Cyber Weekly Digest

👋 Welcome to the 25th edition Cyber Weekly Digest of 2025

🏴󠁧󠁢󠁷󠁬󠁳󠁿 In October this year, Team CV will be heading to the valleys for Wales' Inaugural edition of the Secure cyber series featuring live keynotes, workshops & exhibition, hosted by DIGIT

The event brings together senior cyber practitioners, industry experts, IT specialists, security researchers and law enforcement - providing a unique forum for knowledge exchange, discussion and high-level networking.

🧡 We'd absolutely bloody love to see you at Cymrusec 2025! You can register here

⭐️ Vendor of the Week ⭐️

Silverfort - The first platform to deliver modern identity security across all corporate users, service accounts and resources, inc legacy systems and command-line interfaces that are leveraged in more than 80% of data breaches and Ransomware attacks, previously considered unprotectable!

🧐 Want to learn more about Silverfort? Click here

🎥 Upcoming Webinar Alert 🎥

Ever watched a cyber crisis unfold and thought, "I might have done that differently"? 🤔

Now's your chance to put your decision-making to the test.

Join Immersive, at 3pm today, for a virtual Crisis Simulation that will turn your expectations on traditional exercises upside down. You'll get a unique, 360-degree view of crisis management in the financial services sector, an industry that's proven time and time again to be a top target for cyberattacks.

You'll get the opportunity to:

⚔️ Witness a leadership team grappling with a high-stakes crisis

🔓 Step into the shoes of media, regulators, and investors to see how they handle the fallout

💰 Navigate the unique financial, reputational, and regulatory risks of the financial services sector

🔗 Register here

New and noteworthy from our Tech Community this week:

🔥 Introducing the Horizon3.ai Hack Hour

A bi-weekly webinar where experts dive into NodeZero, the cutting-edge autonomous penetration testing solution.

Join Horizon3.ai for their bi-weekly Hack Hour, where their experts dive into #NodeZero with live demos, real-world use cases, and expert insights.

Up next: 📆 July 7 at 12 PM GMT

🔗 You can sign up here

Did you know that Cyber Vigilance offer Horizon3 Breach Assessments? Helping organisations find exploits in their environments and ultimately helping to fix these gaps with our fabulous portfolio of cutting edge Cyber Security Solutions!

Not only that but we can continuously validate the fixes and find new exposures moving forward with our Continuous Managed Exposure Service powered by Node Zero

🧐 Horizon3.AI tickling your pickle? Contact us here

🔥 Doctors are using unapproved AI tools to record patient meetings.

That’s the headline from a new Sky News investigation and it highlights something security teams across every industry need to hear:

Shadow AI is already inside your organisation.

Not because people are reckless but because they’re trying to work faster, smarter, and more efficiently.

🚫 The problem isn’t your people.

🔍 The problem is the blind spots in your security stack.

Traditional tools weren’t built to see into the human layer — where real behaviours like:

🔸 Sensitive data shared in ChatGPT

🔸 Unapproved SaaS and AI tools

🔸 Password reuse across apps

🔸 MFA gaps and policy bypasses

…often go unnoticed.

That’s why CultureAI now offer a free 7-day trial - to give security teams visibility into the human perimeter, without disruption or blame.

In just 24 hours of ingesting your telemetry, you’ll:

✅ Uncover real-world risks your existing tools miss

✅ Detect and respond to shadow AI and SaaS

✅ Start defending the human layer

It’s not about catching people out, it’s about catching what your tools can’t.

🔗 Try it now by clicking here

🧐 Want to learn more about CultureAI? Contact us here

🔥 FREE TOOL ALERT: Visualise Your Agentic Workflows in Seconds

Building complex multi-agent systems? It’s easy to lose track of how everything connects – agents calling tools, passing data, looping logic, coordinating over MCP servers, or chaining through agent-to-agent (A2A) interactions. It gets messy fast.

Agentic Visualiser is a free web tool from Splx.AI that helps you instantly map out your entire workflow. Whether you're using CrewAI, LangGraph, OpenAI Agents, AutoGen, or n8n, just drop in a link to your public GitHub repo or upload your code in a ZIP file – and voilà – get a sleek, interactive visual of your entire agentic system.

Why it's useful:

🧭 See what’s really happening under the hood

🔍 Catch blind spots, weird loops, and logic traps

🧩 Start debugging your multi-agent system with ease

🔗 Try it for free here  

🧐 Want to learn more about SplxAI? Contact us here

🔥 We've reached a point in the AI revolution where AI has become autonomous—completing tasks and making decisions

But while AI adoption and the rise of AI agents become more embedded into our lives and jobs, security concerns arise, too.

📈 According to Gartner, by 2028, 25% of cyber breaches will be linked to AI agent misuse. So what do we do to close the gap between innovation and cyber risk?

In his latest article for Forbes, Silverfort's CEO and co-founder Hed Kovetz shares insight on how C-level leaders can achieve a balance ⚖️

1. CISO and wider C-suite alignment

2. Limit access to sensitive data

3. Use AI agents for security

🔗 Read the full article here

🧐 Want to learn more about Silverfort? Click here  

🔥 When Coca-Cola was hit by a ransomeware attack, they didn’t panic.

Instead, they set a new standard, responding with calm, clarity, and transparency.

🔗 Here's what they did and why it could change everything.  

🧐 Want to know more about GYTPOL? Book a call here

🔥 Villain of the Week

A critical vulnerability, CVE-2025-32706, has been discovered in the Windows Common Log File System (CLFS) driver. With a CVSS score of 7.8, this flaw allows an authenticated local attacker to exploit improper input validation and gain SYSTEM-level privileges via a heap-based buffer overflow access.redhat.

📌 Why it matters:

Exploiting this vulnerability could result in:

- Privilege escalation to NT AUTHORITY\SYSTEM.

- Active exploitation in the wild—Microsoft confirmed this is a known exploited vulnerability listed by CISA.

📋 Recommended actions:

- Apply Microsoft's May 2025 Patch immediately—look for updates via KB5058411 (Windows 11) or KB5058405 (Windows 10).

- Restrict sensitive file-system operations: Limit user access to %SystemRoot%\System32\LogFiles\CLFS until patched.

Use these scripts from the Vicarius research team:

📡 Detection: https://lnkd.in/g4YBGQJ2

🔧 Remediation: https://lnkd.in/gF4mbVt7

Let us know if you need help securing your systems or understanding these steps further.

🧐 Want to know more about vuln discovery and patching? Contact us here  

Last but not least...

🔥 Repeat after us... where there's hype, there's fraud!

⚽ The 2025 FIFA Club World Cup (CWC) is making history with a new 32-team format across 11 U.S. cities. While most eyes are on the pitch, cybercriminals, scammers, and opportunists are watching too.

The threats around this tournament extend far beyond the stadium gates, and ZeroFox has already identified suspicious websites and social media accounts designed to scam fans. Attackers are poised to exploit the scale, speed, and global spotlight of the tournament.

In a recent blog, ZeroFox covers what attendees, organisers, and casual fans need to know to stay informed and protected

🔗 Dive into the details here  

🧐 If you'd like to learn more about the Foxes, give us a shout here

Now, let's take a look at our top Cyber Security News picks of the week

1. McLaren Health Care Says Data Breach Impacts 743,000 Patients

McLaren Health Care is warning 743,000 patients that the health system suffered a data breach caused by a July 2024 attack by the INC ransomware gang.

Although the attack was discovered on August 5, 2024, forensic investigations determining who was impacted were only completed on May 5, 2025, with the notice circulation starting last Friday.

McLaren is a nonprofit health system in the U.S. with $6.6 billion in annual revenue, operating a network that spans 14 Michigan hospitals (2,624 beds). It employs 490 physicians and 28,000 full-time staff while contracting with another 113,000 providers across Michigan and into Indiana.

2. US Homeland Security Warns of Escalating Iranian Cyberattack Risks 

The U.S. Department of Homeland Security (DHS) warned over the weekend of escalating cyberattack risks by Iran-backed hacking groups and pro-Iranian hacktivists.

This warning was issued as a National Terrorism Advisory System bulletin on Sunday and cautions that the Iranian conflict is causing a "heightened threat environment" in the United States, with "low-level" cyberattacks targeting networks in the U.S. likely.

"The likelihood of violent extremists in the Homeland independently mobilizing to violence in response to the conflict would likely increase if Iranian leadership issued a religious ruling calling for retaliatory violence against targets in the Homeland," the advisory reads.

3. Black Hat SEO Poisoning Search Engine Results For AI to Distribute Malware 

Zscaler ThreatLabz researchers recently uncovered AI-themed websites designed to spread malware. The threat actors behind these attacks are exploiting the popularity of AI tools like ChatGPT and Luma AI. These websites are utilizing platforms such as WordPress and are designed to poison search engine rankings and increase the probability of unsuspecting users landing on these webpages.

If users interact with one of these AI-themed websites, JavaScript is used to trigger a redirection chain that ultimately delivers malware including Vidar, Lumma, and Legion Loader. In this blog post, we will provide an in-depth analysis of these malware campaigns.

4. Steel Giant Nucor Confirms Hackers Stole Data in Recent Breach

Nucor, North America's largest steel producer and recycler, has confirmed that attackers behind a recent cybersecurity incident have also stolen data from the company's network.

The steel giant employs more than 32,000 people in numerous mills across the U.S., Mexico, and Canada and reported a revenue of $30.73 billion last year.

Nucor disclosed this incident last month, revealing that it took down some systems to contain the security breach and halted production at some of its facilities. It also said it had notified law enforcement authorities and hired external cybersecurity experts to assist with the recovery efforts and investigation.

5. nOAuth Vulnerability Still Affects 9% of Microsoft Entra SaaS Apps Two Years After Discovery

New research has uncovered continued risk from a known security weakness in Microsoft's Entra ID, potentially enabling malicious actors to achieve account takeovers in susceptible software-as-a-service (SaaS) applications.

Identity security company Semperis, in an analysis of 104 SaaS applications, found nine of them to be vulnerable to Entra ID cross-tenant nOAuth abuse.

First disclosed by Descope in June 2023, nOAuth refers to a weakness in how SaaS applications implement OpenID Connect (OIDC), which refers to an authentication layer built atop OAuth to verify a user's identity.

The authentication implementation flaw essentially allows a bad actor to change the mail attribute in the Entra ID account to that of a victim's and take advantage of the app's "Log in with Microsoft" feature to hijack that account.

6. Retail Giant Ahold Delhaize Says Data Breach Affects 2.2 Million People

Ahold Delhaize, one of the world's largest food retail chains, is notifying over 2.2 million individuals that their personal, financial, and health information was stolen in a November ransomware attack that impacted its U.S. systems.

The multinational retailer and wholesale company operates over 9,400 local stores across Europe, the United States, and Indonesia, employing more than 393,000 people and serving approximately 60 million customers each week in-store and online.

It has reported yearly net sales of over $104 billion last year and it operates under a wide range of brands, including Food Lion, Stop & Shop, Giant Food, and Hannaford in the American market, and Delhaize, Maxi, Mega Image, Albert, bol, Alfa Beta, Gall & Gall, and Profi in Europe.

That's it for this weeks tasty morsels...

Much 🧡 Stay Safe

The CV Team

Security for an intelligent future...