Top 5 Cybersecurity News Stories August 8, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three D-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, citing active exploitation. These flaws—affecting legacy Wi-Fi camera and NVR products—allow remote code execution and command injection.

Despite the devices reaching end-of-life in 2016, CISA has mandated federal agencies to remediate them by August 20, 2025. Organizations still using these systems are urged to retire them or apply available mitigations. This move highlights ongoing risks from outdated IoT devices still operational across critical infrastructure sectors.

Read more at The Hacker News

2. Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups

Microsoft disclosed a security flaw in Exchange Server allowing threat actors to silently gain cloud access in hybrid environments. Tracked as CVE-2024-38021, the vulnerability permits attackers to forge special access tokens (Proof-of-Possession) and impersonate users on cloud services. Exchange hybrid deployments are particularly exposed.

Though Microsoft addressed the issue via July 2024 updates, the flaw’s discovery underscores the risks of complex hybrid setups. Security teams are urged to apply the latest patches and review token generation logic for anomalies, especially in multi-cloud identity configurations.

Read more at The Hacker News

3. New EDR killer tool used by eight different ransomware groups

Security researchers discovered a sophisticated new EDR killer tool actively used by eight ransomware groups to disable endpoint detection and response solutions. The tool can terminate processes, delete drivers, remove security software, and impair forensic tools.

Its usage has been attributed to groups such as LockBit, Akira, and Medusa, with its codebase containing both PowerShell and C++ variants. This utility reflects a trend in ransomware innovation aimed at evading modern defenses and making detection increasingly difficult. Organizations must reinforce their EDR protections and implement multi-layered monitoring strategies.

Read more at BleepingComputer

4. Bouygues Telecom confirms data breach impacting 6.4 million customers

Bouygues Telecom, one of France’s major telecom providers, confirmed a data breach exposing the personal details of 6.4 million customers. The breach originated from a compromised third-party service provider. Impacted data includes full names, phone numbers, and dates of birth, though no financial or password information was accessed.

Bouygues has notified regulatory authorities and the affected users. This incident underscores the cybersecurity risks linked to supply chain dependencies and third-party integrations within telecom infrastructures. The company is reinforcing internal safeguards and reviewing partner security protocols.

Read more at BleepingComputer

5. US federal courts say their systems were targeted by recent cyberattacks

The U.S. Administrative Office of the Courts disclosed that federal judiciary systems have been targeted by sophisticated cyberattacks. Officials did not confirm data exfiltration but noted an increase in the severity and frequency of attempts. The attack affected the Case Management/Electronic Case Files (CM/ECF) system.

Authorities are coordinating with federal cybersecurity partners and implementing enhanced protective measures. The disclosure follows reports of vulnerabilities in outdated court systems and highlights growing concerns about the cybersecurity posture of critical U.S. legal infrastructure.

Read more at Reuters

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!