Top 5 Cybersecurity News Stories August 15, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Cisco Warns of CVSS 10.0 FMC RADIUS Flaw Allowing Remote Code Execution

Cisco has issued a critical alert about a newly identified vulnerability—tracked as CVE-2025-20188—with an unprecedented CVSS score of 10.0. The flaw affects FMC (Firepower Management Center) and RADIUS components, enabling remote code execution. Exploitation could permit attackers to execute arbitrary commands, potentially leading to full system compromise.

Cisco urges administrators to apply the available patch immediately to thwart active threats. The flaw underscores the persistent risk posed by deeply embedded vulnerabilities in enterprise security infrastructure and the imperative of prompt remediation.
Read more on The Hacker News

2. Norway spy chief blames Russian hackers for dam sabotage in April

On August 13, 2025, Norway’s counter-intelligence leader, Beate Gangaas, formally attributed a cyberattack on a dam in Bremanger to Russian-linked hackers. On April 7, cyber-actors breached the facility, remotely opened a floodgate, and released 500 litres per second of water for four hours before detection.

While no injuries or damage occurred, the incident marks the first official attribution of such infrastructure sabotage to Russia. Gangaas emphasized the attack’s intent to sow fear and chaos among civilians, urging public awareness. Norway’s reliance on hydropower elevates the importance of hardened industrial control system defenses.
Read more on Reuters

3. Booking.com phishing campaign uses sneaky ‘ん’ character to trick you

Security researchers have uncovered a phishing campaign impersonating Booking.com that manipulates a Unicode character to deceive users. Attackers are substituting the Japanese hiragana character “ん” in phishing URLs, which—on some systems—appears identical to the forward slash “/.” This visual spoofing tactic makes malicious links appear legitimate at a glance, increasing the risk of credential theft or malware infection.

This technique emphasizes the evolving sophistication of phishing threats. Individuals and organizations should remain vigilant for subtle anomalies in URLs and implement URL-filtering or user-education strategies to mitigate such deceptive attacks.
Read more on BleepingComputer

4. Cybercrime Groups ShinyHunters, Scattered Spider Join Forces in Extortion Attacks on Businesses

Recent developments reveal that ShinyHunters—a prolific data theft and extortion group—has joined forces with Scattered Spider in coordinated extortion campaigns. These cybercrime syndicates are increasingly targeting businesses, leveraging extensive stolen data to pressure victims.

Tactics reportedly include blackmail and public data disclosure unless ransom demands are met. This evolving collaboration signals heightened threat intensity and sophistication in digital extortion strategies. Security teams should augment monitoring for signs of intrusion, prepare incident response plans, and reinforce data protection protocols to counter these organized, multi-vector extortion threats.
Read more on The Hacker News

5. Canada’s House of Commons investigating data breach after cyberattack

Canada’s House of Commons is currently investigating a cybersecurity incident in which a threat actor reportedly stole employee data. Although no official public statement has been made yet, internal communications indicate that staff were alerted by email following the breach.

The Federal Parliament’s administrative systems are under review to assess the cause, impact, and potential system vulnerabilities. Authorities are likely collaborating with cybersecurity and investigative agencies to contain the incident, protect sensitive information, and prevent recurrence. Further details are awaited as investigations proceed.
Read more on BleepingComputer

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!