Daily Briefing for 08.13.25

At a glance.

• Patch Tuesday notes.
• New Russian threat actor targets critical infrastructure in Eastern Europe.
• New ransomware group displays overlaps with China-aligned APT.

Patch Tuesday notes.

Microsoft yesterday patched 107 flaws, including one publicly disclosed zero-day (CVE-2025-53779) affecting Windows Kerberos, KrebsOnSecurity reports. Thirteen of the vulnerabilities are rated as "critical," with the most severe being a remote code execution flaw (CVE-2025-53766) in the Windows GDI+ component.

Intel, AMD, and Nvidia have issued fixes for dozens of flaws, including high-severity vulnerabilities in Intel's Xeon processors, SecurityWeek reports.

Adobe patched more than sixty vulnerabilities across thirteen products, including Commerce, Photoshop, InDesign, FrameMaker, and Substance 3D tools.

SecurityWeek also has a roundup of patches from ICS vendors. Notably, Siemens issued a patch for a critical vulnerability (CVE-2025-40746) affecting Simatic RTLS Locating Manager that could "allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT Authority/SYSTEM' privileges."

Finally, Fortinet and Ivanti have both issued important patches for a variety of products. One of the Fortinet vulnerabilities—a FortiSIEM flaw (CVE-2025-25256) that can allow an unauthenticated attacker to execute unauthorized code—was assigned a CVSS score of 9.8. Fortinet warns that "[p]ractical exploit code for this vulnerability was found in the wild."

New Russian threat actor targets critical infrastructure in Eastern Europe.

Bitdefender has published a report on a newly observed Russia-aligned APT dubbed "Curly COMrades," which is targeting "critical organizations in countries facing significant geopolitical shifts." The threat actor has launched attacks against judicial and government entities in Georgia and an energy distribution company in Moldova. The group's primary objective is to establish long-term access and steal credentials. The researchers note that "[e]xfiltration activity was deliberately sparse and manually executed to avoid triggering alerts."

New ransomware group displays overlaps with China-aligned APT.

Trend Micro warns that a new ransomware family called "Charon" was "deployed in a targeted attack observed in the Middle East's public sector and aviation industry." Notably, the threat actor behind the attack used TTPs previously observed in campaigns by the Chinese cyberespionage actor Earth Baxia, though Trend Micro doesn't definitively attribute the ransomware attack to the Chinese threat actor. The researchers note that the overlap "could represent either direct involvement, deliberate imitation, or independent development of similar tactics." Trend Micro adds, however, that the case highlights a growing trend of ransomware operators adopting sophisticated techniques typically associated with state-sponsored operators.