This Week in Cybersecurity: Looking Back at Week 34

Welcome to this week’s cybersecurity roundup, where we dive into the most pressing threats and vulnerabilities shaping the digital landscape.

From a Critical Zero Day in Plesk Obsidian Allowing Admin Access to Attackers Hijacking Google’s Gemini AI via Malicious Google Calendar Invites, and the emergence of the Warlock Ransomware with Double Extortion Strategy, it’s been a busy period for security professionals.

We’ll also examine how a Dutch Cyberattack Left Speed Cameras Inoperable and discuss why Weak Passwords and Compromised Accounts Remain Top Security Risks, according to the latest Blue Report.

Let’s unpack these crucial developments and understand what they mean for your digital safety.

Critical Zero Day in Plesk Obsidian Allows Admin Access via Loose Password Check

A critical authentication bypass vulnerability, noted as CVE-2025-54336, has been identified in Plesk Obsidian 18.0.70. The vulnerability is due to a weak comparison in the admin password check function (_isAdminPasswordValid) that uses == instead of a secure comparison method.

This flaw can be exploited in two significant ways:

• Authentication Bypass: If the admin password starts with 0e followed by only digits (e.g., 0e123456), any other string that evaluates to 0.0 will be accepted, granting unauthenticated access. This is a classic “type juggling” vulnerability that exploits how the system loosely interprets certain string values.
• Enhanced Brute Force Attacks: The bug also enables more efficient brute-force attacks, including timing and type confusion techniques, making it easier for attackers to guess valid credentials.

To address the risk, administrators are strongly urged to update Plesk Obsidian to versions 18.0.71 Update 2 or 18.0.70 Update 4, both of which include a fix for this vulnerability. For environments unable to patch immediately, a temporary mitigation involves changing the admin password to avoid “0e”-leading, all-digit strings.

Attackers Hijack Google’s Gemini AI via Malicious Google Calendar Invites

Security researchers from SafeBreach revealed a dangerous new attack vector involving Google’s AI assistant, Gemini, which can be hijacked through malicious Google Calendar invites. By embedding crafted prompts within the event title, attackers trick Gemini into treating instructions as legitimate context when users ask for their daily schedule.

The compromised AI can then execute a wide range of unauthorised actions such as manipulating calendar entries, exfiltrating emails, retrieving IP addresses through malicious URLs, initiating Zoom calls, or even controlling smart home devices via Google Home, without any user interaction.

These prompt injection attacks, dubbed “Promptware”, present both digital and physical risks, with 73% of identified scenarios rated as High–Critical in terms of confidentiality, integrity and availability.

Google has acknowledged the findings and deployed mitigations, including behavior based detection filters and additional user confirmation for sensitive actions.

Warlock Ransomware Emerges with Double Extortion Strategy

First identified in 2025, the Warlock ransomware gang employs a traditional double extortion model encrypting victim files while threatening to leak stolen data. Recent high-profile targets include a Portuguese water utility, a Croatian education agency and the Turkish IT and communications authority, BTHK.

On August 12, UK telecom provider Colt Technology Services was struck, with systems taken offline and customers advised to use alternative communication methods.

A representative of Warlock claimed on a dark web forum to be auctioning one million stolen Colt documents including financial records, emails and employee data for US$200,000.

Security analysts believe Warlock’s access stemmed from exploiting the CVE 2025 53770 SharePoint vulnerability, prompting immediate advice from Microsoft to apply relevant patches.

Dutch Cyberattack Leaves Speed Cameras Inoperable After Public Prosecution Service Network Shutdown

A cyberattack on the Netherlands’ Public Prosecution Service (Openbaar Ministerie, OM) forced the organisation offline on July 17th, disconnecting its systems from the internet due to suspected unauthorised access via Citrix vulnerability exploitation.

As a result, many fixed, average speed and portable speed cameras across the country stopped functioning, though those monitoring mobile phone use by drivers remained operational. The OM warned that systems cannot be restored while their network remains down and local authorities declined to disclose the cameras’ locations to prevent misuse by motorists.

Weak Passwords and Compromised Accounts Remain Top Security Risks

The Blue Report 2025 from Picus Security reveals a troubling increase in successful password cracking attacks. 46% of tested environments had at least one password hash cracked, nearly doubling last year’s rate. Even more alarming, 98% of attacks involving compromised valid accounts succeeded, underlining that stolen or weak credentials continue to be the most exploited entry point for adversaries.

The report, based on empirical data from over 160 million simulated attacks, attributes these failures to outdated password policies, weak hashing algorithms and inconsistent use of multi-factor authentication (MFA).

Organisations are strongly encouraged to enhance password complexity, implement MFA and adopt simulated testing and behavioral detection to close the gap on credential abuse.

Beyond the Headlines: A Call to Action

As these stories from the past week show, the threat landscape is more diverse and dynamic than ever. From exploiting loose password checks in Plesk and using AI assistants as attack vectors, to the continued prevalence of ransomware and the fundamental failure to secure credentials, a common thread emerges: a reliance on outdated security practices leaves systems exposed.

Staying ahead of these threats requires more than just reacting to the latest headlines. It demands a proactive and comprehensive approach to security. The call to action is clear: secure your defences today.

• Patch Immediately: Prioritise applying critical security updates for all software and systems , especially those with public-facing services.

• Enforce Strong Credential Security: Implement Multi-Factor Authentication (MFA) everywhere possible and strengthen password policies to combat the most common attack vector.

• Educate and Adapt: Stay informed about new attack methods, such as prompt injection, and train your staff to recognise and report suspicious activity.

• Prepare for the Worst: Have an up to date incident response and disaster recovery plan in place to minimise the impact of a successful breach.

By focusing on these fundamentals, you can build a more resilient defence against the threats of today and tomorrow.

Stay Ahead of the Threats

Cyber risks evolve daily. Don’t let critical updates slip through the cracks.

Subscribe to our weekly cybersecurity newsletter for expert analysis , major incident summaries and actionable advice delivered straight to your inbox.