11 Cybersecurity News Worth Your Attention this Week Summarised –11/08/2025

This week’s news were dominated by cool and interesting research from BlackHat USA. I am also happy to see interesting AI developements on the detection and defecne side of things. Agents for the good in cybersecurity for a change!

P.S. Scroll down to subscribe to this weekly summary as an e-mail.

P.P.S. Got some feedback that the last summary was tooooo long, so I’ll try to wrap it up with up to 15 news items per week from now on. If anyone has any other feedback, please let me now!

1. Researchers Uncover RCE Attack Chains in HashiCorp Vault and CyberArk Conjur

Security researchers identified 14 logic flaws in HashiCorp Vault and CyberArk Conjur that allow unauthenticated actors to bypass authentication, impersonate identities, and execute arbitrary code. These vulnerabilities strike at the heart of credential management systems—often called "the keys to the kingdom" and could lead to full infrastructure compromise if left unpatched.

Key Details

• Cyata discovered attack chains affect both open-source Vault and Conjur.
• Vendors have released patches and security bulletins; detailed disclosures are now public.

Next Steps

• Immediately upgrade Vault and Conjur to patched versions.

Read more at CSO Online, Cyata, HashiCorp

2. Microsoft Unveils Project Ire for Autonomous Malware Reverse Engineering

Microsoft’s Project Ire is an autonomous AI agent that reverse engineers and classifies software threats without prior signatures, achieving 0.98 precision and 0.83 recall on Windows drivers and automatically blocking an APT sample in testing. 

It combines low-level binary analysis tools (angr, Ghidra) with large language models to generate a human-readable "chain of evidence", aiming to reduce alert fatigue and speed triage. 

Key Details

• Reconstructed control-flow graphs via angr and Ghidra to analyze binary behavior
• Flagged 90% of 4,000 “hard-target” malicious files with a 4% false-positive rate
• First Microsoft reverse engineer—human or AI—to auto-block a confirmed APT sample
• Not available to the public but will be used inside the Microsoft Defender organisation

Read more at CSO Online, Microsoft Research Blog

3. Active Exploitation of Zero-Day RCE in Trend Micro Apex One

Trend Micro warns that a critical command-injection flaw (CVE-2025-54948/54987) in its Apex One Management Console is being actively exploited to achieve remote code execution. 
While a full patch is due mid-August, Trend Micro has released a temporary mitigation tool—at the cost of disabling remote agent installs—and urges tighter console access controls immediately.

Key Details

• The vulnerability allows pre-auth attackers to run arbitrary code on unpatched Apex One servers.
• Trend Micro has observed at least one live exploitation attempt in customer environments.
• Temporary mitigation disables the Remote Install Agent feature until the August patch.

Next Steps

• Apply Trend Micro’s mitigation tool to block exploitation attempts.

Read more at Bleeping Computer, Trend Micro Advisory, JPCERT/CC Alert

4. MCPoison Attack Exploits Cursor IDE’s MCP Validation for Persistent Code Execution

A critical flaw (CVE-2025-54136) in Cursor IDE’s Model Context Protocol (MCP) trust model lets attackers swap benign, approved MCP configs for malicious commands without re-prompting users. This "MCPoison" technique enables silent, persistent remote code execution every time the IDE launches. 

Key Details

• The vulnerability resides in .cursor/rules/mcp.json entries, binding trust to MCP names only.
• Attackers commit a harmless MCP file, gain one-time user approval, then swap in payloads (e.g., reverse shells) later.
• Check Point Research demonstrated an auto-executing reverse shell on every IDE launch.
• Cursor IDE 1.3 (released July 29, 2025) now prompts for approval on any MCP configuration change.

Next Steps

• Upgrade all Cursor IDE instances to version 1.3 or later immediately.
• Audit repositories for existing .cursor/rules/mcp.json entries and review their approval history.

Read more at

• Cybersecurity News, Check Point Research, Github

5. New “Win-DDoS” Technique Turns Public Domain Controllers Into Unwitting DDoS Botnets via LDAP Referrals

SafeBreach researchers have discovered “Win-DDoS”, a method that abuses Windows RPC and LDAP referral processes to enlist thousands of publicly exposed domain controllers in volumetric DDoS attacks without credentials or malware. 

Four related unauthenticated denial-of-service flaws have also been identified and patched in Windows LSASS, Netlogon, LDAP and Print Spooler components. 

Key Details

• Win-DDoS leverages an unauthenticated RPC trigger to make DCs issue CLDAP requests, which are redirected via crafted LDAP referrals at the attacker’s server.
• Referred servers loop through long URL lists, repeatedly querying a target IP and port, generating sustained high-volume traffic.
• Researchers also detailed “TorpeDoS,” a high-efficiency RPC-based DoS that mimics a DDoS from a single host, and three new zero-click DoS flaws.
• Microsoft has released fixes for CVE-2025-26673, CVE-2025-32724, CVE-2025-49716 (all CVSS 7.5), and CVE-2025-49722 (CVSS 5.7) between May and July 2025.

Next Steps

• Isolate or remove publicly reachable domain controllers immediately.
• Deploy Microsoft’s May–July 2025 security updates for LDAP, LSASS, Netlogon and Print Spooler.

Read more at The Hacker News, SafeBreach Blog

6. AWS ECS “ECScape” Flaw Enables Lateral IAM Role Hijacking

At Black Hat USA 2025, researcher Naor Haziz revealed ECScape — a new privilege escalation in EC2-backed Amazon ECS that lets a low-privilege container steal IAM credentials from co-located tasks via an undocumented WebSocket channel (ACS) and the EC2 Instance Metadata Service (IMDS).

Key Details

• Attack steps: read instance role via IMDS → impersonate ECS agent over ACS WebSocket → intercept other task IAM creds.
• Stolen credentials operate as the victim’s role, so CloudTrail logs show legitimate task activity.
• Issue affects EC2-backed ECS only; AWS Fargate tasks run in isolated micro-VMs and are not vulnerable.
• Sweet Security published PoC on GitHub and demo video; CVE pending.

Next Steps

• Restrict or disable IMDS access for untrusted ECS tasks.
• Consider migrating critical services to AWS Fargate for stronger isolation.

Read more at CSO Online, Sweet Security Blog, GitHub

7. Zero-Click Prompt Injection Attacks Compromise Enterprise AI Agents

Researchers from Zenity demonstrated "AgentFlayer," a series of zero- and one-click prompt injection exploits against AI agents — including ChatGPT, Microsoft Copilot Studio, and Cursor — to silently harvest credentials,exfiltrate internal documents, and leak conversation history without user interaction. 

Key Details

• Impacted platforms include ChatGPT Connectors, Copilot Studio custom agents, Cursor with Jira MCP, Salesforce Einstein, Google Gemini and Microsoft Copilot.
• Attackers embed hidden prompts in documents or tickets that AI agents execute, then exfiltrate data via image-loading URLs or automated emails.
• Zenity bypassed OpenAI’s url_safe filter by leveraging Azure Blob storage and its logging to capture URL parameters carrying API keys.
• Proof-of-concept chains also extract active chat history, agent configurations and CRM records without any human click.

Next Steps

• Audit AI agent connectors and remove unnecessary third-party integrations.

Read more at CSO Online, Zenity Labs report

8. Bouygues Telecom Data Breach Exposes Personal and IBAN Details of 6.4 Million Customers

On August 4, Bouygues Telecom (France) confirmed attackers accessed contact, contract and IBAN data for 6.4 million customers, though no passwords or credit card numbers were stolen.  The exposure of IBANs increases fraud risk and regulatory scrutiny for the carrier.  

Key Details

• Breached data: names, addresses, phone numbers, contract details, IBANs
• No login credentials or payment card data compromised
• Both consumer and business customer records affected
• Company filed complaint in France; perpetrators face up to five years’ jail

Read more at Bouygues Telecom, Hackread.com

9. EU’s Media Freedoms Act Takes Effect with Limited Spyware Safeguards

The European Media Freedoms Act (EMFA) took effect on Friday, outlawing most forms of state surveillance on journalists’ devices. It’s a landmark move after years of scandals where spyware was used to track reporters, compromise sources, and erode editorial independence. The fact that EMFA is an EU-wide regulation means it applies instantly and uniformly across all member states. That closes the door on governments stalling or watering it down — and countries that ignore it risk court action, heavy fines, and even losing EU funds.

Key Details

• EMFA adopted March 2024; effective as of August 8th across EU.
• June 2023 European Council amendments allow more spyware use under “essential state functions.”
• Press groups warn member states haven’t updated domestic laws to comply.
• Recent incidents: Italy’s Paragon spyware targeting journalists; past cases in Spain, Greece, Hungary.

Read more at The Record

10. Typosquatted PyPI Packages Drain Bittensor Wallets via Malicious Staking Code

Attackers published five lookalike PyPI packages mimicking "Bittensor" to intercept staking operations. Injected code in the stake_extrinsic function forces full-wallet transfers to an attacker-controlled address without user prompts.

Key Details

• Five typosquatted packages to mimmic “bittensor” package: bitensor (missing t), bittenso-cli (missing r), qbittensor, bitensor (missing t, extra e), bittenso (missing r) released within 25 minutes on August 6, 2025.
• Version numbers 9.9.4 and 9.9.5 chosen to mirror legitimate Bittensor package releases.
• Malicious code inserted at line 275 of add.py sets transfer_all=True and prompt=False, draining entire wallets.
• GitLab’s automated package-monitoring system flagged the campaign and prompted investigation.

Next Steps

• Deploy supply-chain scanners to detect typosquatted PyPI packages.

Read more at CybersecurityNews.com, GitLab

11. New AD Lateral Movement Techniques Bypass MFA to Compromise Microsoft 365 Services

At Black Hat USA 2025, researchers showed how attackers with full on-prem Active Directory control can use policy manipulation and Exchange hybrid certs to gain stealthy, MFA-free access to Microsoft 365. These methods let them impersonate any user, including Global Admins, without triggering logs, enabling full compromise of Exchange Online, SharePoint, and Entra ID in hybrid setups.

Key Details

• OnPremAuthenticationFlowPolicy injection lets adversaries create RC4-encrypted Kerberos tickets that bypass MFA.
• Exchange hybrid certificate theft: Exported certs can request unsigned S2S tokens with trustedfordelegation, valid for 24h, non-revokable, and invisible to logging.
• Issued tokens leverage the trustedfordelegation claim to impersonate any user for 24 hours and cannot be revoked.
• Microsoft blocked some token abuse in Aug 2025; Exchange/SharePoint impersonation fix expected Oct 2025.

Next Steps

• Audit OnPremAuthenticationFlowPolicy for unauthorized key entries.
• Review Exchange hybrid certificate usage and unexpected S2S token requests.
• Enable hard matching in Entra ID Connect to prevent silent account takeovers.

Read more at CybersecurityNews.com, Black Hat USA 2025 Briefing

Subscribe