Microsoft August 2025 Patch Tuesday
Key items to prioritise “Public exploit / likely targeting” watch-outs Practical guidance (triage order)
Coinbase Insider-Enabled Data Exposure and Extortion Attempt
1. Executive Summary In mid-May 2025, Coinbase disclosed a data security incident in which cyber criminals bribed and recruited overseas customer-support personnel (contractors/employees) to improperly access and exfiltrate customer information…
Co-op UK Member Data Theft (6.5m Records) — Third-Party & Retail-Sector Intrusion
1. Executive Summary In spring 2025, Co-op Group suffered a significant cyber incident that ultimately resulted in the copying (exfiltration) of Co-op member personal data. Co-op later confirmed that the…
Free (France) Cyber Attack: Customer Data Breach Impacts Millions
1. Executive Summary France-based telecoms provider Free (and sister company Free Mobile, both under Groupe Iliad) confirmed a cyberattack that resulted in unauthorised access to customer personal data. According to…
Microsoft May 2025 Patch Tuesday — 72 CVEs, Five Exploited Zero-Days, and Critical RCE Exposure
1. Executive Summary Microsoft’s May 2025 Patch Tuesday shipped fixes for ~72 vulnerabilities across Windows and multiple Microsoft product families, with reporting variance depending on whether certain platforms (e.g., Edge/Azure…
Critical SAP NetWeaver Visual Composer Vulnerability (CVE-2025-31324) — Unauthenticated File Upload to RCE
1. Executive Summary CVE-2025-31324 is a critical vulnerability in SAP NetWeaver Visual Composer’s Metadata Uploader that enables unauthenticated arbitrary file upload, which can be leveraged for remote code execution (RCE)…
Microsoft April 2025 Patch Tuesday: Actively Exploited CLFS Zero-Day (CVE-2025-29824) and 11 Critical RCE Flaws Across 121 CVEs
Microsoft’s April 2025 Patch Tuesday release addressed 121 CVEs, including one actively exploited zero-day and 11 critical vulnerabilities—all assessed as remote code execution (RCE) issues by multiple exposure-management and security…
CrushFTP Actively Exploited Critical Authentication Bypass (CVE-2025-31161; former CVE-2025-2825)
1. Executive Summary Attackers are actively targeting a critical authentication bypass in CrushFTP managed file transfer (MFT) software, tracked as CVE-2025-31161. According to Huntress’ incident analysis, in-the-wild exploitation was observed…
Lazarus Group’s $1.5 Billion Bybit Cryptocurrency Theft (TraderTraitor)
1. Executive Summary On 21 February 2025, cryptocurrency exchange Bybit suffered a theft of approximately $1.5 billion in virtual assets—an incident the US Federal Bureau of Investigation (FBI) publicly attributed…
GitHub Actions supply chain attack: tj-actions/changed-files and reviewdog/action-setup
Secrets leaked via compromised CI componentsGitHub Actions, CI/CD, Supply chain compromise, Secrets exposure, DevSecOps, CVE-2025-30066, CVE-2025-30154, tj-actions, reviewdog, Software supply chain security 1. Executive Summary A supply chain compromise impacted…