Check our highlights from the cybersecurity world
1. Actively exploited Apple 0-day vulnerability – update immediately!
Apple released urgent security updates (iOS 18.6.2 and iPadOS 18.6.2) to address a critical zero-day vulnerability in the Image I/O framework, tracked as CVE-2025-43300. This memory corruption flaw can be exploited by malicious image files, allowing attackers to execute arbitrary code and potentially take control of affected devices. Users are strongly advised to install the updates immediately to protect against these targeted attacks.
2. Over 13,500 organisations targeted in a Google Classroom phishing attack
A phishing campaign exploited Google Classroom to send over 115,000 malicious emails to more than 13,500 organisations globally from August 6 to August 12, 2025. Attackers created fake classrooms and sent invitations from a legitimate Google email address, targeting recipients with unrelated services, such as SEO and reselling partnerships. Their goal was to redirect conversations to WhatsApp, bypassing enterprise security measures. The use of a valid Google domain helped these emails evade traditional security filters. Stay alert!
3. Major Adobe security patch
Adobe’s comprehensive August 2025 Patch Tuesday resolves 60 critical vulnerabilities across 13 of its flagship products, including 7 issues in Adobe Photoshop.
This security update represents one of Adobe's most significant vulnerability disclosure events in recent years. The vulnerabilities range from Creative Cloud applications to enterprise commerce systems. Users are strongly advised to update without delay.
4. Microsoft August 2025 Patch Tuesday
Microsoft's August 2025 Patch Tuesday addresses 107 vulnerabilities, including Remote Code Execution (RCE), Elevation of Privilege (EoP), Information Disclosure, Spoofing, Denial of Service (DoS), and Tampering. Surprisingly, no zero-day vulnerabilities were reported in the patch. The security update covers a wide range of products. Users are urged to update their software immediately.
5. Echo Chamber and Storytelling attack vectors used to jailbreak GPT-5
Researchers have identified critical vulnerabilities in OpenAI’s GPT-5 model through sophisticated echo chamber and storytelling attack vectors. These attacks exploit the model’s reasoning capabilities, allowing malicious prompts to bypass safety mechanisms.
The echo chamber attack establishes false consensus in conversations, while the storytelling attack frames harmful requests within fictional narratives, achieving a 95% success rate. The findings emphasise the inadequate level of current AI security measures, highlighting the need for robust runtime protection, continuous testing, and comprehensive security strategies for safe enterprise deployment of advanced language models.
6. Google confirms data breach as part of the recent Salesforce attacks surge
Google confirmed a data breach affecting its corporate Salesforce database, notifying affected users by August 8, 2025. The breach resulted from sophisticated voice phishing (vishing) where attackers impersonated IT support to gain access. Access was obtained through a malicious version of Salesforce’s Data Loader, allowing the attackers to extract sensitive data.
The attack is part of a broader campaign by ShinyHunters that breached various major companies throughout 2025. Google stated the stolen information was primarily basic, publicly available business details, although ShinyHunters claimed to have about 2.55 million records.
Upon discovery, Google terminated access, conducted an impact analysis, implemented security measures, and promptly notified customers. The company assured that payment information and advertising products remained secure.
7. Nearly 30,000 Exchange servers exposed to a critical security flaw
Over 28,000 unpatched Microsoft Exchange servers are exposed to a critical security flaw (CVE-2025-53786). The flaw, affecting Exchange Server 2016, 2019, and the Subscription Edition in hybrid deployments, has a CVSS score of 8.0 and allows privilege escalation within Microsoft 365 cloud environments.
Microsoft recommends installing the April 2025 Exchange Server hotfix updates and implementing configuration changes, as the vulnerability arises from shared service principals in hybrid configurations. Furthermore, Microsoft plans to block Exchange Web Services traffic using the shared service principal after October 31, 2025, as part of a transition to a more secure architecture.
8. ClickTok campaign attacks TikTok Shop users worldwide
A cybercriminal campaign called “ClickTok” is posing a significant threat to TikTok Shop users globally, identified by over 10,000 malicious domains aimed at stealing credentials and deploying spyware. It combines traditional phishing techniques with advanced malware distribution to exploit TikTok’s e-commerce platform.
The attack targets both regular shoppers and TikTok's affiliate program members by creating fake versions of TikTok Shop, TikTok Wholesale, and TikTok Mall. Malicious payloads are spread through more than 5,000 app download sites featuring embedded links and QR codes. Attackers use low-cost domains for phishing and malware distribution, often hosted on affordable shared services to complicate tracking efforts. The campaign has a global reach, extending to users beyond the 17 countries where TikTok Shop is officially available.
9. Chanel has become one of the latest victims in the Salesforce attack wave
French luxury fashion company Chanel confirmed a data breach on July 25, 2025, involving the personal information of U.S. customers who contacted its client care centre. The exposed data included names, email addresses, mailing addresses, and phone numbers, but not financial information. This breach is part of a broader cybercrime campaign by the ShinyHunters extortion group, which has targeted several major brands through their Salesforce systems since early 2025, including Allianz Life, Louis Vuitton, Dior, Tiffany & Co., and Adidas.
The attack involves reconnaissance, impersonating IT support to deceive victims into installing the malicious app and then extracting data using Salesforce's tools. Chanel is notifying affected customers and engaging cybersecurity specialists for investigation while reporting the breach to law enforcement and data protection authorities.
10. Millions of Android devices worldwide at risk due to a critical vulnerability
Google's August 2025 Android Security Bulletin highlights a critical vulnerability (CVE-2025-48530) affecting the core system component, allowing remote code execution without user interaction. All Android devices are at risk until updated to security patch level 2025-08-05 or later. Users should install the patch as soon as it is available from the manufacturer.
Android partners were notified before the flaw’s public disclosure. Despite the severity of the vulnerability, Android's security architecture, including Google Play Protect, provides protective measures that reduce the exploitation risks.
11. Microsoft 365 Direct Send feature abused for internal phishing
Cybercriminals are exploiting Microsoft 365’s Direct Send feature to carry out sophisticated phishing campaigns that mimic legitimate internal communications. This method allows attackers to send malicious emails that appear to be from within the organisation without needing valid credentials. Researchers uncovered an active campaign using unsecured third-party email security appliances and virtual private servers. The attack involves four steps:
1. Connecting to compromised Windows Server 2022 hosts.
2. Initiating SMTP connections to unsecured email appliances with vulnerable ports and expired certificates.
3. Relaying malicious messages to Microsoft 365 tenants.
4. Delivering them via Direct Send with spoofed internal email addresses.
To protect against this threat, organisations can disable Direct Send with a PowerShell command and monitor message headers for authentication failures marked as compauth=fail.
12. Millions of Dell laptops vulnerable to device takeover
We’ve already alerted our readers that a series of vulnerabilities known as "ReVault" has affected millions of Dell laptops. These vulnerabilities specifically target the Broadcom security chip within Dell's ControlVault3 firmware, enabling attackers to steal sensitive information and gain persistent access to compromised systems.
Dell collaborated with Broadcom to release necessary firmware updates and informed customers. The updates can be accessed through Dell’s support website and via Windows Update. Organisations are encouraged to implement them immediately.
For your convenience, we’ve republished the complete Dell Security Advisory list with download links in our dedicated blog post.
Stay tuned and keep your system safe! If you need help, contact us for expert advice!