More Signal. Less Noise.

Control what runs in your environment. Reduce your attack surface.

ThreatLocker helps organizations reduce risk by allowing trusted applications to run while limiting their access to only the resources they need. It’s a straightforward, default deny approach that gives you more control and visibility—without slowing down operations. Explore how ThreatLocker can help simplify your security strategy.

V14 | Issue 153 | 8.12.25

Daily Briefing for 08.12.25

Summary

By the CyberWire staff

At a glance.

North Korea's Kimsuky APT reportedly sustains breach.
Threat actors exploit Erlang flaw to target OT networks.
Data breach at Dutch medical lab affects more than 485,000 patients.

North Korea's Kimsuky APT reportedly sustains breach.

Two hackers, going by "Saber" and "cyb0rg," have leaked 8.9 GB of backend data allegedly stolen from the North Korean state-sponsored APT Kimsuky, BleepingComputer reports. The hackers published their findings in the latest issue of the Phrack e-zine, which was distributed at DEF CON last week. The hackers claim the dump contains "many of Kimsuky's backdoors and their tools as well as the internal documentation." BleepingComputer notes that the data could also "provide insight into unknown campaigns and undocumented compromises."

Threat actors exploit Erlang flaw to target OT networks.

Palo Alto Networks' Unit 42 is tracking exploitation of CVE-2025-32433, a maximum-severity remote code execution flaw affecting Erlang/OTP that was patched in April. Unit 42 detected exploitation beginning on May 1st. Notably, a majority (70%) of the exploit attempts targeted firewalls protecting OT networks, with a disproportionate focus on organizations in the healthcare, agriculture, media and entertainment, and high technology.

Unit 42 notes, "The geographic, industrial, and temporal footprint of CVE-2025-32433 exploit attempts highlights a strategic shift in attacker behavior toward operational environments across diverse sectors and regions. Exploits are not limited to traditionally defined industrial control systems. They appear in healthcare, education, high tech and other verticals — many of which host embedded OT systems not previously treated as high risk."

Data breach at Dutch medical lab affects more than 485,000 patients.

Dutch medical lab Clinical Diagnostics NMDL sustained a breach affecting data belonging to more than 485,000 patients, Infosecurity Magazine reports. The breach primarily affected women who participated in the lab's cervical cancer screening program. According to a press release from the Dutch Population Screening Association (BDO), the hackers stole "names, addresses, dates of birth, citizen service numbers (BSN), possible test results, and the names of participants' healthcare providers"

Notes.

Today's issue includes events affecting the Democratic People's Republic of Korea, the Netherlands, and the United States.

Selected Reading

Attacks, Threats, and Vulnerabilities

Pennsylvania Attorney General's Office hit by cybersecurity incident, shuts down digital infrastructure (BeyondMachines) The Pennsylvania Attorney General's Office suffered a major cyber incident on Monday, August 12, 2025, that took down their entire digital infrastructure including website, email systems, and phone lines, preventing citizens from accessing services or providing tips. The nature of the attack and any potential data exposure have not been disclosed.

Saint Paul cyberattack linked to Interlock ransomware gang (BleepingComputer) The mayor of Saint Paul, Minnesota's capital city, has confirmed that the Interlock ransomware gang is responsible for a cyberattack that disrupted many of the city's systems and services in July.

Products, Services, and Solutions

Unplugged Relaunches UP Phone under New CEO with a Powerful Privacy System and All-New Experience (Cision PR Newswire) /PRNewswire/ -- Unplugged today announced a major update to its privacy-first smartphone, UP Phone, alongside the official appointment of Joe Weil as CEO....

Litigation, Investigation, and Law Enforcement

Finland charges captain of suspected Russian ‘shadow fleet’ tanker for subsea cable damage (The Record) In a statement on Monday, Finland’s National Prosecution Authority said they had brought aggravated criminal mischief and aggravated interference with communications charges against the three senior officers aboard the Eagle S, a tanker registered in the Cook Islands.

Man Arrested for Phishing Nuns in Antwerp.. 7+ Belgian Monasteries Targeted (Faharas News) Phishing attacks target Belgian convents: Antwerp police warn after arrest linked to stolen funds from Wetteren monastery, raising urgent security concerns.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

39th Annual Small Satellite Conference (Salt Lake City, Utah, USA, Aug 11 - 13, 2025) During the 39th Annual Small Satellite Conference, we will delve into the innovations, demands, and cross-market collaborations shaping the future of satellite capabilities and driving new opportunities allowing us to collectively reach new horizons.

HackAICon 2025 (Lisbon, Portugal, Sep 25, 2025) The first conference dedicated to combining AI and Ethical Hacking. We're bringing together OffSec pros, hackers, and leading researchers to find practical ways of using AI to secure the internet. Learn about the latest AI Hacking cosmic trends and connect with fellow professionals in engaging conversations. We banned sales pitches from the event - just knowledge sharing, leadership and technical insights.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.