Microsoft patches 107 vulnerabilities, including Windows Kerberos zero day
Microsoft August 2025 Patch Tuesday addressed 107 vulnerabilities, including a publicly disclosed zero-day in Windows Kerberos.
The release fixes thirteen “Critical” issues — nine remote code execution, three information disclosure, and one elevation of privilege — along with additional flaws across five vulnerability categories. These include 4 elevation of privilege, 35 remote code execution, 18 information disclosure, 4 denial of service and 9 spoofing vulnerabilities.
The zero day, tracked as CVE-2025-53779, is a Windows Kerberos elevation of privilege flaw that could allow an authenticated attacker to gain domain administrator rights. Microsoft notes the issue involves relative path traversal in Kerberos and requires elevated access to specific dMSA attributes to exploit.
PEAR ransomware gang leaks 1.26TB of Alt Vision data
The PEAR ransomware gang claims to have stolen 1.26 terabytes of sensitive data from West Perth-based IT services firm Alt Vision, with a revenue of $5.5 million.
The stolen information reportedly includes financial records, personal data, client and partner details, emails with attachments, and company databases, with samples published online appearing legitimate and dated as recently as May 2025. PEAR says Alt Vision refused to engage in negotiations, prompting the group to leak the data publicly on August 5.
A newcomer to the ransomware scene, PEAR describes its model as “pure extraction and ransom,” avoiding encryption to prevent operational disruption and setting ransom demands based on victim profiling. In one case, the group requested four bitcoin (around $180,000) for data deletion and name removal from its leak site. Alt Vision, which serves government, mining and financial sectors, has not commented on the incident.
Acronis TRU report shows rise in phishing and collaboration-app exploits
The Acronis Threat Research Unit (TRU) has released its biannual Cyberthreats Report, analyzing global threats on over 1,000,000 Windows endpoints from January to June 2025, including malware, ransomware, web and email threats and vulnerabilities. All data was anonymized, normalized by country and month, and presented as the percentage of affected clients, highlighting trends across the most targeted regions.
India recorded the highest malware detection rate in May, affecting 12.4% of clients, followed by Brazil (11%) and Spain (10.2%). Social engineering and BEC attacks rose from 20% to 25.6%, fueled by AI-driven impersonation tactics, while over 200,000 malicious attachments were discovered in Microsoft 365 mailboxes, including migrated legacy emails. Among MSP tools, TeamViewer had the most vulnerabilities requiring patching, impacting 4.56% of global clients, and the manufacturing sector remained the top ransomware target, representing 15% of attacks in Q1 2025.
From January to May 2025, 67 cyberattacks targeted telecom/ISP providers and MSPs, with incidents against MSPs dropping from 76 to 47 compared to 2024; phishing dominated as the initial access vector (52%), RDP exploits fell to 3%, and trusted relationship attacks dropped to 2%, reflecting stronger MFA, endpoint hardening, and zero trust practices. Credential abuse persisted at 13% and unpatched vulnerabilities rose to 27%, highlighting attackers’ increasing focus on human behavior and known software flaws, especially in tools central to MSP operations, to gain privileged infrastructure-level access.
RomCom hackers exploit WinRAR zero day to spread malware
Researchers have revealed that the Russian hacking group RomCom exploited a zero-day WinRAR path traversal flaw, CVE-2025-8088, to deploy various malware payloads.
The discovery has been reported to WinRAR, which released a patch (version 7.13) on July 30, though without disclosing active attacks in its advisory. The vulnerability, enabled through alternate data streams, allowed attackers to extract malicious DLLs, EXEs and LNK files into system folders, including the Windows Startup directory, ensuring execution on reboot. Researchers uncovered three attack chains delivering RomCom malware families: Mythic Agent, SnipBot and MeltingClaw, each using different persistence and payload delivery methods. Some malicious archives contained decoy alternate data stream entries to generate harmless warnings and conceal the real payload paths.
A similar flaw, CVE-2025-6218, had been disclosed only a month earlier, and RomCom appears to have leveraged both in recent campaigns. Since WinRAR lacks auto-update functionality, users must manually install the patched version to protect against ongoing exploitation.
M&S resumes click-and-collect after 15-week ransomware disruption
Marks & Spencer (M&S), with a revenue of $16.46 billion, has restored its click-and-collect service for clothing nearly 15 weeks after suspending it due to a major cyberattack and data theft.
The attack, disclosed on April 22, led to the shutdown of online clothing and home orders from April 25, with home delivery resuming on June 10 but click and collect remaining unavailable until now. The cyberattack is expected to cost M&S around £300 million ($404 million) in lost operating profit for 2025/26, although insurance and cost controls may halve the impact. During the outage, rivals such as Next in clothing and Sainsbury’s in food gained market share. Shares rose 2% on the news, reducing the retailer’s year-to-date losses to 10%, with analysts viewing the service’s return as a key sign of recovery.
M&S attributed the ransomware attack to the DragonForce group, and U.K. police have arrested four suspects in connection with this and other high-profile breaches. The company’s leadership maintains the incident will not affect its long-term growth prospects, with CEO Stuart Machin predicting the worst of the disruption would be over by August.
