In the ever-evolving realm of cybersecurity, several significant incidents have emerged, highlighting vulnerabilities and new attack methods that pose risks to organizations and individuals alike. This week’s roundup presents a series of developments that underscore the pressing challenges in the digital landscape.
Exploitation of Gladinet Vulnerability
A critical vulnerability affecting Gladinet’s CentreStack and Triofox products has been actively exploited, according to Huntress. Earlier, Huntress identified the exploitation of CVE-2025-30406, which involves a hardcoded machine key issue. Recently, they noted the exploitation of another vulnerability, CVE-2025-11371, allowing unauthenticated local file inclusion. Gladinet is aware of the situation and is currently working on providing a workaround for affected customers until a permanent patch is developed.
Cybercriminals Target US Universities
Microsoft has reported that a cybercrime group identified as Storm-2657 has been targeting universities across the United States. The group aims to compromise employee accounts on HR platforms such as Workday to redirect salary payments to accounts controlled by the attackers. Notably, these attacks do not exploit vulnerabilities in Workday itself; instead, they rely on social engineering tactics and the absence of multi-factor authentication (MFA).
Attack on Brazilian Military
A vulnerability in the Zimbra email platform, tracked as CVE-2025-27915, has been exploited in an attack targeting the Brazilian military. The attack utilized a malicious ICS calendar file, allowing the attacker to execute arbitrary JavaScript and perform unauthorized actions on victims’ Zimbra accounts, including email redirection and data exfiltration. This specific exploitation highlights the ongoing risks associated with software vulnerabilities in critical sectors.
Innovative Eavesdropping Technique
Researchers at the University of California have unveiled a novel attack method called Mic-E-Mouse. This technique exploits high-performance optical sensors in computer mice to eavesdrop on users. The researchers found that speech generates subtle surface vibrations detectable by the mouse’s sensor. While the initial audio quality is poor, it can be processed for improved clarity. Despite its innovation, the accuracy of this method in real-world environments remains limited.
Cyberattack on Kido Nursery Chain
In the UK, two individuals aged 17 and 22 have been arrested in connection with a cyberattack against the nursery chain Kido. The attackers stole sensitive information, including names, addresses, and photographs of approximately 8,000 children, using this data to extort ransom from the nursery. To escalate pressure, the hackers contacted affected parents, although they later blurred the children’s images and took the data offline after facing backlash from other hackers.
Data Breaches at Brightstar and Decisely
Brightstar and Decisely Insurance Services have disclosed significant data breaches affecting over 100,000 individuals. Brightstar, part of IGT’s lottery business, reported unauthorized access discovered nearly a year ago, with the nature of the compromised data only recently determined. Meanwhile, Decisely identified unauthorized access in December 2024 and began notifying affected individuals in June 2025. The breach at Decisely impacted personal information related to its partner, MetLife.
WordPress Vulnerability and Exploitation
Cybercriminals have been actively exploiting a critical vulnerability, CVE-2025-5947, in the Service Finder Bookings plugin for WordPress. This plugin, part of a premium theme used by around 6,000 websites, was patched on July 17, with the exploitation starting on August 1. According to Defiant, their Wordfence firewall has already blocked nearly 14,000 attack attempts related to this vulnerability.
ICS/OT Attacks Linked to Russia and Iran
An ICS/OT honeypot operated by Forescout has revealed attack attempts linked to a Russia-associated group named TwoNet. This group aims to deface human-machine interfaces (HMIs) and disrupt industrial control systems. Forescout’s honeypots also recorded additional attack attempts attributed to both Russia and Iran, indicating a broader trend of targeted threats in industrial environments.
OpenAI Addresses Malicious ChatGPT Use
In a recent report, OpenAI detailed its ongoing efforts to combat the misuse of its AI assistant, ChatGPT, by various threat actors from Russia, China, and North Korea. These groups have exploited the technology for purposes including malware development, phishing scams, and influence operations. OpenAI’s proactive measures aim to mitigate these risks and safeguard users.
Emergence of ClayRat Android Spyware
The cybersecurity firm Zimperium has disclosed information regarding ClayRat, an Android spyware primarily targeting Russian users. This malware has been disseminated through Telegram channels and phishing sites, masquerading as popular applications like WhatsApp, TikTok, and YouTube. Once installed, ClayRat is capable of stealing SMS messages, notifications, and call logs, as well as accessing the device’s front camera to capture photos and send messages or make calls from the victim’s phone.
As the cybersecurity landscape continues to evolve, these incidents underscore the importance of vigilance and proactive measures to protect sensitive information and systems from malicious actors.
