The Cyber Ledger Issue #1

---

Latest News & Breaches

U.S. Federal Court Filing System Breached

The U.S. federal judiciary's electronic case filing system (CM/ECF) was breached, potentially exposing sealed court records and confidential informant identities across multiple states. This breach highlights vulnerabilities in long-standing, outdated judicial IT infrastructure.

The US Court Records System Has Been HackedWIRED

Cyber Conflict Escalates

Following a brief military clash in June 2025, Israel ad Iran have engaged in ongoing cyber warfare. Israeli cyber-espionage provided intel on Iranian military leaders, enabling targeted operations. Iranian-backed groups retaliated by attacking Israeli companies with malware campaigns.

https://www.ft.com/content/37f21221-a2c3-47c5-b337-7cd168becaf4www.ft.com

Google Confirms Data Breach

Google has officially acknowledged a significant data breach affecting its corporate Salesforce database. The breach, attributed to the ShinyHunters group, occurred in June 2025 and involved the theft of contact information for small and medium businesses. Google has completed notifications to affected users and is investigating the incident.

8th August 2025 Cyber Update: Google Salesforce BreachCyber News Centre

Marks & Spencer Restores Services after Cyberattack

Marks & Spencer has reinstated its popular click and collect service, nearly four months after a major cyberattack in April 2025 crippled operations. The ransomware attack, carried out by the group DragonForce, result in an estimated damage of £300 million. The company is actively enhancing its cybersecurity defenses to mitigate future risks.

M&S brings back key service for thousands of customers after cyber attackThe Scottish Sun

CVEs & Zero-Day Vulnerabilities

Trend Micro Apex One Zero-Day (CVE-2025-54948)

Critical command injection flaw in Apex One Management Console enables remote code execution. A patch is expected in mid-August. Immediate mitigation advised for on-prem users.

Trend Micro tells users to patch immediately to protect from Apex One zero-dayTechRadar

Android Qualcomm Vulnerabilities (CVE-2025-21479 & CVE-2025-27038)

Google's August security update fixes two high-severity flaws in Qualcomm's graphics framework and Adreno GPU drivers, preventing potential memory corruption and Command Execution.

Google just fixed two high-severity Qualcomm bugs used by hackers in their attacks — update your Android phone right nowTom's Guide

Adobe Experience Manger Zero-Days (CVE-2025-54253 & CVE-2025-54254)

Two critical zero-days in Adobe Experience Manager forms allow remote code execution due to misconfiguration. Users must apply the latest security patches immediately.

Critical Zero-Day Vulnerabilities in Adobe Experience ManagerCyber Security Agency of Singapore

Active Directory Exploitation Tactics

BadSuccessor: Exploiting dMSA in Windows Server 2025

A new privilege escalation vulnerability, dubbed "BadSuccessor", has been discovered in Windows Server 2025's delegated Managed Service Account (dMSA) feature. This flaw allows attackers to compromise any user in Active Directory and is trivial to implement with the default configuration. Currently, there is no fix available, highlighting the need for immediate attention from system administrators.

BadSuccessor: The New Active Directory Exploit That 91% of Organizations Are Vulnerable To - Optrics IncOptrics Inc

Emerging Attack Tactics

AI Powered Phishing Campaigns

Threat actors use generative AI tools like DeepSite AI and BlackBox AI to craft highly realistic phishing sites mimicking Brazilian government agencies, aiming to steal credentials and financial data.

AI-Driven Malware and Ransomware

Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) groups are integrating AI to enhance attack sophistication and scalability, posing growing challenges for defenders.

Thanks for reading the latest issue! Stay sharp, stay curious — this is just the beginning. Hit reply with your feedback or topics you want covered next.