Week 33 of 2025 brought a series of high impact cybersecurity incidents and critical vulnerability disclosures, underscoring the ongoing pressure on organisations to maintain robust defences.

Major vendors, including Zoom, Xerox and Microsoft, released urgent security updates addressing severe flaws, while Fortinet warned of a global brute force campaign targeting its SSL VPNs.

On the threat actor front, ShinyHunters claimed responsibility for a significant breach of Salesforce CRM data at Google and Dutch authorities confirmed a cyberattack compromising the records of nearly half a million cancer patients.

Law enforcement cooperation between Gardaí and the FBI disrupted the Blacksuit ransomware group, even as the MedusaLocker gang brazenly sought to recruit penetration testers to enhance its operations.

Google Confirms Salesforce CRM Breach by ShinyHunters

Google has confirmed that one of its corporate Salesforce Customer Relationship Management (CRM) instances was compromised in June by the cybercriminal group ShinyHunters (also know as UNC6040).

The attackers, known for leveraging voice phishing (vishing) to trick employees into authorising malicious connected apps (like fake versions of Salesforce Data Loader), briefly accessed and exfiltrated basic business contact information including company names, phone numbers and notes related to prospective Google Ads customers.

Although Google hasn’t disclosed the exact number of individuals affected, the company has initiated full mitigation efforts, notified impacted parties and stated that sensitive data and core systems, including Google Cloud and Ads, remain unaffected.

Security Intelligence teams warn that ShinyHunters may soon escalate with public data leaks or extortion via a data leak site.

Gardai and FBI Join Forces to Disrupt Blacksuit Ransomware Group

An international law enforcement operation has successfully disrupted the online infrastructure of the Blacksuit ransomware group, with the Garda National Cyber Crime Bureau working alongside the FBI, U.S. Secret Service, Homeland Security, Europol and others.

The coordinated takedown targeted the gang’s “dark web” leak site and its private victim negotiation portal.

The Blacksuit group, previously known as the Royal Ransomware Group, linked to Conti, has been implicated in numerous ransomware attacks globally.

Assistant Commissioner Angela Willis emphasised that this action forms part of Gardaí’s ongoing commitment to dismantle cybercrime infrastructures.

Hackers Breach Dutch Cancer Lab Compromising Data of 485,000 Patients

A cyberattack has targeted Clinical Diagnostics NMDL, a Dutch laboratory handling cervical cancer screening, resulting in the theft of sensitive data belonging to approximately 485,000 individuals. The compromised data included names, addresses, dates of birth, social security numbers, test outcomes and healthcare provider details.

The breach, which occurred between July 3rd and 6th, wasn’t disclosed until August 6th, prompting the lab to suspend operations while an independent investigation unfolds.

In response, the national screening program has shifted future testing to alternative facilities. Authorities are urging affected individuals to remain vigilant against fraud attempts.

MedusaLocker Ransomware Group Openly Recruits Skilled Pentesters

Security researchers have uncovered a startling development that the MedusaLocker ransomware gang is openly seeking experienced penetration testers on its dark web leak site, specifically targeting those with direct access to corporate networks.

This move reflects a troubling shift toward greater professionalism in ransomware operations, as these groups mirror legitimate businesses with specialised teams, talent scouts and structured workflows.

MedusaLocker’s demands include expertise in attacking ESXi, Windows and ARM based systems, and a preference for individuals already inside target networks.

This alarming trend demonstrates how cybercriminals are elevating their strategies by recruiting cybersecurity professionals to help optimise intrusion and exploitation capabilities.

111 Flaws Patched in Microsoft August 2025 Patch Tuesday

In its August 2025 Patch Tuesday release, Microsoft issued fixes for 111 security vulnerabilities across its product portfolio including one publicly disclosed zero day.

The zero day, found in the Windows Kerberos protocol (CVE 2025 5377), allows remote attackers to elevate privileges via a path traversal flaw in a domain authentication setting.

The patch includes 16 critical, 92 important,s, with 44 related to privilege escalation, 35 to remote code execution, and additional issues spanning spoofing, information disclosure and denial-of-service.

Notably, this patch includes the previously disclosed hybrid Exchange Server privilege escalation flaw, CVE-2025-53786 highlighting ongoing risks in cloud integrated environments.

Global Brute-Force Campaign Targets Fortinet SSL VPNs

Cybersecurity firm GreyNoise has detected a coordinated brute force assault involving over 780 malicious IP addresses from the U.S., Canada, Russia and the Netherlands, targeting Fortinet SSL VPN devices on August 3rd, 2025.

Initially, the activity focused on FortiOS profiles via a consistent TCP signature. By August 5th, attackers pivoted to targeting the FortiManager service using a distinct TCP/client signature, indicating an intentional shift in methodology.

Notably, historical data showed similar signatures tied to a FortiGate device in a residential ISP block in June, suggesting possible testing or use of residential proxies.

GreyNoise highlights that such spikes in brute force traffic often precede new vulnerability disclosures, around 80% of the time, making this campaign a potential indicator of imminent Fortinet exploits.

Zoom and Xerox Patch Critical Flaws

Zoom and Xerox have both released urgent security updates to address critical vulnerabilities affecting widely used enterprise platforms. Zoom patched CVE 2025 49457 (CVSS 9.6), a Windows client issue involving an untrusted search path that could allow unauthenticated users to escalate privileges over a network connection.

Affected versions including Zoom Workplace, VDI, rooms, controller and meeting SDK for Windows, must be updated to version 6.3.10 or later to mitigate risk.

Meanwhile, Xerox’s FreeFlow Core print orchestration platform addressed two severe flaws noted as:

• CVE 2025 8356 (CVSS 9.8) a path traversal vulnerability enabling remote code execution
• CVE 2025 8355 (CVSS 7.5) an XXE injection leading to potential SSRF attacks.

Both are patched in version 8.0.4 (or 8.0.5).

Stay Ahead of the Threats

Cyber risks evolve daily. Don’t let critical updates slip through the cracks. Subscribe to our weekly cybersecurity newsletter for expert analysis , major incident summaries, and actionable advice delivered straight to your inbox.