Weekly cybersecurity recap: Microsoft, Chrome, McDonald's and more!

The cybersecurity landscape continues to evolve with sophisticated attacks and critical vulnerabilities coming to light. This week in cybersecurity has been packed with developments that highlight just how fast the threat landscape is shifting. From critical vulnerabilities in widely used tools to sophisticated phishing and social engineering campaigns, attackers continue to find new ways to exploit trust and technology. 

Key highlights include a serious Microsoft Copilot flaw that broke audit logs, a high-severity Chrome vulnerability exposing millions to potential code execution, and novel phishing tactics abusing Microsoft’s ADFS. Add to that Workday’s social engineering breach and the CodeRabbit RCE vulnerability impacting over 1M repositories, and it’s clear: staying ahead requires constant awareness, swift patching, and stronger defenses.

Microsoft Copilot vulnerability creates audit log blind spot

A significant flaw in Microsoft 365 Copilot allowed users, including potential insiders, to access and summarize sensitive files without leaving any audit trail. Security teams depend on these logs for monitoring and compliance, making the gap especially dangerous for industries bound by strict regulations.

Although patched on August 17, 2025, Microsoft has chosen not to issue a CVE or notify customer-leaving organizations unaware that logs prior to the fix may be incomplete. This silent handling raises concerns about transparency as AI continues to integrate deeply into enterprise ecosystems.

Chrome high-severity vulnerability (CVE - 2025-9132)

Google released an emergency update to patch a high-severity flaw in Chrome’s V8 JavaScript engine. The bug, tracked as CVE-2025-9132, stems from an out-of-bounds write vulnerability that could let attackers execute arbitrary code, crash browsers, or bypass security protections remotely.

Discovered on August 4, 2025, by Google’s automated system Big Sleep, the flaw highlights the growing role of AI in vulnerability detection. Users on versions prior to 139.0.7258.138/.139 across Windows, macOS, and Linux are urged to update immediately to stay protected.

McDonald’s free nuggets hack leads to broader data exposure

What began as a mobile app glitch that let users claim free nuggets spiraled into the discovery of serious flaws in McDonald’s global digital infrastructure. Researcher “BobDaHacker” uncovered issues ranging from plaintext password storage and exposed API keys to employee impersonation features and unprotected portals.

Though most flaws have since been patched, some vulnerabilities reportedly remain accessible. With no formal bug bounty program in place, the case highlights the urgent need for global enterprises to adapt structured disclosure policies and proactive security practices. 

CodeRabbit RCE vulnerability exposed 1M repositories

A critical remote code execution vulnerability in CodeRabbit ReboCop integration exposed over 1 million GitHub repositories to unauthorized access. Attackers could exploit the flaw to leak API keys and even gain write access to private repositories.

Discovered in December 2024 and responsibly disclosed in January 2025, the vulnerability was remediated within hours by disabling RuboCop and rotation credentials. This incident underscores the supply chain risks of CI/CD tool integrations and the importance of sandboxing untrusted code execution.

Phishing via Microsoft’s own ADFS (ADFSjacking)

A novel phishing campaign dubbed “ADFSjacking” is leveraging Microsoft’s Active Directory Federation Services (ADFS) to redirect users from legitimate office.com URLs to malicious login pages.

Unlike traditional phishing emails, attackers rely on malvertising, placing fake office 365 ads that send victims through a redirection chain ending on a pixel-perfect Microsoft login clone. Beyond stolen credentials, attackers can also capture session cookies, bypassing MFA protections. Experts advise monitoring ADFS redirects, filtering suspicious ad traffic, and deploying ad blockers as preventive measures.

Workday targeted in Social Engineering Attack

Workday, a leading HR and payments platform used by over 11,000 organizations worldwide, confirmed it was affected by a wide-scale social engineering campaign. Hackers impersonated IT and HR staff to trick employees into sharing credentials, gaining access to customer support tickets containing names, emails, and phone numbers.

While Workday emphasized that core customer data remains secure, researchers noted links between this campaign and the notorious group ShinyHunters and Scattered Spider, further proof that human-focused attacks remain among the hardest to defend.

Ransomware attack at DaVita impacts 2.7M patients

Dialysis giant DaVita has confirmed a ransomware attack that exposed the sensitive data of 2.7 million patients, according to disclosures made to the U.S. health department. While dialysis services were not disrupted, the breach targeted the company’s labs database, compromising critical personal and health-related information.

DaVita has started notifying affected individuals and is offering free credit monitoring as part of its response. The incident has already cost the company $13.5 million in remediation and recovery efforts, underscoring the devastating financial and reputational toll ransomware continues to have on healthcare providers.

From stealthy phishing attacks to large-scale infrastructure flaws, this week highlights the dynamic and multi-faceted threat landscape organizations face today. Proactive patching, robust disclosure policies, employee awareness, and layered defenses remain the foundation of resilience.