More Signal. Less Noise.

Are You Future Ready? Secure Your Machine Future With Confidence.

CyberArk is the leader behind the world’s most comprehensive machine identity security solution. With capabilities that span secrets, certificate management and workload identities, we enable customers to secure more machine identity use cases with the right level of privilege control. Find out exactly how we’re helping modern organizations secure their machine future.

V14 | Issue 151 | 8.8.25

Daily Briefing for 08.08.25

Summary

By the CyberWire staff

At a glance.

Researchers disclose nine flaws in HashiCorp Vault.
Columbia University breach affects 860,000
Data-wiping npm packages target WhatsApp developers.

Researchers disclose nine flaws in HashiCorp Vault.

Researchers at Cyata have published a report on nine vulnerabilities affecting the secrets management platform HashiCorp Vault. Notably, one of the flaws (CVE-2025-6037) allows root-level privilege escalation, and another (CVE-2025-6000) can lead to remote code execution. The researchers note that the latter flaw is the first public RCE ever reported in Vault. HashiCorp has issued fixes for eight of the vulnerabilities, and released mitigation guidance for one flaw that hasn't yet been patched.

Control what runs in your environment. Reduce your attack surface.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.

Columbia University breach affects 860,000.

Columbia University has disclosed that a cyberattack in June resulted in the theft of sensitive personal information belonging to more than 860,000 people who applied to or attended the school, the Record reports. The stolen data included Social Security numbers, contact details, academic history, financial aid information, health insurance information, and demographic information. The university says it has "no evidence that any Columbia University Irving Medical Center patient records were affected." The school is offering two years of free credit monitoring to affected individuals.

Data-wiping npm packages target WhatsApp developers.

Researchers at Socket discovered two data-wiping npm packages targeting developers building WhatsApp API integrations. The packages "masquerade as WhatsApp socket libraries while implementing a phone number-based kill switch that can remotely wipe developers' systems." The packages have been downloaded more than 1,100 times over the past month. Socket has submitted takedown requests to the npm security team.

The attacker's motive is unclear, though unused code functions suggest the threat actor was initially trying to conduct data theft. The researchers note, "The phone number-based targeting suggests advanced intelligence gathering, with threat actors likely researching their victims' development practices and deployment patterns. The use of GitHub-hosted databases for kill switch control provides both legitimacy and operational flexibility, allowing real-time updates to target lists without republishing malicious packages."

Notes.

Today's issue includes events affecting , and the United States.

Selected Reading

Attacks, Threats, and Vulnerabilities

CISA orders fed agencies to patch new Exchange flaw by Monday (BleepingComputer) CISA has issued an emergency directive ordering all Federal Civilian Executive Branch (FCEB) agencies to mitigate a critical Microsoft Exchange hybrid vulnerability tracked as CVE-2025-53786 by Monday morning at 9:00 AM ET.

Litigation, Investigation, and Law Enforcement

Encryption Made for Police and Military Radios May Be Easily Cracked (WIRED) Researchers found that an encryption algorithm likely used by law enforcement and special forces can have weaknesses that could allow an attacker to listen in.

US confirms takedown of BlackSuit ransomware gang that racked up $370 million in ransoms (The Record) Two weeks ago, the ransomware gang’s darknet extortion sites were seized in an operation involving police from more than nine countries including Germany, France and the United Kingdom.

Germany’s top court holds that police can only use spyware to investigate serious crimes (The Record) The plaintiffs argued that a 2017 rules change enabling law enforcement to use spyware to eavesdrop on encrypted chats and messaging platforms could unfairly expose communications belonging to people who are not criminal suspects.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

DEF CON 33 (Las Vegas, Nevada, USA, Aug 7 - 10, 2025) DEF CON is one of the oldest continuously running hacker conventions around, and also one of the largest.

39th Annual Small Satellite Conference (Salt Lake City, Utah, USA, Aug 11 - 13, 2025) During the 39th Annual Small Satellite Conference, we will delve into the innovations, demands, and cross-market collaborations shaping the future of satellite capabilities and driving new opportunities allowing us to collectively reach new horizons.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.