SecurityWeek’s cybersecurity information roundup supplies a concise compilation of noteworthy tales that may have slipped below the radar.
We offer a useful abstract of tales that won’t warrant a whole article, however are nonetheless necessary for a complete understanding of the cybersecurity panorama.
Every week, we curate and current a group of noteworthy developments, starting from the newest vulnerability discoveries and rising assault methods to vital coverage modifications and business studies.
Listed below are this week’s tales:
Gladinet vulnerability exploited within the wild
A vulnerability affecting Gladinet’s CentreStack and Triofox merchandise has been exploited within the wild, Huntress warns. CentreStack is a cell entry and safe sharing resolution whereas Triofox is a safe file entry resolution. Huntress earlier this yr found exploitation of CVE-2025-30406, a hardcoded machine key concern affecting the merchandise, and it has now detected exploitation of a brand new vulnerability, CVE-2025-11371, which permits unauthenticated native file inclusion. Gladinet is conscious of the problem and is within the technique of offering a workaround to prospects till a patch is developed.
US universities focused by payroll pirates
Microsoft has warned {that a} cybercrime group it tracks as Storm-2657 has been focusing on US universities in an effort to hack worker accounts on HR platforms comparable to Workday. The purpose is to divert wage funds to accounts managed by the attackers. All these risk actors are often called “payroll pirates”. The assaults seen by Microsoft don’t contain exploitation of Workday vulnerabilities. As a substitute the hackers are leveraging social engineering ways and the shortage of MFA to compromise accounts. Commercial. Scroll to proceed studying.
Zimbra vulnerability exploited in assault on Brazilian army
StrikeReady warned {that a} Zimbra vulnerability tracked as CVE-2025-27915 was exploited earlier this yr to focus on Brazil’s army. The assault concerned a malicious ICS calendar file. There don’t look like different public studies describing exploitation of CVE-2025-27915, which has been described as an XSS flaw permitting an attacker to execute arbitrary JavaScript and carry out unauthorized actions on the sufferer’s Zimbra account, together with e mail redirection and knowledge exfiltration.
Mic-E-Mouse assault
A workforce of researchers from the College of California have disclosed the main points of an assault methodology they’ve named Mic-E-Mouse, which leverages the high-performance optical sensors on a mouse to snoop on customers. The researchers confirmed that speech induces delicate floor vibrations that the mouse’s sensor can detect. The audio high quality is initially poor, however the researchers confirmed how it may be processed to enhance its high quality. Alternatively, accuracy continues to be low in actual world setting checks.
Two arrested in UK over nursery chain hack
Two unnamed people, reportedly aged 17 and 22, have been arrested within the UK over a cyberattack that focused the nursery chain Kido. Hackers stole the names, addresses, and images of 8,000 youngsters and began leaking them in an effort to persuade Kido to pay a ransom. The hackers additionally referred to as impacted mother and father to extend the strain on the nursery chain. In response to pushback from different hackers, the youngsters’s photos had been blurred, and later all the information was taken offline.
Brightstar and Decisely knowledge breaches influence over 100,000
Brightstar and Decisely Insurance coverage Providers have every disclosed knowledge breaches impacting greater than 100,000 individuals. IGT and its lottery enterprise Brightstar stated unauthorized entry was found almost one yr in the past, nevertheless it took till just lately to find out what sort of knowledge was compromised and who was impacted. Decisely found unauthorized entry in December 2024 and began notifying affected people in June 2025. The information breach at Decisely impacted private data associated to its associate MetLife.
WordPress plugin vulnerability exploited
Hackers have been making an attempt to take advantage of CVE-2025-5947, a essential vulnerability within the Service Finder Bookings plugin, to hack WordPress web sites. The plugin is a part of the premium Service Finder theme, which has been acquired by roughly 6,000 web sites. The vulnerability was patched on July 17 and disclosed by Defiant on July 31. Exploitation began on August 1 and Defiant’s Wordfence firewall has already blocked almost 14,000 assaults.
Honeypot knowledge reveals ICS/OT assaults from Russia and Iran
An ICS/OT honeypot run by Forescout, designed to imitate a water therapy plan, has been focused by a Russia-linked group named TwoNet, which tried to deface the related HMI, disrupt processes, and manipulate different ICS. TwoNet has been concerned in hacktivist assaults, however a lot of its actions appear pushed by revenue. Forescout’s honeypots additionally noticed assault makes an attempt which were linked to Russia and Iran.
OpenAI disrupts ChatGPT abuse
OpenAI has revealed one other report describing the actions it has taken towards the malicious use of ChatGPT. The corporate has seen Russian, Chinese language and (North) Korean risk actors abusing its AI assistant for malware growth, phishing, scams, and affect operations.
ClayRat Android spyware and adware targets Russia
Zimperium has detailed ClayRat, an Android spyware and adware primarily focusing on Russian customers. The malware has been distributed by way of Telegram channels and phishing websites, disguised as widespread apps comparable to WhatsApp, TikTok, and YouTube. As soon as it has been put in on a tool, ClayRat can steal SMS messages, notifications, and name logs, take photographs with the contaminated machine’s entrance digicam, and ship messages or make calls from the sufferer’s cellphone.
Associated: In Different Information: PQC Adoption, New Android Spyware and adware, FEMA Information Breach
Associated: In Different Information: LockBit 5.0, Division of Struggle Cybersecurity Framework, OnePlus Vulnerability
