{"id":20272,"date":"2025-08-18T06:26:21","date_gmt":"2025-08-18T04:26:21","guid":{"rendered":"https:\/\/kordon.app\/?p=20272"},"modified":"2025-08-18T06:26:21","modified_gmt":"2025-08-18T04:26:21","slug":"11-cybersecurity-news-worth-your-attention-this-week-summarised-18-08-2025","status":"publish","type":"post","link":"https:\/\/kordon.app\/et\/11-cybersecurity-news-worth-your-attention-this-week-summarised-18-08-2025\/","title":{"rendered":"11 Cybersecurity News Worth Your Attention this Week Summarised \u201318\/08\/2025"},"content":{"rendered":"<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>This week we see continious rise in the EDR weaponised types of attacks. Another thing that has caught my eyes for the last couple of weeks &#8211; groups associated with Russia have been more active. Maybe not all of the news have made it to the list but there have definitely been more to choose from. Like this week a Russian group claimed rosponsibility for remotely opening valves of a Norweigan dam.<\/p>\n\n\n\n<p>P.S. You can get this summary straight into your inbox if you scroll down and subscribe to the newsletter. <\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">1. UK Telecom Provider Colt Reports Cyber Incident Causing Service Outages<\/h2>\n\n\n\n<pre class=\"wp-block-verse\">Colt Technology Services confirmed a cyber incident on internal systems this week that has <strong>left Colt Online and its Voice API platform offline<\/strong>, forcing the company to switch to manual monitoring. <strong>Customer infrastructure was not impacted<\/strong>.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Outage affects Colt Online portal and Voice API platform.<\/li>\n\n\n\n<li>Network monitoring and incident management moved to manual processes.<\/li>\n\n\n\n<li>Colt reports no compromise of customer infrastructure.<\/li>\n\n\n\n<li>Status updates available on Colt\u2019s public status page.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.colt.net\/status\/\">Colt Technology Services Status Page<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/therecord.media\/uk-colt-outages-cyber-incident\">The Record: UK Colt Outages Due to Cyber Incident<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">2. New Crypto24 Ransomware Campaign Can Bypass 30+ EDRs with Custom \u2018RealBlindingEDR\u2019 Tool<\/h2>\n\n\n\n<pre class=\"wp-block-verse\">Trend Micro reports a new <strong>Crypto24 ransomware wave uses a custom RealBlindingEDR variant<\/strong> and legitimate admin utilities to <strong>disable EDR, enabling stealthy lateral movement and data theft.<\/strong> Focused on large enterprises in finance, manufacturing, entertainment, and tech across Asia, Europe, and the US <strong>RealBlindingEDR<\/strong> c<strong>an netralize security callbacks for nearly 30 vendors!<\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The <strong>RealBlindingEDR<\/strong> variant neutralizes security callbacks for nearly 30 vendors.<\/li>\n\n\n\n<li>Attackers leverage <strong>PSExec, AnyDesk, GPScript.exe, and Google Drive for post-compromise activity.<\/strong><\/li>\n\n\n\n<li>Campaign <strong>targets high-value enterprises<\/strong> in financial services, manufacturing, entertainment, and tech.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Enable endpoint agent self-protection and anti-tampering features.<\/li>\n\n\n\n<li>Audit and restrict use of admin tools and scripts (e.g., gpscript.exe).<\/li>\n\n\n\n<li>Enforce least-privilege access and monitor scheduled tasks for anomalies.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/crypto24-ransomware-bypass-edr\">Dark Reading<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.trendmicro.com\/en_nl\/research\/25\/h\/crypto24-ransomware-stealth-attacks.html\">Trend Micro Research<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">3. Cisco Patches CVSS 10.0 RCE in Secure Firewall Management Center RADIUS Authentication<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Cisco released patches for a critical CVSS 10.0 vulnerability <\/strong>(CVE-2025-20265) in its <strong>Secure Firewall Management Center RADIUS subsystem<\/strong>, which <strong>allows unauthenticated remote attackers to inject and execute arbitrary shell commands at high privilege.<\/strong> The flaw affects FMC Software 7.0.7 and 7.7.0 when RADIUS authentication is enabled for web or SSH management, and there is no workaround except applying the update. <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>CVE-2025-20265 (CVSS 10.0) <strong>lets attackers send crafted RADIUS input to run shell commands.<\/strong><\/li>\n\n\n\n<li>Affects Secure FMC Software <strong>versions 7.0.7 and 7.7.0 with RADIUS on web\/SSH interfaces.<\/strong><\/li>\n\n\n\n<li>Discovered by Cisco\u2019s Brandon Sakai during internal testing; <strong>no known in-the-wild exploits.<\/strong><\/li>\n\n\n\n<li>Updates also address multiple high-severity DoS, HTML injection, and buffer overflow flaws.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Upgrade FMC to patched releases (7.0.8 or 7.7.1) immediately.<\/li>\n\n\n\n<li>Audit RADIUS authentication settings on management interfaces.<\/li>\n\n\n\n<li>Embed appliance updates into regular change-management workflows.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/thehackernews.com\/2025\/08\/cisco-warns-of-cvss-100-fmc-radius-flaw.html\">The Hacker News<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-fmc-radius-rce-TNBKf79\">Cisco Security Advisory<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">4. Norwegian Police Link Pro-Russian Hackers to April Dam Sabotage<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Norway\u2019s Police Security Service (PST) says pro-Russian hackers breached a small fishery dam control system in April, opening valves for four hours and releasing 500 L\/s of water into the Riselva River.<\/strong> <\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Attackers opened valves remotely <\/strong>for roughly four hours before operators regained control.<\/li>\n\n\n\n<li>Dam serves fishery purposes; <strong>no power-generation impact but high symbolic value in hydropower-reliant Norway.<\/strong><\/li>\n\n\n\n<li><strong>Pro-Russian \u201cZ-Alliance\u201d claimed responsibility;<\/strong> PST had warned in February of continued Russia-linked subversion.<\/li>\n\n\n\n<li>Similar Russia-linked intrusions hit water facilities in Indiana and Texas in 2024\u20132025.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/therecord.media\/norway-police-suspect-pro-russian-hackers-dam-sabotage\">The Record<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">5. Curly COMrades APT Abuses .NET Ngen COM Hijacking in Georgia, Moldova Espionage<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>A newly identified threat actor, Curly COMrades,<\/strong> has deployed a custom .NET backdoor called MucorAgent to hijack the Native Image Generator (Ngen) COM scheduler and <strong>maintain stealthy persistence in judicial and energy networks across Georgia and Moldova.<\/strong> <br><br><strong>They targeted NTDS and LSASS credentials,<\/strong> using curl-based C2, Resocks\/Stunnel\/SOCKS5 proxies, and <strong>compromised websites to blend malicious traffic with legitimate activity\u2014all aligned with Russia\u2019s long-term espionage goals.<\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Active since at least November 2023, tracked by Bitdefender since mid-2024.<\/li>\n\n\n\n<li>MucorAgent hijacks the Ngen scheduled task via COM CLSID to execute under SYSTEM privileges.<\/li>\n\n\n\n<li>Operators dumped NTDS database and LSASS memory for credential harvesting.<\/li>\n\n\n\n<li>Infrastructure uses curl, CurlCat, Resocks, Stunnel, SOCKS5 and compromised sites for low-noise C2.<\/li>\n\n\n\n<li>Additional tools include RuRat for persistence and Mimikatz for in-memory credential extraction.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Audit and restrict custom COM CLSID registrations for Ngen tasks.<\/li>\n\n\n\n<li><strong>Monitor unexpected activation of the .NET Native Image Generator task.<\/strong><\/li>\n\n\n\n<li><strong>Block unauthorized curl-based outbound traffic<\/strong> and proxy protocols.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/businessinsights.bitdefender.com\/curly-comrades-new-threat-actor-targeting-geopolitical-hotbeds\">Bitdefender report via Business Insider<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/thehackernews.com\/2025\/08\/new-curly-comrades-apt-using-ngen-com.html\">The Hacker News<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">6. Phishing Kits Exploit Downgrade Attack to Circumvent FIDO Authentication<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Researchers at Proofpoint demonstrated a proof-of-concept that uses the Evilginx adversary-in-the-middle framework to spoof user-agent strings and force Microsoft Entra ID to downgrade FIDO authentication to weaker MFA methods. <\/strong><br><br><strong>This tactic lets attackers relay valid credentials and one-time codes to obtain session tokens without ever breaking FIDO cryptography.<\/strong> Although not yet seen in the wild, the attack highlights risks for organizations allowing non-FIDO fallback logins.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Evilginx \u201cphishlets\u201d relay real Entra ID pages, avoiding spoof detection.<\/li>\n\n\n\n<li>Attack spoofs the victim\u2019s browser-OS combo as FIDO-unsupported.<\/li>\n\n\n\n<li>Entra ID then redirects to password+OTP or SMS, which attackers capture.<\/li>\n\n\n\n<li><strong>Proofpoint has not observed active exploits<\/strong> of this downgrade in the wild.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Enforce FIDO-only authentication policies<\/strong> in Microsoft Entra ID.<\/li>\n\n\n\n<li><strong>Disable SMS and OTP fallbacks for FIDO-enrolled accounts.<\/strong><\/li>\n\n\n\n<li>Monitor login user-agent strings for anomalies or proxy relays.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/downgrade-attack-phishing-kits-bypass-fido\">Dark Reading<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/dont-phish-let-me-down-fido-authentication-downgrade\">Proofpoint Threat Insight<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">7. Full ERMAC 3.0 Banking Trojan Infrastructure Exposed in Source Code Leak<\/h2>\n\n\n\n<pre class=\"wp-block-verse\">Cybersecurity researchers obtained <strong>the complete MaaS source code for ERMAC 3.0, revealing its full C2 backend, builder, and Android backdoor.<\/strong> The leak exposes hardcoded secrets, default credentials, and open registrations, offering defenders actionable insights to detect and disrupt active ERMAC campaigns.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Targets over 700 banking, shopping, and crypto apps via form injection.<\/strong><\/li>\n\n\n\n<li>Leaked components include PHP\/Laravel C2 server, React panel, Go exfil server, Kotlin Android backdoor, and builder tool.<\/li>\n\n\n\n<li>Malware excludes devices in CIS countries and uses AES-CBC encrypted communications.<\/li>\n\n\n\n<li>Critical flaws: hardcoded JWT secret, static admin bearer token, default root credentials, open admin registrations.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Block or monitor traffic to the identified exfiltration endpoint IP.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/hunt.io\/blog\/ermac-v3-banking-trojan-source-code-leak\">Hunt.io: ERMAC v3 Source Code Leak<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/thehackernews.com\/2025\/08\/ermac-v30-banking-trojan-source-code.html\">The Hacker News: ERMAC v3.0 Banking Trojan Leak<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">8. Interview Notes About Chrome Enterprise with Director of Product Management at Google<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Google is positioning Chrome Enterprise as a secure workspace platform,<\/strong> adding granular Data Loss Protection controls to block or allow downloads, uploads, and printing\u2014safeguarding intellectual property across managed, BYOD, and contractor environments. The solution gives CISOs and IT leaders policy-driven visibility and governance\u2014essential in regulated industries\u2014while preserving user productivity. <strong>Later this year, Google will embed its Gemini AI directly in Chrome to enable secure, in-browser automation and insights.<\/strong><\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Data Loss Protection (DLP) policies control file downloads, uploads, and printing.<\/li>\n\n\n\n<li>Supports third-party contractors and BYOD with consistent security rules.<\/li>\n\n\n\n<li>Customizable Chrome policies help meet regulatory and data-governance requirements.<\/li>\n\n\n\n<li>Gemini AI integration planned for enterprises later this year to boost productivity.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.darkreading.com\/endpoint-security\/google-chrome-enterprise-advanced-browser-security-modern-workforce\" target=\"_blank\" rel=\"noopener\" title=\"\">Dark Reading News Desk<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">9. FortiSIEM RCE Vulnerability Disclosed as SSL VPN and FortiManager Attacks Spike<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Fortinet patched CVE-2025-25256, an unauthenticated OS command injection flaw in FortiSIEM, after proof-of-concept code appeared in the wild.<\/strong> Researchers also reported a multi\u2010wave surge of brute\u2010force and FGFM protocol attacks against SSL VPN and FortiManager, a pattern that historically predicts new vulnerability disclosures within weeks.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CVE-2025-25256 <\/strong>impacts FortiSIEM 5.4\u20137.3.1 and <strong>allows remote code execution via phMonitor port 7900.<\/strong><\/li>\n\n\n\n<li><strong>Patches released; <\/strong>flaw generates no distinct indicators of compromise.<\/li>\n\n\n\n<li>GreyNoise saw ~780 unique IPs brute-forcing SSL VPNs, then pivoting to FortiManager via FGFM.<\/li>\n\n\n\n<li>80% of past Fortinet attack spikes preceded a vulnerability disclosure within six weeks.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Upgrade FortiSIEM<\/strong> to the latest fixed release immediately.<\/li>\n\n\n\n<li><strong>Restrict phMonitor (port 7900) to known, trusted IP ranges.<\/strong><\/li>\n\n\n\n<li>Monitor VPN and FortiManager logs for anomalous FGFM connections.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/fortinet-products-in-crosshairs-again\">DarkReading: Fortinet Products in Crosshairs Again<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-25-152\">Fortinet PSIRT FG-IR-25-152 Advisory<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.greynoise.io\/blog\/vulnerability-fortinet-vpn-bruteforce-spike\">GreyNoise Blog: Fortinet VPN Bruteforce Spike<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">10. Chinese Criminal Groups Use &#8220;Ghost-Tapping&#8221; for Retail Fraud Money Laundering<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>Criminal syndicates in Southeast Asia are uploading stolen payment-card data onto burner phones and using hired mules to buy luxury goods in person, then reselling items via Telegram channels. <\/strong><br>This \"ghost-tapping\" technique exploits intercepted one-time passwords and mobile-wallet integrations, creating a new layer of retail-fraud money laundering that evades typical card-not-present controls.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Criminals steal card data<\/strong> via phishing, malware and OTP interception, <strong>then load details onto burner phones.<\/strong><\/li>\n\n\n\n<li><strong>Devices are sold on Telegram channels<\/strong> (Huione, Xinbi, Tudou Guarantee) to syndicates hiring mules for in-store luxury purchases.<\/li>\n\n\n\n<li><strong>Singapore reported<\/strong> 656 mobile-wallet credential phishing cases and <strong>$1.2 M in losses in Q4 2024, <\/strong>with several arrests tied to retail fraud syndicates.<\/li>\n\n\n\n<li>UNODC warns of rapid professionalization and regional expansion of scamming and laundering networks.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Review spend limits<\/strong> on payment-cards<\/li>\n\n\n\n<li><strong>Enable location aware security<\/strong> on payment-cards<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/therecord.media\/scammers-ghost-tapping-retail-fraud-launder-cash\">The Record: Scammers turn to \u2018ghost-tapping\u2019 retail fraud to launder funds<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.police.gov.sg\/media-room\/news\/20250217_unauthorised_card_transactions_made_using_contactless_payment_methods_in_singapore\">Singapore Police: Phished Card Transactions Warning<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.unodc.org\/roseap\/en\/2025\/04\/cyberfraud-inflection-point-mekong\/story.html\">UNODC: Cyberfraud Inflection in Mekong Region<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">11. Critical Privilege Escalation Vulnerability Discovered in Zoom Windows Clients<\/h2>\n\n\n\n<pre class=\"wp-block-verse\"><strong>A critical vulnerability (CVE-2025-49457) in multiple Zoom Windows clients allows unauthenticated attackers to escalate privileges<\/strong> by exploiting an untrusted search path. <strong>This flaw requires only minimal user interaction<\/strong> and poses high risks of system takeover, data theft, and service disruption. Organizations using affected Zoom versions must urgently apply supplied patches to prevent exploitation.<\/pre>\n\n\n\n<p><strong>Key Details<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>The vulnerability has a CVSS score of 9.6, <\/strong>indicating critical severity.<\/li>\n\n\n\n<li>Affected products include Zoom Workplace, Zoom Workplace VDI, Zoom Rooms, Zoom Rooms Controller, and Zoom Meeting SDK for Windows versions older than 6.3.10.<\/li>\n\n\n\n<li><strong>Exploitation requires only low-complexity user interaction, <\/strong>such as clicking a malicious link or opening a compromised file, and no prior privileges.<\/li>\n\n\n\n<li>The root cause involves insecure loading of files via untrusted search paths, enabling attackers to inject malicious DLLs or executables.<\/li>\n<\/ul>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Immediately update all Zoom Windows clients<\/strong> to version 6.3.10 or later.<\/li>\n\n\n\n<li>Enable automatic Zoom updates to reduce lag in patch deployment.<\/li>\n\n\n\n<li>Educate users about risks of interacting with unverified links or files.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/cybersecuritynews.com\/zoom-clients-for-windows-vulnerability-aug\/\">Cybersecurity News: Zoom Clients for Windows Vulnerability<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.zoom.com\/en\/trust\/security-bulletin\/zsb-25030\/?ampDeviceId=d47210d9-3a51-4a03-9c1a-a874176007d1&amp;ampSessionId=1755011092601&amp;ampDeviceId=d47210d9-3a51-4a03-9c1a-a874176007d1&amp;ampSessionId=1755011092601\">Zoom Security Bulletin ZSB-25030<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Subscribe?<\/h2>\n\n\n                <div class=\"ml-embedded\" data-form=\"pKq7EM\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Summary of Latest cybersecurity news in August 2025.<\/p>","protected":false},"author":1,"featured_media":20287,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32],"tags":[],"class_list":["post-20272","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/20272","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/comments?post=20272"}],"version-history":[{"count":18,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/20272\/revisions"}],"predecessor-version":[{"id":20291,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/20272\/revisions\/20291"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media\/20287"}],"wp:attachment":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media?parent=20272"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/categories?post=20272"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/tags?post=20272"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}