Cybersecurity & Ethical Hacking News: Key Updates and Threats from 2nd to 9th August 2025

Cybersecurity and ethical hacking change rapidly, and keeping oneself up to date weekly is no longer a choice. Monitoring the latest threats, tools, and trends keeps professionals ahead of the curve and safeguarding critical systems.

This recap addresses the major developments from August 2nd to 9th, 2025 dissecting new vulnerabilities, significant attacks, and developments in hacking strategies.

If you’d like to keep your knowledge in tip-top shape and your defenses as strong as possible, this summary will provide the necessary updates for you.

Major Cybersecurity Incidents

1. Breach of U.S. Federal Judiciary

The electronic case filing systems – PACER and CM/ECF – used in federal courts have been breached. The hack may have exposed sealed indictments and the names of confidential informants. The attack appears rather sophisticated as well as potentially linked to state-sponsored actors.

2. Google Salesforce Database Breach

Hackers with the group ShinyHunters breached a Google Salesforce database for small and medium businesses. This breach could have been enabled with social engineering tactics.

3. Cisco vishing breach

A voice phishing (vishing) attack persuaded a Cisco employee to provide access to a third-party database. This gave an unauthorized user access to user profile data on Cisco.com. The number of impacted users is unknown.

4. Lovense app emails leak

A flaw in Lovense’s friend-request feature allowed the hacker to acquire the email addresses of Lovense users. This may affect up to 20 million users.  The full fix may take four months, but the company is acting on a partial fix.

New Vulnerabilities and Exploits Disclosed

NVIDIA Triton Inference Server – Remote Code Execution

Wiz researchers identified three vulnerablities (CVE‑2025‑23319, ‑23320, ‑23334) in the Python backend of NVIDIA’s Triton AI server, which in combination, allow unauthenticated attackers to fully own the server, potentially stealing AI models, leaking data, or altering responses. NVIDIA has already patched these vulnerablities, so if you are running Triton, please update it as soon as possible.

Trend Micro Apex One – Critical RCE

Two high severity vulnerabilites (CVE‑2025‑54948 and CVE‑2025‑54987) in the on-premises Apex One console allow unauthenticated remote code execution. Trend Micro confirmed that attempts to exploit them were seen in the wild. These obviously scored 9.4 on CVSS, so please apply the patches now.

Microsoft Exchange Hybrid – Privilege Escalation Risk

CVE‑2025‑53786 allows on-premise Administrators to escalate their privileges into cloud environments by use of service principals. Microsoft published a hotfix for this issue on April   18; CISA issued an emergency directive requiring users act on it by August   11. No exploits have been observed yet but it’s likely in the immediate future “exploitation more likely.

Dell Laptops with Broadcom (ControlVault) – Firmware Flaws

A group of vulnerabilities in Broadcom chips (ControlVault3), present in over 100 Dell business laptop models, nicknamed “ReVault”, allow attackers to quick bypass Windows login security, steal biometric data such as fingerprints, or install persistent malware with firmware. Patches for this vulnerability are available and users should patch (and for safety disable unattended fingerprint logins and rotate passwords).

Cursor LLM Coding Tool – Supply Chain RCE

Check Point Research published vulnerabilities found within a tool, Cursor (CVE‑2025‑54136), which makes use of LLM driven workflow automations. A vulnerability in Cursor’s model-context protocol allowed attackers to execute code remotely; which would represent a supply-chain risk if Cursor is part of your development pipeline.

Android & Pixel Updates – Plugging Exploited Holes

Google published its August security patch fixing a vulnerability in the Adreno GPU (exploited in the wild) and three Qualcomm vulnerabilities. For Pixel users there was a critical RCE vulnerability that patched a vulnerability (CVE‑2025‑48530) with “no touch” hack. Don’t wait to update your devices!

Security Patches and Updates Released

Between August 2 and August 9, important vendors published many important patches for serious vulnerabilities. Google’s Android update patched critical Qualcomm GPU vulnerabilities that were being actively exploited, effectively shutting down remote code execution as well as privilege escalation.

Apple patched a zero-day WebKit vulnerability in targeted attacks that permitted the remote execution of arbitrary code through malicious HTML. Trend Micro’s Apex One on-premises console received patches for exploits that permitted critical remote code execution abuses in the wild.

NVIDIA patched serious vulnerabilities in its Triton AI server to prevent further attacks where an attacker could remotely control the server. Microsoft patched privilege escalation vulnerabilities in Exchange Hybrid and remote code execution exploits in SharePoint to improve the security of the cloud and collaboration services.

With the recent evidence demonstrating vulnerabilities being exploited in the wild, patching as soon as possible is critical.

Ethical Hacking Highlights and Bug Bounty News

Ethical hackers disclosed numerous significant vulnerabilities this week. A researcher revealed a serious authentication bypass in a popular VPN service allowing unauthorized access to any networks. Another report outlined vulnerabilities in an IoT home security device that would have caused users to lose their privacy.

Bug bounty programs responded with increased compensation: one large program increased payments up to $50,000 for critical vulnerabilities in their terms, meaning they would not only pay greater bounties but also expected more robust investigations.

A large cloud services provider was so concerned with AI-related vulnerabilities and other vulnerabilities they dramatically expanded their bounty programs to include those types of vulnerabilities.

Overall, these activities signify the importance of ethical hackers and the changing encouragement to identify risks in digital assets.

Regulatory and Policy Updates

This week has seen important regulatory changes affecting cybersecurity compliance around the globe. The EU put into force stronger data protection obligations under the revised GDPR legislation, mandating more immediate disclosures of breaches, commensurate punishments for not providing timely disclosures, and broadening the definitions of privacy and protection over personal data.

In the U.S., new guidance for security tools powered by Artificial intelligence (AI) was released, focusing on the need to be transparent and allow audit trails, as well as being responsible for the technology. Industry groups made calls for improved security obligations in the supply chain, in light of recent high-profile breaches.

These actions create urgency for organizations to re-examine their compliance obligations, decrease/HASTEN incident response timelines, and strengthen controls for vendor risk management.

Expert Opinions and Analysis

Cybersecurity leaders concur that this week’s events highlight a need for more proactive defense. With the increase in advanced level attacks and critical vulnerabilities, we can no longer afford to be reactive and must instead utilize continuous monitoring and rapid patching.

Experts report that individual users also face increased levels of risk from sophisticated cyber threats, particularly on mobile and IoT devices, and added that users need to begin stronger personal security habits.

What it boils down to is that everyone from the CEO to the average user needs to think about cyber security as an ongoing priority rather than a bullet on a checklist.

Actionable Security Tips Based on This Week’s News

Take this advice from the cybersecurity news this week:

1. Act First on Patching: You will want to prioritize patching your Android devices, NVIDIA Triton servers, Trend Micro consoles, and Microsoft Exchange and SharePoint systems. These patches mitigate actively exploited vulnerabilities.

2. Improve Access Controls: Look over your VPN and IoT device access controls. After vulnerabilities of these security technologies were reported to have been bypassed, ensure that unauthorized access is prevented.

3. Constructive Security Monitoring: You need to have constant network and endpoint monitoring in place to identify potential early signs of unusual activities, with primary differentiation of machine-based behavioral patterns in AI Modern Attacks.

4. Knowledgable Threat Intel: Stay on top of vendor advisories and even bug bounties if they apply to your environment. Familiarizing your environment with emerging threats will allow you to quickly respond and mitigate them before they affect you.

5. Staff Training and Awareness: Train employees and users on phishing, social engineering, and generally on device security best practices.

Conclusion

In conclusion, the week of August 2-9, 2025, was a week where major platforms covered important vulnerabilities, hackers attacked the governments and tech sectors, and there were fresh insights from ethical hackers.

In order to stay ahead of the curve, always keep updates to a priority, and always enhance on features you want to improve. If you’re serious about building these skills, a Cyber security and ethical hacking course in India will provide real-world exercise that can arm you for real control environment versus presumed conflict situations.

You’re only part way through. Upcoming industry conferences and developing government policies will be the indicators shaping the top-down future of the cybersecurity industry in the next few weeks.

 
Cyber Security Course in Mumbai | Cyber Security Course in Bengaluru | Cyber Security Course in Hyderabad | Cyber Security Course in Delhi | Cyber Security Course in Pune | Cyber Security Course in Kolkata | Cyber Security Course in Thane | Cyber Security Course in Chennai