More Signal. Less Noise.

Control what runs in your environment. Reduce your attack surface.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.

V14 | Issue 152 | 8.11.25

Daily Briefing for 08.11.25

Summary

By the CyberWire staff

At a glance.

Thousands of Exchange servers remain vulnerable to high-severity flaw.
WinRAR patches actively exploited zero-day.
US extradites alleged ringleaders of major Ghanaian fraud organization.

Thousands of Exchange servers remain vulnerable to high-severity flaw.

BleepingComputer reports that, as of August 10th, more than 29,000 hybrid Microsoft Exchange servers remained vulnerable to a high-severity post-authentication vulnerability (CVE-2025-53786) that can allow threat actors to escalate privileges within compromised cloud environments.

The US Cybersecurity and Infrastructure Security Agency (CISA) last week ordered Federal civilian agencies to patch the flaw by 9:00 AM this morning. The agency stated, "Although exploitation of this vulnerability is only possible after an attacker establishes administrative access on the on-premises Exchange server, CISA is deeply concerned at the ease with which a threat actor could escalate privileges and gain significant control of a victim’s M365 Exchange Online environment."

WinRAR patches actively exploited zero-day.

WinRAR has received a patch for a vulnerability that was exploited as a zero-day by the Russia-aligned threat actor RomCom, SecurityWeek reports. Researchers at ESET discovered the flaw (CVE-2025-8088), which can allow an attacker to execute arbitrary code via maliciously crafted archive files. The attackers used spearphishing emails with phony job applications to target "financial, manufacturing, defense, and logistics companies in Europe and Canada."

RomCom is known for conducting cyberespionage alongside opportunistic criminal activity. ESET notes that this campaign "targeted sectors that align with the typical interests of Russian-aligned APT groups, suggesting a geopolitical motivation behind the operation."

US extradites alleged ringleaders of major Ghanaian fraud organization.

The US Justice Department has charged four Ghanaian nationals for their alleged roles in conducting romance scams and business email compromise (BEC) attacks that netted more than $100 million. Three of the defendants have been extradited to the US, while one remains at large. Two of the arrested individuals, Isaac Boateng and Inusah Ahmed, are considered chairmen of the criminal organization. The defendants face decades in prison if convicted.

Notes.

Today's issue includes events affecting Canada, Ghana, Russia, and the United States.

Selected Reading

Attacks, Threats, and Vulnerabilities

BadCam: Now Weaponizing Linux Webcams (Eclypsium) Eclypsium researchers have discovered vulnerabilities in USB webcams that allow attackers to turn them into BadUSB attack tools. This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system.

Google Calendar invites let researchers hijack Gemini to leak user data (BleepingComputer) Google fixed a bug that allowed maliciously crafted Google Calendar invites to remotely take over Gemini agents running on the target's device and leak sensitive user data.

Marketplace

Nvidia and AMD will give a 15% cut to the government for chip sales in China (Quartz) Nvidia and AMD can sell AI chips to China again under a first-of-its-kind export deal.

Research and Development

DARPA announces $4 million winner of AI code review competition at DEF CON (The Record) The winner announced on Friday at the DEF CON cybersecurity conference, known as Team Atlanta, is composed of tech experts from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science & Technology (KAIST) and the Pohang University of Science and Technology (POSTECH).

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

39th Annual Small Satellite Conference (Salt Lake City, Utah, USA, Aug 11 - 13, 2025) During the 39th Annual Small Satellite Conference, we will delve into the innovations, demands, and cross-market collaborations shaping the future of satellite capabilities and driving new opportunities allowing us to collectively reach new horizons.

HackAICon 2025 (Lisbon, Portugal, Sep 25, 2025) The first conference dedicated to combining AI and Ethical Hacking. We're bringing together OffSec pros, hackers, and leading researchers to find practical ways of using AI to secure the internet. Learn about the latest AI Hacking cosmic trends and connect with fellow professionals in engaging conversations. We banned sales pitches from the event - just knowledge sharing, leadership and technical insights.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.