At a glance.
- Microsoft issues guidance on high-severity flaw affecting hybrid Exchange deployments.
- Trend Micro warns of actively exploited zero-day in its Apex One platform.
- SonicWall attributes ransomware activity to known vulnerability.
- Vishing attacks target Salesforce instances.
- US Justice Department arrests two Chinese nationals accused of exporting Nvidia AI chips.
- US Senate confirms Sean Cairncross as National Cyber Director.
Microsoft issues guidance on high-severity flaw affecting hybrid Exchange deployments.
Microsoft has issued an advisory warning customers to mitigate a high-severity vulnerability (CVE-2025-53786) in Exchange Server hybrid deployments that could lead to privilege escalation, BleepingComputer reports. The company explains, "In an Exchange hybrid deployment, an attacker who first gains administrative access to an on-premises Exchange server could potentially escalate privileges within the organization’s connected cloud environment without leaving easily detectable and auditable traces. This risk arises because Exchange Server and Exchange Online share the same service principal in hybrid configurations." Microsoft hasn't observed exploitation in the wild, but flagged the flaw as "Exploitation More Likely."
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive ordering Federal civilian agencies to patch the flaw by Monday, August 11th.
Trend Micro warns of actively exploited zero-day in its Apex One platform.
Trend Micro has released a mitigation tool for an actively exploited remote code execution flaw affecting its Apex One endpoint security platform, BleepingComputer reports. The vulnerability is tracked as CVE-2025-54948 or CVE-2025-54987, depending on the CPU architecture, and has been assigned a severity score of 9.4. Trend Micro is still working on a patch, and urges customers to use the mitigation tool in the meantime. The company says the tool "is a short-term mitigation, and while it will fully protect against known exploits, it will disable the ability for administrators to utilize the Remote Install Agent function to deploy agents from the Trend Micro Apex One Management Console."
SonicWall attributes ransomware activity to known vulnerability.
SonicWall has completed its investigation into ransomware activity targeting its firewalls with SSLVPN enabled, concluding that the attacks were tied to a known vulnerability (CVE-2024-40766) that was patched in August 2024. The company had advised customers earlier this week to disable SSLVPN while it determined whether the activity involved an unknown zero-day.
SonicWall said in a statement, "The affected population is small, fewer than 40 confirmed cases, and appears to be linked to legacy credential use during migrations from Gen 6 to Gen 7 firewalls. We’ve issued updated guidance, including steps to change credentials and upgrade to SonicOS 7.3.0, which includes enhanced MFA protections."
Vishing attacks target Salesforce instances.
Google has disclosed that the ShinyHunters extortion group breached one of its Salesforce databases and stole contact information for small and medium businesses, TechCrunch reports. ShinyHunters has been using voice phishing (vishing) attacks to target victims' Salesforce instances, recently breaching Adidas, Qantas, Allianz Life, Chanel Louis Vuitton, Dior, and Tiffany & Co., according to BleepingComputer. Google itself described this wave of ShinyHunters attacks in June. Salesforce stresses that the incidents rely purely on social engineering, and advises customers to follow its security guidance to prevent these attacks.
Separately, Cisco disclosed that a threat actor gained access to a third-party CRM system via a vishing attack and stole data belonging to user profiles registered on Cisco.com. It's unclear how many users were affected. Cisco hasn't shared which CRM product was affected, but BleepingComputer notes that the vishing tactic aligns with the ongoing wave of Salesforce attacks.
US Justice Department arrests two Chinese nationals accused of exporting Nvidia AI chips.
The US Justice Department has arrested two Chinese nationals accused of illegally exporting tens of millions of dollars' worth of microchips used for AI processing, including Nvidia’s H100 general processing units, CNBC reports. The defendants allegedly shipped the chips to China without obtaining an export license from the US Commerce Department. One of the individuals is a lawful permanent resident in the US, while the other had overstayed her visa.
The Justice Department stated, "[F]rom October 2022 to July 2025, the defendants – through their El Monte-based company, ALX Solutions Inc. – knowingly and willfully exported from the United States to China sensitive technology, including graphic processing units (GPUs) – specialized computer parts used for modern computing – without first obtaining the required license or authorization from the U.S. Department of Commerce. According to the complaint, ALX Solutions Inc. was founded shortly after the Commerce Department began requiring licenses for the advanced microchips that Yang and Geng are alleged to have illegally exported."
US Senate confirms Sean Cairncross as National Cyber Director.
The US Senate has confirmed Sean Cairncross as the National Cyber Director with a vote of 59 to 35, SecurityWeek reports. Cairncross will serve as the chief advisor to President Trump on matters of cybersecurity policy and strategy. He previously served as CEO for the RNC during the 2016 elections and later as CEO for the Millennium Challenge Corporation. He also served as senior advisor to the White House chief of staff under the first Trump administration.
