Cyber Weekly Digest #24

👋 Welcome to the 24th edition Cyber Weekly Digest of 2025

Yesterday was our annual Summer Sizzler Cyber Vigilance & Friends BBQ Bonanza and holy moly it was a good one ☀️

Thank you SO much to all our partners that joined us! Such a fun (and hot) day! Was an absolute pleasure to eat, drink and be merry with you all

Would also like to shout out a big THANK YOU to Team CoreView for taking us to Royal Ascot this week 😍

👀 New feature! Inspired by 90's classic 'The Girly Show' with Sara Cox (incredibly depressing that many of you will be too young to remember) and due to our ever growing phenomenal portfolio, I'm now including...

⭐️ Vendor of the Week ⭐️

Let's keep it simple - with Keeper...

💡 Keeper protects your organisation’s passwords, credentials and secrets with zero-trust and zero-knowledge security.

🏆 Keeper Security stands out by combining top-tier protection, usability, and scalability - ideal for individuals and enterprises aiming to enforce zero-trust controls, secure privileged access, and simplify secrets management across their IT stack.

🧐 Want to learn more about Keeper? Click here

Also...

🎥 Upcoming Webinar Alert 🎥

Operational technology (OT) cyber attacks are on the rise, with 73% of OT professionals reporting impacts to their business. What is your team doing to be ready?

OT has become a new frontline for ransomware, nation-state attacks, and supply chain vulnerabilities. Most infrastructure was never designed to be connected to software, let alone be defended from modern threats.

Join Immersive experts for a live webinar exploring how cyber teams can prepare for threats targeting OT infrastructure.

Join to learn about:

🔹 Real-world examples of OT attacks and their impact

🔹 Tips for countering threat actors and malware targeting your infrastructure

🔹 How to build foundational CTI skills tailored to OT environments

🔹 Effective cyber readiness strategies

💬 Live Q&A to follow

📩 Can’t make it live? They’ll send the recording to all registrants

🔗 Register here

 Now, let's go on with the latest updates...

New and noteworthy from our Tech Community this week:

🔥 Introducing the Horizon3.ai Hack Hour

A bi-weekly webinar where experts dive into NodeZero, the cutting-edge autonomous penetration testing solution.

Join Horizon3.ai for their bi-weekly Hack Hour, where their experts dive into #NodeZero with live demos, real-world use cases, and expert insights.

Up next:

📆 June 23 at 12 PM GMT

📆 July 7 at 12 PM GMT

🔗 You can sign up here

I discovered yesterday that H3 gift their workers customised Air Max 90's and this possibly makes them the coolest vendor ever

🧐 Horizon3.AI tickling your pickle? Contact us here

🔥 Agentic AI is being weaponised to exploit human behaviour at scale!

CultureAI's Lead Cybersecurity Researcher, Oliver Simonnet, recently explored how Agentic AI can be weaponised to exploit human behaviour at scale.

His findings reveal why organisations must shift toward real-time, human-centric defences to stay ahead of rapidly evolving cyber attack capabilities.

🔗 Thanks to The European Financial Review, a leading source of financial and business intelligence, for sharing this piece.

🧐 Want to learn more about CultureAI? Contact us here

🔥 New Feature Drop: LLM Benchmarks Are Here

Choosing the wrong LLM can expose enterprises to serious risks – from leaking sensitive data to brand-damaging exploits. But with dozens of commercial & open-source models available, how can security and AI teams know which ones to trust?

That’s why SplxAI are launching LLM Benchmarks – a powerful new feature in the SplxAI Platform that gives AI practitioners the testing data they need to confidently evaluate, compare, and whitelist the right models.

What makes SplxAI's benchmarks different:

✅ LLMs are benchmarked with multiple system prompt configs (no system prompt, basic, & hardened)

🎯 Models are tested for security, safety, trustworthiness, & business alignment

🔍 Users can drill-down into thousands of simulated attacks per model

📊 Benchmarked models can be compared side-by-side

📥 Any commercial or open-source LLM can be requested for evaluation

🔁 Scores are continuously updated with the latest red teaming techniques

Know which LLMs actually hold up – before you deploy.

👉 Learn more about their LLM Benchmarks: https://lnkd.in/dsNnhv8A

📰 Read the press release: https://lnkd.in/d253ZuKE

🧐 Want to learn more about SplxAI? Contact us here

🔥 What happens when Microsoft Teams sprawl goes unchecked?

🔸 External users stick around longer than they should

🔸 Groups lose owners (or have too many)

🔸 You can’t prove access is under control for audits

That’s why Microsoft Teams is becoming a growing target - because it’s where visibility often breaks down.

The free Microsoft Teams Access Review Scanner from CoreView helps you take back control.

Just run the script and get a color-coded report on:

🔸 Teams with no owners

🔸 Teams with more than 5 owners

🔸 Teams with more than 100 members

🔸 Teams with high external membership

🔸 Teams with blocked or disabled members

🔸 Teams with no activity in the last 90 days

🔸 Teams with shared mailboxes as members

🔗 Download it here for free

🧐 Want to learn more about CoreView? Click here

🔥 Under immense pressure to maximise impact without increasing headcount?

Making full use of technical integrations is one of the easiest ways to improve efficiency and automate critical cyber security handoffs.

For pen testing, Synack connects with multiple existing security ecosystems, including some of the most widely used ASM tools and ticketing platforms.

The numbers speak for themselves...

Synack customers who use technical integrations:

📈 Improve mean time to remediate by over 63% in the first year.

📈 Increase patch efficacy rates by nearly 20% in the first year.

🔗 Read more in this blog which includes real-world examples

🧐 Want to learn more about Synack? Click here

🔥 Cyber Asset Framework Compliance with Silverfort

As identity-based threats rise across critical infrastructure sectors, compliance with the UK’s Cyber Assessment Framework (CAF) is more vital and complex than ever.

That’s where Silverfort comes in.

You can download this guide to learn:

✔️ How Silverfort aligns with each CAF objective and principle

✔️ Why traditional PAM leaves critical gaps and how to close them

✔️ How to enforce Zero Standing Privileges and detect identity threats in real time

🧐 Want to learn more about Silverfort? Click here  

🔥 Calling Senior Public Service Leaders!

On June 24, ZeroFox are hosting an exclusive, invite-only event in collaboration with The Pensions Regulator to bring you “Dark Web Decoded”.

This intimate, interactive roundtable event will tackle:

✔️ The cybersecurity skills shortage and its operational impact

✔️ Practical methodologies for dark web intelligence extraction

✔️ Combining AI-driven insights with human expertise for actionable outcomes

✔️ When and how to transition to managed intelligence services

🔗 Register your interest for this public sector security event today

🧐 Want to know more about ZeroFox? Book a call here

🔥 Villain of the Week

An elevation-of-privilege vulnerability, CVE-2025-33073, has been discovered in the Windows SMB client. With a CVSS score of 8.8, it lets an authenticated attacker trick the host into re-authenticating to a malicious SMB server - bypassing NTLM-reflection mitigations - and escalate privileges to NT AUTHORITY\SYSTEM on the target machine.

📝 Why it matters:

- Full SYSTEM-level control over affected Windows hosts

- Unauthorised access to sensitive data and total system compromise

👨🔧 Recommended actions:

- Apply Microsoft’s June 2025 patch for Windows (focus on SMB-client hardening).

- Enforce SMB Signing: use Group Policy to require SMB signing, reducing risk even before patching.

Use these scripts from the Vicarius research team:

📡 Detection script: https://lnkd.in/dZiwNPff

🔧 Remediation script: https://lnkd.in/dj9iwU_Y

Let us know if you need help securing your systems or understanding these steps further.

🧐 Want to know more about vuln discovery and patching? Contact us here  

Last but not least...

🔥 For a large European charity, scaling a security team brought a familiar set of challenges.

🚨 The Problem 🚨

A rapidly growing but relatively junior security team needed effective up-skilling. Traditional, in-person certifications were too expensive and didn't provide the practical, hands-on experience required. They were struggling to build real capability, engage their team, and provide clear career paths to retain talent.

💡 The Solution 💡

They shifted their strategy from theoretical learning to practical application with the Immersive platform. This gave them a scalable, on-demand way to immerse their team in realistic, hands-on labs that mirrored real-world threats. With structured, role-specific learning paths, they were able to track progress and benchmark skills with data, not just anecdotes.

🏆 The Outcome 🏆

The results were clear, measurable, and transformative. The team gained immediate confidence by being able to prove their capabilities, they achieved significant savings by moving away from costly certifications, and because they had an internal champion driving platform adoption, team engagement and retention increased.

This is how you solve the security skills gap.

🔗 Dive into the details here  

🧐 If you'd like to learn more about Immersive and how you can invest in your people, whatever industry you're in, give us a shout here

Now, let's take a look at our top Cyber Security News picks of the week

1. Are Forgotten AD Service Accounts Leaving You at Risk?

For many organisations, Active Directory (AD) service accounts are quiet afterthoughts, persisting in the background long after their original purpose has been forgotten.

To make matters worse, these orphaned service accounts (created for legacy applications, scheduled tasks, automation scripts, or test environments) are often left active with non-expiring or stale passwords.

It's no surprise that AD service accounts often evade routine security oversight. Security teams, overwhelmed by daily demands and lingering technical debt, often overlook service accounts (unlinked to individual users and rarely scrutinised) allowing them to quietly fade into the background. However, this obscurity makes them prime targets for attackers seeking stealthy ways into the network. And left unchecked, forgotten service accounts can serve as silent gateways for attack paths and lateral movement across enterprise environments. In this article, we'll examine the risks that forgotten AD service accounts pose and how you can reduce your exposure.

2. New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains

A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails.

The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix.

It leverages "the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated scripts," security researcher Tim Peck said in a report shared with The Hacker News.

The attack starts with sending payment- or invoice-themed phishing emails bearing a link to a zipped document that contains a Windows shortcut (LNK) file. These shortcuts are disguised as documents to trick victims into opening them, effectively activating the infection sequence.

3. New Linux udisks flaw lets attackers get root on major Linux distros

Attackers can exploit two newly discovered local privilege escalation (LPE) vulnerabilities to gain root privileges on systems running major Linux distributions.

The first flaw (tracked as CVE-2025-6018) was found in the configuration of the Pluggable Authentication Modules (PAM) framework on openSUSE Leap 15 and SUSE Linux Enterprise 15, allowing local attackers to gain the privileges of the "allow_active" user.

The other security bug (CVE-2025-6019) was discovered in libblockdev, and it enables an "allow_active" user to gain root permissions via the udisks daemon (a storage management service that runs by default on most Linux distributions).

4. Paddle Settles for $5 Million over Facilitating Tech Support Scams

Paddle.com and its U.S. subsidiary will pay $5 million to settle Federal Trade Commission (FTC) allegations that the company facilitated deceptive tech-support schemes that harmed many U.S. consumers, including older adults.

Paddle, a UK-based payment processor, offers payments, tax handling, compliance, and checkout infrastructure for software and digital product sellers by acting as a "merchant of record."

According to the FTC, Paddle failed to perform adequate screening and fraud prevention, enabling foreign operators like Restoro, Reimage, and PC Vark, to exploit the U.S. credit card system. 

5. Scania Confirms Insurance Claim Data Breach in Extortion Attempt

Automotive giant Scania confirmed it suffered a cybersecurity incident where threat actors used compromised credentials to breach its Financial Services systems and steal insurance claim documents.

Scania told BleepingComputer that the attackers emailed several Scania employees, threatening to leak the data online unless their demands were met.

Scania is a major Swedish manufacturer of heavy trucks, buses, and industrial and marine engines and is a member of the Volkswagen Group.

That's it for this weeks tasty morsels...

Much 🧡 Stay Safe

The CV Team

Security for an intelligent future...