Infosec bits for 2025 week 32

Maajied Moos | Aug. 11, 2025, 7:45 a.m.

Cybersecurity News:

SIEMs: Dying a Slow Death or Poised for AI Rebirth? [Rob Wright, Dark Reading]

The Wild West of Shadow IT [The Hacker News, The Hacker News]

New Tooling:

Open-source password recovery utility Hashcat 7.0.0 released [Anamarija Pogorelec, HelpNet Security]

Cyberattacks:

Fashion giant Chanel hit in wave of Salesforce data theft attacks [Lawrence Abrams, Bleeping Computer]

Google suffers data breach in ongoing Salesforce data theft attacks [Lawrence Abrams, Bleeping Computer]

Vulnerabilities & Patches:

New 'Shade BIOS' Technique Beats Every Kind of Security [Nate Nelson, Dark Reading]

Google addresses six vulnerabilities in August’s Android security update [Matt Kapko, CyberScoop]

Adobe issues emergency fixes for AEM Forms zero-days after PoCs released [Lawrence Abrams, Bleeping Computer]

Trend Micro warns of Apex One zero-day exploited in attacks [Sergiu Gatlan, Bleeping Computer]

CISA Releases Malware Analysis Report Associated with Microsoft SharePoint Vulnerabilities [CISA, CISA]

Critical Zero-Day Bugs Crack Open CyberArk, HashiCorp Password Vaults [Nate Nelson, Dark Reading]

Google Gemini AI Bot Hijacks Smart Homes, Turns Off the Lights [Kristina Beek, Dark Reading]

Malware:

Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage [Alexander Martin, The Record]

New 'Plague' PAM Backdoor Exposes Critical Linux Systems to Silent Credential Theft [Ravie Lakshmanan, The Hacker News]

Tracking Updates to Raspberry Robin [ThreatLabz, Zscaler]

Hackers Abuse Microsoft 365 Direct Send to Deliver Internal Phishing Emails [Deeba Ahmed, Hack Read]

Unexpected snail mail packages are being sent with scammy QR codes, warns FBI [Pieter Arntz, MalwareBytes]