Cybersecurity Weekly Round-Up: 11–21 August 2025

In this edition, we highlight critical vulnerabilities, emerging threats, AI‑related developments, and industry moves that are especially relevant for defense, financial services, healthcare, and education sectors across South Africa and Europe.

1. Microsoft’s August Patch Tuesday: Massive Fixes and a Zero-Day Resolved

On 12 August, Microsoft released its Patch Tuesday updates, addressing over 111 vulnerabilities, including 16 critical flaws and a publicly disclosed zero-day in Windows Kerberos—dubbed “BadSuccessor” (CVE‑2025‑53779). Notably, an Exchange Server hybrid privilege escalation bug (CVE‑2025‑53786) was also patched (The Hacker News). Administrators should prioritize deployment to avoid domain compromise scenarios (Senthorus Blog).

2. Emergency Windows Update to Fix Reset/Recovery Fault

On 19 August, Microsoft issued an out‑of‑band patch to rectify a critical Windows reset and recovery failure triggered by the August updates (Cyber Security News). A timely reminder—watch for system anomalies post‑patch and apply these emergency fixes urgently.

3. Google Orders Swift Chrome Update Over High-Severity Flaw

Google issued an “emergency alert” urging all Chrome users to update immediately after discovering a high‑severity memory‑corruption bug. Detected using AI‑driven tools (Big Sleep), the vulnerability could crash browsers and overwrite critical memory. Chrome updates began rolling out from 19 August (The Sun). Given the scale of phishing campaigns that exploit such flaws, patching without delay is critical.

4. Fortinet SSL VPNs Under Attack and Possibly a Zero-Day

Researchers observed a surge of brute‑force attempts targeting Fortinet SSL VPNs and FortiManager systems—potentially signaling a zero-day exploit in the making. While there’s no confirmed exploit yet, the scanning patterns suggest high risk (TechRadar). Organizations using Fortinet products should heighten monitoring and enforce robust access controls now.

5. AI-Powered Hacking and Defense Arms Race

An emerging trend: AI is now a significant force multiplier in cybersecurity—for attackers and defenders. Cybercriminals are using large language models for phishing, social engineering, and malware coding, while security firms like Google and CrowdStrike deploy AI in vulnerability research and response (Tom's Hardware). Yet, experts caution that AI isn't a silver bullet—false positives and noise remain obstacles (Tom's Hardware).

6. Intel “Intel Outside” Breach Exposes Employee Data

A researcher discovered a major internal breach at Intel, dubbed “Intel Outside,” where a business-card site for Indian operations revealed sensitive data for 270,000 employees. Exploited via API token misuse and weak login protection, the breach was reported to Intel in late 2024 and patched only by February 2025—outside any bug-bounty scope (Tom's Hardware). This underscores shortcomings in internal infrastructure security and incentivizes renewed focus on internal attack surfaces.

7. Microsoft Restricts Chinese Access to Early Warning System

Microsoft has restricted some Chinese firms from accessing early vulnerability data via its Active Protections Program (MAPP), following concerns that sensitive vulnerability disclosures might have been leaked ahead of patching. While investigations continue, the move signifies tightening trust and access protocols in cybersecurity ecosystems (Reuters).

Key Takeaways & Recommendations for Your Organization

What to Watch Next

• Fortinet systems: Will a confirmed zero‑day emerge soon? Keep an eye on CVE disclosures.

• AI misuse: Expect more sophisticated AI‑driven phishing or deepfake attacks; proactive defenses are essential.

• Intel‑style breaches: Are internal platforms in your organization similarly exposed? Time for audits.

• Trust dynamics: Watch for further restrictions or policy changes in global early-warning intelligence sharing.