CyberNews: 18/08/2025 Edition

Published by Dunateo on 2025-08-18

Today’s roundup

Summary

Recent cybersecurity events underscored the continuing threat of supply‑chain, web‑server, and enterprise software vulnerabilities. A malicious package called termncolor (PyPI) used a dependent colorinal module to persist and execute code, exposing developers worldwide. An undisclosed Internet‑wide vulnerability has placed a large portion of web services at risk of massive DDoS attacks, leveraging a flaw that existed since 2023. In East Asia, a new Chinese APT group compromised a Taiwanese web hosting provider, enabling a broad range of malicious activities. The UK telco Colt suffered a ransomware‑driven incident, with the Warlock gang claiming credit and users experiencing prolonged outages since August 14. Human Resources software company Workday disclosed that attackers accessed its third‑party CRM system through a social‑engineering campaign, potentially exposing customer contact details; the breach may be linked to the ShinyHunters campaign. The U.S. Department of Justice seized over $2.8 million in cryptocurrency from a former Zeppelin ransomware operator, illustrating law‑enforcement success against this threat actor. Finally, Xerox patched CVE‑2025‑8355 (XXE) and CVE‑2025‑8356 (path traversal) in its FreeFlow Core platform, fixing unauthenticated remote code execution vulnerabilities that could let attackers deploy web shells. Each incident highlights the importance of patch management, supply‑chain validation, and robust incident response.