Microsoft issues out-of-band updates to fix reset and recovery problems.

Announcement

OT security, redefined with N2K and Frenos.

Frenos and N2K have partnered to train and benchmark the industry's first OT security platform powered by industry-validated intelligence, rather than generic AI models. The partnership leverages N2K's extensive cybersecurity certification knowledge base, trusted by over 1.5 million cybersecurity professionals, to assess whether Frenos’ SAIRA (Simulated Adversarial Intelligence Reasoning Agent) truly understands complex professional concepts. This marks a significant step forward in aligning AI development with proven professional standards. Read the full announcement here.

Summary

By the CyberWire staff

At a glance.

Microsoft issues out-of-band updates to fix reset and recovery problems.
Unsecured database exposes information on people seeking medical marijuana cards.
Criminals abuse website generator to create phishing sites.

Microsoft issues out-of-band updates to fix reset and recovery issue.

Microsoft has released emergency out-of-band updates for Windows to fix an issue in the August 2025 security updates that broke reset and recovery operations, BleepingComputer reports. The issue affects Windows 10 and older versions of Windows 11.

Microsoft stated, "Since this is a cumulative update, you do not need to apply any previous update before installing KB5066189, as it supersedes all previous updates for affected versions. This update does not contain any additional security updates from those available in the August 2025 security update. Installation of this OOB will require a device restart. If your organization uses the affected platforms and hasn’t yet deployed the August 2025 security update yet, we recommend you apply this OOB update instead."

Are You Future Ready? Secure Your Machine Future With Confidence.

CyberArk is the leader behind the world’s most comprehensive machine identity security solution. With capabilities that span secrets, certificate management and workload identities, we enable customers to secure more machine identity use cases with the right level of privilege control. Find out exactly how we’re helping modern organizations secure their machine future.

Unsecured database exposes information on people seeking medical marijuana cards.

Security researcher Jeremiah Fowler discovered a publicly accessible database containing 323 GB of sensitive medical and personal information belonging to people seeking medical marijuana cards, WIRED reports. The database stored nearly a million records, including names, Social Security numbers, email addresses, physical addresses, and dates of birth, as well as medical records, mental health evaluations, physician reports, and images of IDs.

The apparent owner of the database was Ohio Medical Alliance LLC, which operates under the name "Ohio Marijuana Card." Fowler notified the company but didn't receive a response. The database was taken offline shortly after he sent the notification, however.

DMV Rising, D.C.’s Premier Conference for Cyber Execs.

The Washington, D.C. Maryland, and Virginia (DMV) region has established itself as a top-tier player in the global cyber industry. Join us on September 18, 2025 to celebrate the remarkable accomplishments of the DMV's cybersecurity community, connect with the brilliant minds shaping the future of the field, and experience firsthand why the DMV region is the beating heart of cyber innovation. Register now to secure your spot.

Criminals abuse website generator to create phishing sites.

Proofpoint warns that threat actors are abusing AI website generation platform Lovable to craft phishing sites. Proofpoint has observed "tens of thousands of Lovable URLs detected as threats each month in email data since February 2025." The company notes, "With automatic web creation tools, threat actors can spend more time on the attack chain and tooling capabilities and incorporate AI-generated social engineering into their toolkit. Creators of such tools should be mindful of opportunities for abuse and implement safeguards to prevent exploitation."

Lovable said it added improved security measures to block abuse last month, and the company plans to introduce additional safeguards this fall.

Notes.

Today's issue includes events affecting , and the United States.

Attacks, Threats, and Vulnerabilities

Microsoft Curbs Early Access for Chinese Firms to Notifications About Cybersecurity Flaws (Bloomberg) Microsoft Corp. has curtailed Chinese companies’ access to advance notifications about cybersecurity vulnerabilities in its technology after investigating whether a leak led to a series of hacks exploiting flaws in its SharePoint software.

Warlock Ransomware Hitting Victims Globally Through SharePoint ToolShell (Infosecurity Magazine) Trend Micro highlighted a sophisticated post-compromise attack chain to deploy the Warlock ransomware in unpatched SharePoint on-prem environments

Russia-linked European attacks renew concerns over water cybersecurity (CSO Online) Suspected sabotage in Norway and a foiled cyberattack in Poland highlight the growing risk to under-protected water utilities, experts warn.

Litigation, Investigation, and Law Enforcement

Officials gain control of Rapper Bot DDoS botnet, charge lead developer and administrator (CyberScoop) The DDoS botnet was among the most powerful on record, allegedly exceeding six terabits per second during its largest attack, authorities said. Victims are spread across 80 countries.

T-Mobile claimed selling location data without consent is legal—judges disagree (Ars Technica) T-Mobile can’t overturn $92 million fine; AT&T and Verizon verdicts still to come.

Industry Events

For a complete running list of events, please visit the Event Tracker.

Events

HackAICon 2025 (Lisbon, Portugal, Sep 25, 2025) The first conference dedicated to combining AI and Ethical Hacking. We're bringing together OffSec pros, hackers, and leading researchers to find practical ways of using AI to secure the internet. Learn about the latest AI Hacking cosmic trends and connect with fellow professionals in engaging conversations. We banned sales pitches from the event - just knowledge sharing, leadership and technical insights.

Sponsor & Support

Grow your brand, generate leads, and fill your funnel.

With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out. Learn more.

Daily Briefing for 08.20.25