Global Site
Argentina Aruba Barbados Bolivia Brazil Canada Cayman Islands Chile Colombia Costa Rica Curacao El Salvador Guatemala Honduras Mexico Paraguay Peru Puerto Rico Saint Martin Suriname United States Uruguay Venezuela
Australia Cambodia China Hawaii Hong Kong India Indonesia Japan Macau Malaysia Maldives Mongolia Myanmar Nepal New Zealand Pakistan Philippines Singapore South Korea Sri Lanka Taiwan Thailand Vietnam
Albania Andorra Armenia Austria Azerbaijan Belgium Bulgaria Croatia Cyprus Czech Republic Denmark Estonia Finland France Georgia Germany Greece Hungary Ireland Italy Kazakhstan Kosovo Latvia Lithuania Luxembourg Malta Moldova Netherlands Norway Poland Portugal Romania Serbia Slovakia Slovenia Spain Sweden Switzerland Tajikistan Turkey Ukraine United Kingdom Uzbekistan
Algeria Angola Bahrain Egypt Ghana Israel Jordan Kenya Kuwait Lebanon Liberia Mauritius Morocco Mozambique Nigeria Oman Qatar Saudi Arabia Senegal Sierra Leone South Africa Tanzania Togo Tunisia Uganda United Arab Emirates Yemen
Contact Us
home News
Weekly Cyber Threat Advisory Bulletin 18 to 24 August 2025

Weekly Cyber Threat Advisory Bulletin 18 to 24 August 2025

8/26/2025
Weekly Cyber Threat Advisory Bulletin 18 to 24 August 2025
Insert Featured Image Caption

The cybersecurity landscape witnessed multiple high-severity vulnerabilities and targeted attack campaigns this week, highlighting the urgent need for timely patching, continuous monitoring, and proactive defense measures.

Key Vulnerabilities

Apache ActiveMQ Exploited

On August 20, 2025, Red Canary reported active exploitation of CVE-2023-46604 in Apache ActiveMQ, targeting cloud-based Linux systems. Attackers deploy the “DripDropper” malware, using Dropbox for C2 and modifying SSH for persistence. With a 94% likelihood of exploitation, the campaign even patches systems post-attack to evade rivals. Linked to ransomware groups like TellYouThePass, Ransomhub, and HelloKitty, mitigation requires upgrading to patched versions (5.18.3 / Artemis 2.29.0), enabling authentication, and monitoring SSH/cron changes.

Read more: https://redcanary.com/blog/threat-intelligence/dripdropper-linux-malware/

Apache Tika PDF Parser Flaw

On August 21, 2025, Amazon researchers disclosed CVE-2025-54988, a critical XXE vulnerability in Apache Tika’s PDF parser (versions 1.13–3.2.1). The flaw allows malicious PDFs to exfiltrate sensitive data, perform SSRF, and probe internal networks. While no active exploits are reported, enterprises should urgently upgrade to Tika 3.2.2 and strengthen PDF validation and monitoring to secure document workflows.

Read morehttps://lists.apache.org/thread/8xn3rqy6kz5b3l1t83kcofkw0w4mmj1w

Apple 0-Day Actively Exploited

On August 21, 2025, Apple issued emergency patches for iOS, iPadOS, and macOS to fix CVE-2025-43300, a zero-day vulnerability in the ImageIO framework. The flaw, already exploited in targeted attacks, enables arbitrary code execution via malicious images without user interaction, resembling spyware techniques. Users are urged to update immediately, as the issue has been added to CISA’s Known Exploited Vulnerabilities catalog.

Read more: https://support.apple.com/en-us/124925

Google Chrome Critical Bug

On August 20, 2025, Google released an emergency Chrome update (139.0.7258.138/.139) to fix CVE-2025-9132, a high-severity out-of-bounds write vulnerability in the V8 JavaScript engine that could allow remote code execution or browser crashes via malicious web content. While no active exploits are confirmed, the flaw can be triggered without user interaction, making prompt updates critical. Users should update Chrome immediately, and enterprises should prioritize deployment, with additional mitigation including disabling JavaScript on untrusted sites.

Read more: https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_19.html

Mozilla Firefox & Thunderbird Patches

On August 21, 2025, Mozilla released Firefox 142 to address nine vulnerabilities, including five high-severity flaws that could enable remote code execution, privilege escalation, and data theft. The most critical is CVE-2025-9187 (CVSS 9.8), affecting memory safety across Firefox and Thunderbird. Users and enterprises should update immediately, with additional protections including network segmentation and endpoint detection, though no active exploits have been reported.

Read more: https://www.mozilla.org/en-US/security/advisories/mfsa2025-64/

Active Threat Campaigns

PipeMagic Ransomware

In April 2025, Microsoft patched CVE-2025-29824, a critical Windows privilege escalation flaw, which is actively exploited by the PipeMagic ransomware group to gain SYSTEM-level access and spread ransomware. Recent attacks, attributed to Storm-2460, have targeted organizations in Saudi Arabia, Spain, Venezuela, and the U.S.

Read more: https://securelist.com/pipemagic/117270/

Malicious Chrome VPN Extension

On August 20, 2025, Koi Security revealed that the FreeVPN.One Chrome extension, with over 100,000 installs, was secretly capturing screenshots of all visited sites, including trusted domains, and sending sensitive data to a remote server. Users are advised to uninstall the extension, change passwords, and switch to audited VPNs.

Read more: https://www.koi.security/blog/spyvpn-the-vpn-that-secretly-captures-your-screen

Security News Highlights

Anatsa Malware Evolves

On August 22, 2025, Zscaler reported that the Anatsa (TeaBot) banking trojan, active since 2020, is targeting over 831 financial institutions worldwide through decoy apps on Google Play, stealing credentials via fake login pages and keylogging. Users should verify app permissions, enable Play Protect, and maintain updated antivirus protection.

Read more: https://www.zscaler.com/blogs/security-research/android-document-readers-and-deception-tracking-latest-updates-anatsa 

APT MuddyWater Campaign

On August 21, 2025, Hunt.io reported a MuddyWater APT campaign targeting CFOs via spear-phishing emails impersonating Rothschild & Co, delivering malicious VBScript that installs backdoors, creates hidden accounts, and enables RDP. Mitigation includes monitoring for unauthorized accounts, blocking suspicious Firebase URLs, enabling MFA, and using EDR solutions.

Read more: https://hunt.io/blog/apt-muddywater-deploys-multi-stage-phishing-to-target-cfos

Azure API Connection Flaw

On August 22, 2025, a critical Azure API Connection vulnerability was disclosed, allowing Contributor-level users to bypass tenant isolation and access sensitive resources across tenants, including Key Vaults, SQL and third-party services. Microsoft patched the flaw promptly, and users are advised to audit API Connections, enforce least privilege, and monitor logs.

Read more: https://binarysecurity.no/posts/2025/08/azures-weakest-link-part2

Mitigation Guidance

  • Apply all vendor-released security patches immediately (Apple, Google, Mozilla, Apache).
  • Audit cloud services and API integrations for misconfigurations.
  • Monitor for unauthorized account creation, SSH/cron changes, and suspicious VPN/browser extensions.
  • Enforce MFA, EDR monitoring, and least privilege across enterprise systems.

Cyber threats are evolving rapidly – proactive defense is no longer optional but essential. For industry-specific threat assessments, reach out to Crowe UAE’s Cyber Threat Management team at +971 55 343 8693 or via email at [email protected]