Attack on the Canadian House of Commons

Threat Actor exploited a recently discovered Microsoft vulnerability to access the network of the Canadian Parliament and compromise employee data. Authorities are investigating, and an official statement is pending.

https://cybersecuritynews.com/canadas-house-of-commons-cyberattack

Critical Vulnerabilities Actively Exploited in N-able N-Central

CISA has included two exploits (CVE-2025-8875 & CVE-2025-8876) in the popular RMM platform N-able N-Central in the Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities allow for, among other things, Remote Code Execution and Command Injection. Immediate update to version 2025.3.1 is strongly recommended.

https://www.cisa.gov/known-exploited-vulnerabilities-catalog

WinRAR Zero-Day Actively in Use (CVE-2025-8088)

A critical directory traversal vulnerability in WinRAR is actively exploited by the Russia-linked RomCom group. Through manipulated RAR archives, backdoors such as SnipBot, RustyClaw, and Mythic Agent are infiltrating the system. Users must manually update to version 7.13.

https://www.techradar.com/pro/security/winrar-has-a-serious-security-flaw-worrying-zero-day-issue-lets-hackers-plant-malware-so-patch-right-away

Microsoft Patch Tuesday: 111 Vulnerabilities Closed

Patch Tuesday August 2025 closes a total of 111 vulnerabilities, including a zero-day in Windows Kerberos (CVE-2025-53779) and other critical bugs, such as in Azure OpenAI and graphic components. Immediate patching is strongly recommended.

https://thehackernews.com/2025/08/microsoft-august-2025-patch-tuesday.html

Increase in Credential Theft by 160% in 2025

According to Check Point, stolen credentials have increased by 160% compared to the previous year. The problem affects platforms such as Discord, Microsoft, Facebook, and GitHub. Recommendation: MFA, strong password policies, monitoring & awareness programs.

https://www.itpro.com/security/cyber-attacks/credential-theft-has-surged-160-percent-in-2025

Safe is who is prepared

The events of this week make it clear: vulnerabilities in everyday software like WinRAR, in remote management solutions like N-able, or in central components like Microsoft Kerberos are not only published but are often actively exploited within a short period. Even authorities like the Canadian Parliament are targeted for attacks due to unpatched systems.

With penetration testing, risk analyses, and awareness measures (e.g. phishing and ransomware simulations, training), we support companies in early detection of vulnerabilities and in strengthening their security structure sustainably.

Do you have specific questions? Book your free initial consultation now. You can find the link in the first comment.