Cyber Weekly Digest #32

👋 Welcome to the 32nd edition Cyber Weekly Digest of 2025

Less than a month to go until our most anticipated event of the year!

🏴 Cyber Security... Is No Joke Glasgow on September 10th.

We've already had lots of sign ups and tickets are going quick so make sure you secure one by dropping Katie Maxted a message.

‼️ Flash Report - Phishing Scam Impersonates UK Home Office to Operate Immigration Scam

What we know: UK organisations with visa sponsorship licenses are reportedly being targeted in a phishing campaign aimed at stealing login credentials to the UK government’s Sponsorship Management System (SMS).

Context: Threat actors are sending emails mimicking UK Home Office correspondence, leading organisations to fake portals to steal credentials. Stolen SMS accounts are then being used to send fake job offers with visa sponsorships to individuals for the sum of GBP 15,000-20,000 (approx. USD 20,330-27,000). 

Analyst note: Compromised accounts very likely risk reputational damage to organisations as their name becomes involved in immigration scams. Multi-factor authentication (MFA) for account access, regularly changing credentials, and staff training are likely to mitigate the threat.

Thanks to ZeroFox for the intel!

⭐️ Vendor of the Week ⭐️

Phishing? Social engineering? Not on our watch.

What happens when you combine world-class tech brains with the best-in-class human-focused security training? Major glow-up, that’s what. That’s why we brought KnowBe4 into the Cyber Vigilance family - because security that only looks good on paper is about as useful as a chocolate teapot when hackers come knocking.

🧡 Smarter security awareness. Not just box-ticking. Real people, real instincts, learning to spot the latest scams - before they become headline news.

🦾 Proactive, not passive. Phishing simulations, up-to-the-minute attack scenarios, positive reinforcement (no more boring click-through videos). Your crew gets sharp. Your perimeter gets stronger.

🔥 We know trust matters. That's why we work with experts who are just as obsessed with staying one step ahead as we are. From banks to biotech, to businesses that just want to stop invoice fraud once and for all.

Cyber Vigilance + KnowBe4 = defence that actually learns, adapts, fights back and empowers the one thing tech can’t replace: your people.

Let us show you a demo of KnowBe4's Human Risk Management+ Platform (HRM+), the most comprehensive human risk management platform, and discover how you can turn the tables on AI-powered social engineering threats.

Showcasing how the KnowBe4HRM+ platform empowers you to:

✅ Generate personalised phishing templates and quizzes based on users' risk profiles in mere minutes using AI

✅ Deliver adaptive training and simulated social engineering attacks tailored to individual users

✅ Detect and respond to cyber threats faster to reduce risk and maximise your limited resources

🔗 LFG...

New and noteworthy from our Tech Community this week:

🔥 Big news: Synack is launching their agentic AI architecture, Sara, drawing on over ten years of pentesting innovation

The speed and scale of emerging AI-enabled cyberthreats can only be matched by AI-powered defences. Sara (Synack Autonomous Red Agent) equips Synack, Inc.'s premier Penetration Testing as a Service platform to help customers counter machine-driven reconnaissance and attacks.

They’re combining the autonomous power of AI technology with the ingenuity of their expert Synack Red Team for a human-in-the-loop approach to vulnerability management that minimises risk and weeds out false positives.

They call it Active Offence.

🔗 Read more about Sara’s agentic AI capabilities here: https://hubs.ly/Q03C6Fnn0

🔗 Read about the launch of their Active Offence product - powered by Sara - here: https://hubs.ly/Q03C6D-70  

🔥 Software flaws in healthcare, finance, and energy don’t just stay local. They ripple across supply chains and impact critical infrastructure. In highly-regulated industries, the stakes are too high for reactive security.

In Veracode's latest blog, they explore how Application Security Posture Management (ASPM) helps reduce the most risk with the least effort. By bringing visibility, compliance tracking, and prioritisation into one platform, ASPM enables teams to take fast, policy-driven action, without slowing innovation.

If you’re managing sensitive data and navigating strict regulations, ASPM is the control layer you need.

🔗 Read the full post here

🔥 Your developers are coding at record speed, oftentimes at the expense of security.

They don’t understand how vulnerable code can introduce risk across your entire organisation.

Security demands proof, not assumptions. It’s not enough to assume your code is secure. You need to prove it - to customers, auditors, boards, and regulators.

Veracode Risk Manager is your assurance layer. It’s the control system that keeps speed and security in sync.

🔗 Learn more here

🔥 GPT-5 is here. But is it ready for enterprise deployment?

OpenAI describes GPT-5 as faster, more capable, and safer, with features like safe completions and internal double-checking to improve reliability.

At SPLX they put those claims to the test with thousands of simulated attacks, assessing how the model responds to real-world security threats and misuse attempts.

The results? Even with hardening, GPT-5 underperformed GPT-4o in both Security and Safety. They found vulnerabilities to prompt injection and obfuscated logic attacks, plus gaps in business alignment that could be exploited in production.

More capable doesn’t always mean more secure.

That’s why they’ll continue tracking GPT-5’s evolution, and why they believe robust guardrails remain essential for safe enterprise AI adoption.

🧠 IMAGINE: Having those kind of results with their full automated AI Security Testing Platform instead of relying to semi automated Bechmarks out there... huge business and enterprise value.

🔗 Read their full GPT-5 red teaming breakdown here  

🔥 State of the Internet Report: Digging into Residential Proxy Botnet Infrastructure

🕵️ Censys examines Operational Relay Boxes (ORBs)

🏡 Networks of compromised edge devices in residential ISPs

🇨🇳 Preferred method for China-nexus threat actors to proxy operations

They track ❄️PolarEdge, a residential proxy botnet and suspected ORB network active since mid-2023.

🔨 Persistent, purpose-built, capable of supporting long-term, covert activity

🎯 Targets: Cisco, ASUS, NAS devices, IP cameras, + other SOHO devices 📈 Scale: From ~150 infected (2023) to nearly 40,000 today

🌍 Hotspots: South Korea 🇰🇷(51.6%) & 🇺🇸U.S. (21.1%)

🚪 Method: Custom Mbed TLS backdoor (PolarSSL Test CA) on high, nonstandard TCP ports (40k–50k range)

🔗 Details + how to detect with Censys here  

🔥 Save the Children International cut IT issues by up to 60%—across more than 8,000 users and 1,000 teams—by partnering with CoreView.

In a global nonprofit environment where uptime, access, and compliance are non-negotiable, CoreView delivered:

✅ Fewer IT tickets

✅ Delegated administration without elevated risk

✅ Clear visibility across their Microsoft 365 environment

🔗 Read the full Microsoft case study to see how CoreView helped drive operational efficiency, visibility, and scale—all without sacrificing control

If you’re managing a distributed M365 tenant and struggling with overhead, this is your blueprint.  

🔥 Just launched: Fourth parties on Risk Ledger

Security teams can now:

➡️ See your third, fourth, and nth party relationships change in real-time.

➡️ Use a visual tool to analyse your supply chain and spot hidden risks.

➡️ Scalable supply chain analysis as your supply chain gets more complex.

Know your fourth parties to uncover hidden dependencies and concentration risks, enhance incident response planning, and have all the information at hand to demonstrate comprehensive risk management to your board and stakeholders.

🔗 Learn more about Risk Ledger's latest launch here  

🔥 Privileged access management is easy with Keeper Security.

A new survey and report from Enterprise Management Associates (EMA) identifies Keeper Security, Inc. as a leader in PAM deployment, security architecture and user satisfaction among the eight top PAM platforms evaluated.

Other notable findings from Keeper users:

✔️ 60% report it's very easy to deploy, versus just 22% for other PAM vendors

✔️ 75% are very satisfied with the solution, compared to 54% using alternative solutions

✔️ 0% reported plans to switch platforms, while 5% of users on other platforms reported actively seeking alternatives

🔗 See why organisations are choosing Keeper to simplify PAM and strengthen their zero-trust strategy in this news article  

🔥 According to new research from Enterprise Strategy Group (part of Omdia), 62% of organisations plan to implement a net-new identity security tool for a specific use case. What does that mean?

Most solutions are built either for identity management or they only tackle one piece of the puzzle, making it a choice between outdated capabilities or siloed context.

As teams look for new solutions to solve challenges, identity security platforms are emerging as strong candidates because of their ability to offer a consolidated view, advanced capabilities, and more.

🔗 If you're a security leader looking to understand how your peers are tackling identity security pain points, get the full report from ESG.  

🔥 What percentage of organisations saw policy rate increases because of them filing a cyber insurance claim?

Discover this and the answers to all your burning broker and carrier insurance questions in Arctic Wolf's new cyber insurance report.

🔗 Read the full report here  

🔥 Why are 67% of companies planning to replace their SIEM?

Cost. Complexity. Ingest limits. And a flood of false alerts.

Cribl's SIEM migration guide shows you how to get off the legacy treadmill and build something better.

Cut costs. Keep control. Move at your own pace.

🔗 Get the guide here  

🔥 People aren’t born with security behaviours baked in

Behaviours like that are learned, they’re practiced, and they’re nudged into habit.

And when it comes to password managers or phishing reports, it’s no surprise that awareness campaigns often fall flat. Most are generic, underfunded, and forgotten in a week or two.

So, naturally, CybSafe decided to raise the bar with their Security Awareness Engagement Toolkit.

Here’s why teams like yours love it:

✅ Practical, flexible, based on real behavioural science

✅ Built to show measurable impact

✅ Crammed with tools, taxonomy, research, and 50+ actionable ideas.

✅ Totally free!

It’s everything you need to make your awareness efforts stick.

🔗 Explore the full toolkit here  

Now, let's take a look at our top Cyber Security News picks of the week

1. Fortinet Warns About FortiSIEM Vulnerability (CVE-2025-25256) With In-the-Wild Exploit Code

Fortinet is alerting customers of a critical security flaw in FortiSIEM for which it said there exists an exploit in the wild.

The vulnerability, tracked as CVE-2025-25256, carries a CVSS score of 9.8 out of a maximum of 10.0.

"An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted CLI requests," the company said in a Tuesday advisory.

The following versions are impacted by the flaw -

• FortiSIEM 6.1, 6.2, 6.3, 6.4, 6.5, 6.6 (Migrate to a fixed release)

• FortiSIEM 6.7.0 through 6.7.9 (Upgrade to 6.7.10 or above)

• FortiSIEM 7.0.0 through 7.0.3 (Upgrade to 7.0.4 or above)

• FortiSIEM 7.1.0 through 7.1.7 (Upgrade to 7.1.8 or above)

• FortiSIEM 7.2.0 through 7.2.5 (Upgrade to 7.2.6 or above)

• FortiSIEM 7.3.0 through 7.3.1 (Upgrade to 7.3.2 or above)

• FortiSIEM 7.4 (Not affected)

2. Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws

Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.

The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.

"Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access," Zoom said in a security bulletin on Tuesday.

The issue, reported by its own Offensive Security team, affects the following products -

• Zoom Workplace for Windows before version 6.3.10

• Zoom Workplace VDI for Windows before version 6.3.10 (except 6.1.16 and 6.2.12)

• Zoom Rooms for Windows before version 6.3.10

• Zoom Rooms Controller for Windows before version 6.3.10

• Zoom Meeting SDK for Windows before version 6.3.10

3. CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure their clients' Windows, Apple, and Linux endpoints from a single, unified platform.

The vulnerabilities in question are listed below -

• CVE-2025-8875 (CVSS score: N/A) - An insecure deserialization vulnerability that could lead to command execution

• CVE-2025-8876 (CVSS score: N/A) - A command injection vulnerability via improper sanitization of user input

Both shortcomings have been addressed in N-central versions 2025.3.1 and 2024.6 HF2 released on August 13, 2025. N-able is also urging customers to make sure that multi-factor authentication (MFA) is enabled, particularly for admin accounts.

4. Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could allow an attacker to execute arbitrary code on affected systems.

The vulnerability, assigned the CVE identifier CVE-2025-20265 (CVSS score: 10.0), affects the RADIUS subsystem implementation that could permit an unauthenticated, remote attacker to inject arbitrary shell commands that are executed by the device.

The networking equipment major said the issue stems from a lack of proper handling of user input during the authentication phase, as a result of which an attacker could send specially crafted input when entering credentials that get authenticated at the configured RADIUS server.

5. Pro-Russian Hackers Blamed for Water Dam Sabotage in Norway

The Norwegian Police Security Service (PST) says that pro-Russian hackers took control of critical operation systems at a dam and opened outflow valves.

The attack occurred in April and is thought to have been a demonstration of Russia’s ability to remotely hack critical infrastructure in the country.

At the Arendalsuka annual national forum in the city of Arendal, the head of the PST, Beate Gangås, spoke about the incident saying that it was less of an attempt to cause damage than a display of what the hackers can do.

That's it for this weeks tasty morsels...

Much 🧡 Stay Safe

The CV Team

Security for an intelligent future...