Cybersecurity Breaches, AI Advances, and Critical Software Flaws – August 11, 2025 Tech Roundup

```html Top Tech Headlines – August 11, 2025 | Bootable USBs

Top Tech Headlines – August 11, 2025

We’re kicking off this week with a wild mix of breaches, breakthroughs, and bold moves in security and AI. From North Korean hackers getting hacked to new critical flaws in everyday tools, here’s what you need to know to stay one step ahead.

North Korean Hacker Group Kimsuky Hit by Counter-Hack

In a rare turn of events, the notorious state-backed hacking operation “Kimsuky” was breached by rogue hackers who oppose the group’s activities. The attackers publicly leaked Kimsuky’s internal data, potentially revealing insights into the group's operations and methodologies. This could be a small win for cybersecurity defenders keeping an eye on global threat actors.

Citrix NetScaler Flaw Exploited in Infra Breaches

The Dutch National Cyber Security Centre (NCSC) confirmed that organizations in critical sectors were targeted through a Citrix NetScaler vulnerability, CVE-2025-6543. The exploit allowed attackers to compromise internal systems, making it vital that IT teams immediately patch affected appliances. This is another reminder that perimeter defenses can still be weak links.

WinRAR Zero-Day Attacks Deliver Malware Payloads

Researchers have uncovered details about CVE-2025-8088—a zero-day vulnerability in WinRAR—that was actively exploited by the 'RomCom' group to drop malware on unsuspecting users. The exploit leverages a path traversal bug, and attackers used it in targeted phishing campaigns. WinRAR 7.13 patches the issue, so update now if you haven’t already.

Microsoft Unveils Windows 365 Reserve for Disaster Recovery

The software giant is testing Windows 365 Reserve, a cloud-first solution providing temporary desktop access during outages or attacks. It’s designed to keep employees productive even when their local PCs go down. This could be a game-changer for cyber-incident response and business continuity.

OpenAI Caps GPT-5 Thinking at 3,000 Weekly Requests

OpenAI is trialing a new limit of 3,000 GPT-5 interactions per week to conserve compute costs and improve scalability. While some see it as a smart compromise, others are calling it a step backward in access. Premium users still have alternatives, including switching back to GPT-4o for consistency.

xAI’s Grok 4.20 to Compete with GPT-5

Elon Musk’s xAI aims to challenge OpenAI once more with Grok 4.20, an upgrade that shows promise in AGI benchmarks. With a potential August launch, the updated model may close the gap in high-level reasoning tasks. Expect another ripple in the AI model arms race.

Phishing 2.0: Microsoft 365 Apps Being Abused

Attackers are now leveraging trusted Microsoft 365 apps, like OneNote and OneDrive, in what experts are calling “native phishing.” These attacks use internal-looking file shares to lure users into executing payloads. Organizations should consider advanced email and identity security to detect these subtler threats.

DarkBit Ransomware Cracked—Victims Recover Without Paying

Cybersecurity firm Profero has successfully cracked MuddyWater’s DarkBit ransomware, enabling victims to recover files for free. This is a striking win for the defenders, and it underscores the value of holding off on ransom payments if there's hope of decryption assistance from the community.

29,000 Microsoft Exchange Servers Remain Dangerously Unpatched

Security researchers warn that tens of thousands of Exchange servers are still exposed to a high-severity flaw that enables attackers to gain domain-level access. The advisory comes months after the patch was issued, emphasizing ongoing gaps in enterprise patch hygiene.

Connex Credit Union Breach Exposes 172,000 Members

Connex Credit Union disclosed a major data breach that compromised personal and financial data of over 170,000 members. The attack reportedly occurred earlier this summer and highlights the continued surge in financially motivated cyberattacks targeting institutions large and small.

Python Tackles Phantom Dependency Threats

In an effort to fight against hidden threats in code, the Python community is proposing a software bill of materials (SBOM) standard under PEP 770. This would expose so-called "phantom dependencies" that attackers can use to sneak malicious code into your projects. It’s a constructive idea for a growing software supply chain issue.

TETRA Radio Encryption Flaws Raise Public Safety Concerns

Newly disclosed vulnerabilities in TETRA radio encryption could allow attackers to intercept or manipulate communications used by emergency services. The flaw leaves some law enforcement agencies vulnerable to injection and replay attacks. Agencies depending on TETRA need urgent fixes and stronger key management policies.

Erlang/OTP SSH Flaw Exploited in OT Networks

A growing wave of attacks is exploiting CVE-2025-32433, a critical flaw in Erlang/OTP’s SSH implementation, particularly in operational technology (OT) firewall devices. Approximately 70% of these attacks target key infrastructure sectors, underscoring the importance of secure-by-design practices in ICS systems.

Binance Turns to Traditional Banks for Crypto Custody

In a move meant to restore public trust, Binance is storing customer crypto assets in U.S. Treasuries via Spanish bank BBVA and others. This traditional approach may help address recent concerns about centralized crypto exchanges and liquidity risk.

OneNote to Finally Support "Paste Text Only" Feature

Good news for Microsoft OneNote users—plain-text pasting is coming to both Windows and Mac. This much-awaited feature allows users to strip formatting automatically, which is a big productivity boost for note-takers and editors alike.

Semrush Launches Free AI Branding Workshop Series

If you're thinking about leveling up your digital presence, Semrush and Moving Forward Small Business have teamed up on a six-part workshop series focused on using AI for search and brand strategy. It's free, online, and worth checking out if you're in the small biz space.

IoT Reality Check: Costs Run Deeper Than Promised

According to Eseye, many businesses are blindsided by mounting costs of IoT connectivity—especially with global roaming, security layers, and hybrid SIM management. Carefully vetting IoT vendors and contracts is key before scaling your fleet of smart devices.

Tencent’s AIoT 2.0 Adds Smarts to Smart Devices

Bursting onto the connected devices scene, Tencent Cloud’s AIoT 2.0 is powering toys, cameras, speakers, and more with advanced voice and visual recognition. It's a peek into where AI meets IoT—and how smarter hardware is being baked into daily life.

Want to stay ready for anything? From data recovery to bootable OS installs, our Ultimate USBs have your back. Check out our tools today.

```
, , ,

RELATED ARTICLES
Tech News Roundup: Apple Privacy Changes, FTC Data Concerns, Tesla Hack & AI Voice Cloning
Tech News Today: Android 15, Intel 2nm Chips, Windows Exploit Fix & More – Oct 3, 2025
Apple, Google, and OpenAI Lead Major Tech and Security Updates – October 2, 2025
iOS Zero-Days, AI Laws & Data Breaches: Top Cybersecurity News for October 1, 2025
Urgent Tech Alerts: Zero-Day Threats, Windows Patch, and Linux Upgrades – Sept 30, 2025
Top Tech and Cybersecurity News for September 29, 2025: Ransomware Surge, Secure Boot, and AI Updates
Top Tech News September 28, 2025: Chrome Zero-Day, Ubuntu 25.10 Beta, Windows 12 AI Copilot & More
Tech News Today: Windows 11 Patch, AI Lawsuits, Major Data Breach & Linux Upgrades