Attack on the Canadian House of Commons

Threat actor exploited a recently discovered Microsoft vulnerability to access the network of the Canadian Parliament and compromise employee data. Authorities are investigating; an official statement is still pending.

https://cybersecuritynews.com/canadas-house-of-commons-cyberattack

Critical vulnerabilities in N-able N-Central actively exploited

CISA has added two exploits (CVE-2025-8875 & CVE-2025-8876) in the popular RMM platform N-able N-Central to the Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities allow for, among other things, Remote Code Execution and Command Injection. Immediate security update to version 2025.3.1 is strongly recommended.

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

WinRAR Zero-Day actively in use (CVE-2025-8088)

A critical directory traversal vulnerability in WinRAR is being actively exploited by the Russian-linked RomCom group. Backdoors such as SnipBot, RustyClaw, and Mythic Agent are entering systems through manipulated RAR archives. Users must manually update to version 7.13.

https://www.techradar.com/pro/security/winrar-has-a-serious-security-flaw-worrying-zero-day-issue-lets-hackers-plant-malware-so-patch-right-away

Microsoft Patch Tuesday: 111 vulnerabilities closed

Patch Tuesday August 2025 addresses a total of 111 vulnerabilities, including a zero-day in Windows Kerberos (CVE-2025-53779) and other critical bugs, such as in Azure OpenAI and graphics components. Immediate patching is strongly recommended.

https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html

Increase in Credential Theft by 160% in 2025

According to Check Point, stolen credentials have increased by 160% compared to the previous year. The issue affects platforms such as Discord, Microsoft, Facebook, and GitHub. Recommendation: MFA, strong password policies, monitoring & awareness programs.

https://www.itpro.com/security/cyber-attacks/credential-theft-has-surged-160-percent-in-2025

Safe is the one who is prepared

The events of this week make it clear: vulnerabilities in everyday software like WinRAR, in remote management solutions like N-able, or in central components like Microsoft Kerberos are not only published but are often actively exploited within a very short time. Even authorities like the Canadian Parliament are in the sights of targeted attacks due to unpatched systems.

With penetration tests, risk analyses, and awareness measures (e.g., phishing and ransomware simulations, training), we support companies in identifying vulnerabilities early and sustainably strengthening their security structure.

Do you have specific questions? Book your free initial consultation now. You can find the link in the first comment.