August 2025 Cybersecurity Roundup

On Aug 28, TransUnion told regulators that a third-party customer-support app allowed unauthorized access to “limited” personal data with a Texas filing claiming that SSNs were among the data. The company states that the incident, which occurred on July 28, was contained within hours and did not impact its core credit database; however, it notified affected consumers and law enforcement. 

Key takeaway:

Credit bureaus remain high-value targets because a small foothold can expose sensitive identifiers on a massive scale. (The Record from Recorded Future)

How to protect your organization: 

• Review vendor security controls: Assess third-party risk before integration.
• Encrypt sensitive data at rest and in transit: Ensure strong cryptographic protections.
• Limit data retention: Reduce exposure by storing only what’s necessary.
• Monitor certificate expiration: Prevent attackers from exploiting expired digital certificates.

Why it matters: 

Data breaches on a large scale can result in regulatory fines, lawsuits, and a loss of customer confidence. Leaders can’t outsource accountability. Using SSL.com S/MIME Certificates to encrypt and sign communications shows regulators, partners, and customers that your organization takes data protection seriously.

A late-August cyberattack forced the state of Nevada to close its offices for two days, taking multiple agency websites and phone lines offline. Officials stated that emergency services remained operational, and there was no evidence of personal data theft, as systems were gradually restored. The governor’s office kept technical details discreet while the investigation unfolded, highlighting how a single hit can ripple across public services. (AP News, The Nevada Independent)

How to protect your organization: 

• Segment critical systems: Reduce the chance of one compromised system spreading across the network.
• Back up data frequently: Keep offline and immutable backups to quickly restore services.
• Train staff on phishing awareness: Ransomware campaigns often start with social engineering.
• Strengthen authentication: Enforce MFA to limit account takeover.

Why it matters: 

Government agencies must provide uninterrupted services while protecting sensitive data. Governments of various countries already trust SSL.com’s PKI and Digital Certificates to safeguard data related to healthcare, defense, education, and finance.

With hosted PKI and automated certificate lifecycle management, governments can deploy secure, cost-effective, and globally trusted digital infrastructure without building expensive, independent systems.

Google’s Threat Intelligence Group detailed a widespread data-theft campaign (UNC6395) that abused OAuth/refresh tokens from the Salesloft Drift integration starting around Aug 8–18. Stolen tokens allowed attackers to query the data of multiple organizations’ Salesforce instances for sensitive information (e.g., AWS keys, Snowflake tokens). Google later confirmed that a small number of Google Workspace accounts linked to Drift Email were accessed; integrations were disabled, and the tokens were revoked. 

Key takeaway:

Treat any Drift-connected tokens as compromised, rotate creds, and hunt logs for suspicious SOQL (Salesforce Object Query Language) pulls. (Google Cloud, Dark Reading, Cybersecurity Dive)

How to protect your organization: 

• Audit third-party app access: Revoke unused integrations and review permissions.
• Rotate credentials regularly: Immediately reset exposed keys and passwords.
• Enable strict IP restrictions: Limit Salesforce logins to trusted networks.
• Review event logs: Check for unusual queries or API activity.

Why it matters: 

Executives must recognize that third-party apps expand the attack surface. If vendors are compromised, your customer data and compliance obligations are still your responsibility.

Deploying SSL.com Client Authentication Certificates enforces identity-based access, reducing reliance on fragile app tokens and strengthening control over who can reach business-critical data.

Microsoft shipped fixes for 107 vulnerabilities, including 13 Critical, and one publicly disclosed Windows Kerberos elevation-of-privilege flaw (CVE-2025-53779). Several critical bugs affect graphics/GDI+, Office (including Preview-Pane vectors), NTLM, MSMQ, and more.

Key takeaway:

Prioritize internet-facing systems and identity infrastructure. Patch fast and monitor for privilege-escalation attempts in Active Directory environments. (CrowdStrike)

How to protect your organization: 

• Apply patches immediately: Prioritize Kerberos, NTLM, and Microsoft Graphics fixes.
• Upgrade unsupported systems: Plan ahead for Windows 10 end-of-life in October 2025.
• Review privileged accounts: Limit domain admin and service account permissions.
• Test recovery procedures: Ensure systems can be restored quickly in the event of a security breach or exploitation.

Why it matters: 

Attackers frequently exploit gaps between patch releases and deployment. To maintain trust, organizations must prove that their updates are authentic. 

SSL.com’s eSigner Cloud Code Signing Service allows teams to securely sign and timestamp software from anywhere, without the hassle of USB tokens or hardware. With FIPS-compliant key storage, Cloud Signature Consortium (CSC)-standard API integration, and CI/CD pipeline support, eSigner ensures your code updates are trusted, compliant, and ready for rapid distribution across various platforms.

Researchers spotted an evolved EDRKillShifter-style utility, linked to RansomHub, being reused by at least eight ransomware groups to disable endpoint defenses before encryption and data theft. Singapore’s CSA issued an advisory urging defenders to harden EDR tamper protection, watch for service-kill behavior, and validate fallback detections. 

Key takeaway:

Assume endpoint controls can be compromised and layer detections at the identity, network, and SaaS tiers. (bleepingcomputer.com, csa.gov.sg)

How to protect your organization: 

• Use only trusted, non-expired certificates: Prevent attackers from exploiting weak digital signatures.
• Enforce kernel driver signing policies: Block unsigned or suspicious drivers.
• Maintain endpoint monitoring: Detect abnormal behavior, even when AV is disabled.
• Implement zero-trust security: Continuously validate every connection.

Why it matters: 

This trend shows attackers are deliberately exploiting weak certificate practices. Executives should treat certificate lifecycle management as a board-level priority. SSL.com Hosted PKI Solution provides centralized oversight, automated renewals, and rapid revocation, critical controls when attackers weaponize digital certificates.