Cybersecurity Update 26 July - 8 August 2025

United States of America

Google Project Zero Will Notify Public Regarding Product Vulnerabilities in 7 Days. On 29

July 2025, Google’s Project Zero changed how it reports vulnerabilities. Within approximately one week of reporting a vulnerability to a vendor, Project Zero will publicly share that a vulnerability was discovered. It will share: (1) The vendor or open-source project that received the report; (2) The affected product; and (3) The date the report was filed, and when the 90-day disclosure deadline expires. Previously, vendors were given 90 days to issue a patch after being notified of a vulnerability. If a patch was released in that window, Project Zero would publish the full technical details of the bug 30 days later. If no patch was released in time, the details would go public on day 90. Now, Project Zero will announce that it found a vulnerability—without technical details—within a week of reporting it to vendors. The aim is to alert downstream vendors and push them to more swiftly integrate upstream patches, to better ensure end-user protection. In short, it’s about making sure the fix is deployed in time to make a difference. (DataBreachToday, The Record, Project Zero, Project Zero Transparency)

Reinvigorating (Open Source) AI in the United States. On 4 August 2025, Silicon Valley

launched the American Truly Open Models (ATOM) project, noting that the U.S. has lost its lead in open models – both in performance and adoption – and is on pace to fall further behind. Only 5 of the top 15 AI models are open source — and all were developed by Chinese AI companies. The ATOM project intends to create a U.S.-based AI lab dedicated to creating software that developers can freely access and modify. Its blueprint calls for access to serious computing power, with upward of 10,000 of the cutting-edge GPU chips used to power corporate AI development. Regaining open source leadership is necessary to drive research into fundamental AI advances, to maximize U.S. AI market share, and to secure the U.S. AI stack. Nathan Lambert, a senior research scientist at the nonprofit Allen Institute for AI is launching the ATOM project in a personal capacity. (AI Index, ATOM project)

National Science Foundations Announces New AI Test Bed. On 16 July 2025, the U.S.

National Science Foundation announced a new funding opportunity that would invest up to $100 million to support a network of "programmable cloud laboratories (PCL),” aimed at expanding access to cutting-edge technology to accelerate the automation of scientific discovery and innovation. The test bed would establish artificial intelligence-enabled laboratories nationwide to integrate, test, evaluate and validate the capabilities of new cutting-edge AI-based technologies. The NSF PCL initiative will invest in a network of laboratories that can be remotely accessed to run custom, user-programmed AI-enabled workflows. These hubs will help bring innovative technologies into practical use during scientific and engineering experiments. The initial focus will be on biotechnology and materials science. Proposals are due in November 2025. (NSF Announcement, NSF Blog)

Carnegie Mellon Researchers Show LLM Can Autonomously Plan and Execute Cyberattacks. The team’s findings reveal that, with the right planning capabilities and agent frameworks, LLMs can move beyond simple commands and execute coordinated network intrusions. The research demonstrated that an LLM could replicate the 2017 Equifax data breach inside a controlled environment. The AI autonomously scanned for vulnerabilities, deployed exploits, installed malware, and exfiltrated data without human intervention. Anthropic’s Claude is proving its achieving near-expert levels of offensive cybersecurity work. In the Hack the Box competition, five of the eight AI teams — including Claude — completed 19 of the 20 challenges. Just 12% of human teams managed all 20. Anthropic's red team is concerned that the cybersecurity community hasn't fully grasped how far along AI agents have come in solving offensive security tasks. Those with mediocre and poor security have real exposure. (EdTech, HacktheBox)

Crypto ATMs Fueling Criminal Activity. On 4 August 2025, the U.S. Department of the

Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a Notice urging financial

institutions to be vigilant in identifying and reporting suspicious activity involving convertible virtual currency (CVC) kiosks (e.g., ATMs). While CVC kiosks can be a simple and convenient way for consumers to access CVC, they are also exploited by illicit actors, including scammers. The risk of illicit activity (e.g., money laundering) is exacerbated if CVC kiosk operators fail to meet their obligations under the Bank Secrecy Act (BSA) — to

comply with anti-money laundering rules. In 2024, the FBI’s IC3 received more than 10,956 complaints reporting the use of CVC kiosks, with reported victim losses of approximately $246.7 million — a 99% year over year increase. Bitcoin ATMs in the U.S. have increased from 4,250 at the start of 2020 to 30,647 as of 4 August 2025. Many operators of ATMs fail to register with FinCEN as money services businesses despite being legally required to do so under the Bank Secrecy Act. (FinCEN, FinCEN Notice, The Record, Coin Radar)

Microsoft Investigates Whether Its Commercial Warning System Alerted China of the

SharePoint Vulnerability. On 25 August 2025, it was reported that Microsoft was investigating whether its Microsoft Active Protections Program (MAPP) — and early alert system — allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched. MAPP is a 17-year-old program. Members are cybersecurity vendors that must sign a non-disclosure agreement, so they receive information about novel patches to vulnerabilities 24 hours before Microsoft releases them to the public. The most highly vetted users receive such notifications five days early. A 2021 Chinese law mandates that any company or security researcher who identifies a security vulnerability must report it within 48 hours to the government’s Ministry of Industry and Information Technology. Malicious actors don’t just wait for their zero-day to be discovered or for public proof-of-concept code to emerge—they maximize the window of opportunity by sharing access and techniques within their circles as soon as they suspect the exploit will be exposed. Patching is a race against malicious actors who move fast, share what works, and rarely give warning. The only viable response is to treat every high-profile vulnerability as actively under exploitation, prioritize your most exposed and business-critical assets, and

compress your patch cycle as much as operationally possible. The window of

exploitation is now under 4 hours. (Bloomberg, Team Cymru)

US National Reconnaissance Office (NRO) — Breached via Microsoft SharePoint. On 24

July 2025, it was reported that malicious actors compromised an NRO unclassified portal used by the CIA and other agencies to submit details of sensitive contracts. The malicious actors accessed data related to the CIA's Digital Hammer program, which focuses on surveillance and counterintelligence related to Chinese intelligence and information operations. (The Register, Washington Times)

Alianz Life Breach Impacts 1.4M Customers. On 16 July 2025, Minneapolis-based Allianz

Life, a subsidiary of Munich, Germany-based Allianz SE was breached by a malicious actor who gained access via a third-party, cloud-based system using social engineering. The malicious actors were able to obtain personally identifiable data related to the majority (perhaps 1.4 million) of Allianz Life's customers, financial professionals, and select Allianz Life employees. (CBS, Maine AG, Cybersecurity Dive)

New York Unveils New Rules for Water Sector Cyber Safety. On 10 June 2025, the New

York State Department of Environmental Conservation (NYSDEC) filed a Notice of Proposed

Rule Making with the New York Department of State to amend Parts 616, 650, and 750 of Title 6 of the Official Compilation of Codes, Rules, and Regulations of the State of New York (6 NYCRR). The proposed rule making would add cybersecurity regulations for wastewater

treatment facilities. It would amend 6 NYCRR 616.7 to allow persons submitting cybersecurity information to the Department to request that the information be excepted from disclosure under FOIL. It would amend 6 NYCRR 650.8 and 650.12 to require certified wastewater operators to obtain cybersecurity training. It would amend various provisions of 6 NYCRR Part 750 to mandate cybersecurity incident reporting for SPDES permittees and to require emergency response planning and cybersecurity controls for Publicly Owned Treatment Works. The comment period will close on 3 September 2025 at 5:00 p.m. (GovInfoSec, NY State Draft Notice)

International Items of Interest

China Summons Nvidia on Chip Security. On 31 July 2025, the Cyberspace Administration

of China (CAC) requested that Nvidia explain the “backdoor security risks” associated with its H20 chips sold in China and submit relevant documents. The CAC suspects the chip may include concealed functions that could compromise user security — tracking location and possibly remote-shutdown capabilities. Of note, the Trump Administration’s Chip Security Act, mandates that advanced chips for export have hardware safeguards like location verification and tamper detection. Huawei unveiled its new Ascend chip in April 2025. The Ascend 920 chip offers strong performance and ultra-fast memory speeds, making it a serious alternative for Chinese companies. (WSJ, TechRepublic, NYT, TechRepublic, Reuters, Bloomberg)

TSMC Employees Trying to Steel Critical Information on 2 Nanometer Proprietary Tech.

On 5 August 2025, Taiwan Semiconductor Manufacturing Co. (TSMC) stated that it has fired

several employees for violating rules on obtaining/steeling critical proprietary information on 2-nanometer chip development and production while working at the company. The world's top chipmaker said it took "strict disciplinary actions against the personnel involved and has initiated legal proceedings." Investigations are ongoing into where the information may have been leaked, the scope of the leak, and whether additional parties were involved. (NYT, Nikkei)

Weaponizing Open-Source Software. On 4 August 2025, Strider Technologies published a

report highlighting how Chinese, Russian and North Korean-affiliated hackers are covertly

working to insert backdoor hijacks and exploits into major publicly available software used by countless organizations. The malicious insertions into these open-source tools could allow hackers to pilfer troves of sensitive data from governments and private sector firms, according to Strider, which analyzed open-source code contributors who have direct affiliations with foreign adversaries. Open-source projects — which underpin software systems used everywhere — rely on contributions from community members to keep them updated with patches. The updates are often discussed on forums with volunteer software maintainers, who chat with one another about proposed changes. (NextGov, Strider Report)

Aeroflot Cancels Flights. On 28 July 2025, Aeroflot was forced to cancel more than 50 round-trip flights, disrupting travel across Russia, as two pro-Ukraine hacking groups — Silent Crew and Belarusian Cyberpartisans — claimed responsibility for the incident. The malicious actors stated that the incident is the result of a year-long operation in-which they had deeply penetrated Aeroflot's network, destroyed 7,000 servers, accessed flight history databases, compromised critical corporate systems, taken control of employees’ personal computers, and extracted data from surveillance and wiretapping servers. Aeroflot did not say how long the problems would take to resolve, but departure boards at Moscow's Sheremetyevo Airport turned red as flights were cancelled at a time when many Russians take their holidays. (Reuters, AP, Moscow Times)

Multiple Cyber Operations Against Russia. On 29 July 2025, pharmacies across Russia

suspended operations. The attacks hit Stolichki, which operates approximately one-thousand pharmacies across the country, and Neofarm, which runs more than a hundred pharmacies in Moscow and St. Petersburg. Details are scant, but Russia’s state internet monitor Roskomnadzor denied that the disruptions were distributed denial-of-service (DDoS) attacks. No group has claimed responsibility as yet. Separately, a ransomware attack disrupted operations at Novabev Group, a major Russian alcohol producer on 31 July 2025. The attack crippled parts of the Novabev Group’s infrastructure, affecting WineLab’s point-of-sale systems, online services, and at least 2,000 stores. . The company confirmed that the attackers had demanded a ransom but said it refused to negotiate. And on 31 July 2025, a large St. Petersburg Internet provider went down due to a DDoS attack. (The Record, AirNet, The Record)

Russia Targets Diplomatic Community in Moscow. On 31 July 2025, Microsoft Threat

Intelligence reported a cyber espionage campaign by an FSB backed actor — Secret Blizzard Turla — that has been targeting embassies located in Moscow using an adversary-in-the-middle (AiTM) position to deploy their custom ApolloShadow malware. The malicious actors have used its state-sanctioned access to Russian ISPs to meddle with internet traffic and trick victims working in foreign embassies operating in Moscow into installing the group's malicious software on their PCs. That spyware then disabled encryption on those targets' machines so that data they transmitted across the internet remained unencrypted, leaving their communications and credentials like usernames and passwords entirely vulnerable to surveillance by those same ISPs—and any state surveillance agency with which they cooperate. (Microsoft, Wired)

British Spies and SAS Named in Afghan Data Breach. On 17 July 2025, a high court judge

lifted a secrecy injunction regarding a data breach related to Afghanistan. On 15 July 2025, the UK discussed that a breach of at least 19,000 Afghans who had worked with the British during the 20-year war in Afghanistan and had applied to resettle in the UK had been inadvertently leaked. As part of that breach, the identities of more than 100 British officials, including personal data of members of the special forces and MI6, were compromised. (BBC)

UNC3886 Actors Know for Exploiting 0-Days Attacking Singapore’s Critical

Infrastructure. On 22 July 2025, it was reported that Singapore’s critical infrastructures are

under active attack by a state-linked malicious actor associated with Chinese cyber-espionage operations — UNC3886. The group that has been systematically targeting the nation’s energy, water, telecommunications, finance, and government sectors. The threat actor maintains at least eight distinct — custom-developed malware families and zero-day exploits — including MOPSLED, RIFLESPINE, REPTILE, TINYSHELL variants, VIRTUALSHINE, VIRTUALPIE, CASTLETAP, and LOOKOVER, each designed for specific operational objectives within compromised environments. The threat actor has demonstrated exceptional capability in exploiting previously unknown vulnerabilities across enterprise-grade infrastructure, particularly targeting Fortinet, VMware, and Juniper network devices. The group employs living-off-the-land techniques and involves deep integration into network infrastructure, establishing backdoor communications through seemingly legitimate platforms including Google Drive and GitHub repositories for command-and-control operations. Their access to sensitive operational technology systems that control critical infrastructure components is particularly alarming.

(CybersecurityNews, OT-ISAC)

Ontario City Facing Full $18.3M Bill after Insurer Denies Cyber Claim. On 27 July 2025,

Hamilton’s claim was denied because multi-factor authentication had not been fully implemented at the time of the ransomware incident. According to the city’s insurance policy, no coverage was available for any losses where the absence of multi-factor authentication was the root cause of the cyber breach. On 25 January 2024, the city of became the victim of a complex ransomware attack that encrypted systems and data, rendering them unusable and impacted services like business license processing, property tax, transit planning and finance and procurement systems for weeks. The malicious actors attempted, but failed to destroy the systems. The malicious actors demanded a ransom of roughly $18.5 million in exchange for a decryption tool to unscramble the city’s data. The city did not pay the ransom. Yet, the incident has spent $18.3 million on immediate response, system recovery and third-party expert support. There may be additional invoices still to be received for some items that will be included in future reports. (Global News)