to crack open corporate identity systems and extract enterprise secrets and tokens from them. The 14 vulnerabilities, collectively named Vault Fault, affect CyberArk Secrets Manager, Self-Hosted, and Conjur Open Source and HashiCorp Vault.
https://thehackernews.com/2025/08/cyberark-and-hashicorp-flaws-enable.html
A cyberattack on Bouygues Telecom exposed data for 6.4 million customers. Find out what information was compromised and what you need to do to protect yourself from scams, as the company warns customers to be on high alert.
https://hackread.com/bouygues-telecom-cyberattack-6-4m-customers-affected/
A new security flaw, dubbed AgentFlayer, has been revealed that demonstrates how attackers can secretly steal personal information from users’ connected accounts, like Google Drive, without the user ever clicking anything. The vulnerability was discovered by cybersecurity researchers at Zenity and presented at the recent Black Hat conference.
https://hackread.com/agentflayer-0-click-exploit-chatgpt-connectors-steal-data/
Cybersecurity researchers have uncovered multiple security flaws in Dell's ControlVault3 firmware and its associated Windows APIs that could have been abused by attackers to bypass Windows login, extract cryptographic keys, as well as maintain access even after a fresh operating system install by deploying undetectable malicious implants into the firmware.
https://thehackernews.com/2025/08/researchers-reveal-revault-attack.html
Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) communication protocol that could be abused by an attacker to conduct spoofing attacks and impersonate a known server.
https://thehackernews.com/2025/08/researchers-detail-windows-epm.html
Cybersecurity researchers have disclosed vulnerabilities in select model webcams from Lenovo that could turn them into BadUSB attack devices. "This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system," Eclypsium researchers Paul Asadoorian, Mickey Shkatov, and Jesse Michael said in a report shared with The Hacker News.
https://thehackernews.com/2025/08/linux-based-lenovo-webcams-flaw-can-be.html
A Nigerian man has been extradited from France to face hacking, identity theft, and fraud charges in the US. He and his co-conspirators allegedly used spearphishing to steal customer data, filing fraudulent tax returns and disaster relief claims worth millions of dollars.
https://hackread.com/nigerian-extradited-france-us-hacking-fraud-allegations/
An unknown threat actor has stolen the sensitive personal, financial, and health information of nearly 870,000 Columbia University current and former students and employees after breaching the university's network in May. Established in 1767 as King's College, Columbia University is a private Ivy League research university with a budget of $6.6 billion in 2024, over 20,000 employees, including 4,700 academic staff, and over 35,000 enrolled students across 19 schools and special programs.
https://www.bleepingcomputer.com/news/security/columbia-university-data-breach-impacts-nearly-870-000-students-applicants-employees/