Cybersecurity Roundup: Key News Stories (August 2025)
Cyber threats never stop evolving. Here’s a look at some of the most important cybersecurity stories making headlines in early August 2025:
CISA flags D-Link vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three vulnerabilities affecting older D-Link Wi-Fi camera and network-video-recorder devices to its Known Exploited Vulnerabilities catalog. These flaws allow remote code execution and command injection. Although the devices reached end-of-life in 2016, CISA has instructed federal agencies to remediate them by 20 August 2025. Users still running these products are urged to replace them or apply available mitigations, highlighting the ongoing risks of outdated IoT hardware.
Exchange Server flaw enables silent cloud access
Microsoft disclosed a vulnerability (CVE-2024-38021) in Exchange Server that could let attackers forge special access tokens and impersonate users in hybrid cloud environments. While patches were released in July 2024, the discovery underscores the risks inherent in complex hybrid identity setups. Security teams should ensure the latest updates are applied and review token-generation logic for anomalies.
Ransomware groups deploy an EDR-killer tool
Researchers uncovered a sophisticated tool being used by multiple ransomware gangs—including LockBit, Akira and Medusa—to disable endpoint detection and response (EDR) solutions. The utility can kill processes, delete drivers and remove security software, making it easier for attackers to evade modern defenses. Organizations should harden their EDR implementations and employ layered monitoring to detect such threats.
Bouygues Telecom data breach
France’s Bouygues Telecom confirmed that a breach at a third-party service provider exposed personal details of 6.4 million customers, including names, phone numbers and dates of birth. No financial or password information appears to have been accessed, but the incident underscores the cyber-risks associated with supply-chain partners. Bouygues has notified authorities and affected users while reviewing its security posture.
U.S. federal courts targeted in cyberattacks
The U.S. Administrative Office of the Courts disclosed that federal judiciary systems, particularly the Case Management/Electronic Case Files (CM/ECF) system, have been targeted by sophisticated cyberattacks. While officials have not confirmed data theft, they noted increasing frequency and severity of attacks. Authorities are working with federal cybersecurity partners and strengthening protective measures, highlighting concerns over outdated court systems.
Staying informed about these developments can help organizations anticipate emerging threats and prioritize defensive measures.
