Cybersecurity Chaos: Top Breaches, Malware Leaks, and AI Threats – August 18, 2025

```html Top Tech & Cybersecurity Headlines – August 18, 2025

Top Tech & Cybersecurity Headlines – August 18, 2025

Today’s roundup brings big headlines in malware leaks, embassy espionage, cryptojacking crimes, and warning signs for AI misuse. Whether you’re protecting your digital life or just trying to stay informed, here’s what’s hitting the tech world on August 18, 2025.

XenoRAT Cyber-Espionage Hits Embassies in South Korea

A state-sponsored malware operation is actively targeting foreign embassies in South Korea with XenoRAT. The campaign uses GitHub repositories to distribute the malware, which underscores how sophisticated and stealthy espionage tools have become. Diplomats and data alike are now prime targets in the shifting threat landscape.

Nebraska Man Sentenced After $3.5M Cryptojacking Operation

A Nebraska resident has been sentenced to one year in prison after orchestrating a cryptojacking scheme that defrauded cloud computing firms of $3.5 million. The scam generated nearly $1 million in crypto by hijacking compute power—proving that crime might pay, but not for long.

ERMAC Android Banking Trojan Code Leaked Online

The source code for ERMAC v3, an Android banking trojan, has leaked publicly, shedding light on malware-as-a-service infrastructure. This may lead to a surge in copycat attacks targeting mobile banking apps. Android users: stay vigilant and update those security patches.

UK Hacker Sentenced After Compromising 3,000 Websites

A 26-year-old self-proclaimed “serial hacker” in the UK has received a 20-month prison term for breaching over 3,000 websites. Authorities caught up with the attacker after years of widespread web defacement and data theft campaigns.

Unpatched N-able Servers Still Exposed to Critical Flaws

Over 800 N-able N-central servers remain exposed to two critical vulnerabilities despite active exploitation in the wild. If your organization uses N-able products, now is the time to double-check patches and harden defenses.

Germany May Ban Ad Blockers, Warns Mozilla

A court battle in Germany could spell trouble for browser-based ad blockers. Mozilla warns that recent rulings could pave the way for these tools to be considered copyright violations—posing both a legal and digital privacy setback.

Microsoft WUSA Patch Issue Mitigated

Microsoft has resolved a bug that prevented Windows updates from installing when using WUSA from network shares. While the issue is contained, sysadmins are encouraged to verify deployments and apply any pending fixes.

Workday Breach Linked to Salesforce Vendor Attack

HR software provider Workday has reported a data breach following a social engineering attack on its CRM vendor. The breach highlights how third-party risk remains a gaping hole in enterprise security strategies.

Security Chiefs Urge Regulation on Chinese AI Giant DeepSeek

CISOs are sounding the alarm over DeepSeek, a powerful AI platform based in China, citing growing privacy and national security risks. As generative AI systems gain influence, regulation and transparency are becoming critical.

Perplexity AI's $34.5B Bid for Google Chrome Raises Eyebrows

In an unexpected move, Perplexity AI has offered $34.5 billion for Google Chrome—despite its own valuation being just $18 billion. Is this a bold strategy or just next-level PR? Either way, it's shaking up the AI world.

AI Overviews Fueling Next Gen Scams Online

Online scammers are leveraging Google AI Overviews and missing customer service numbers to trap victims. As search results become increasingly AI-driven, cybercriminals are finding new ways to exploit the trust users place in the top hits.

Noodlophile Campaign Spreads with Phishing Lures

The Noodlophile malware campaign is expanding globally, targeting enterprise users with phishing emails disguised as copyright complaints. It relies on services like Gmail and Dropbox for command-and-control evasion.

PipeMagic Exploits Windows Zero-Day to Deploy Ransomware

A critical Windows vulnerability (CVE-2025-29824) is being exploited by PipeMagic to deploy RansomExx ransomware, mainly in Saudi Arabia and Brazil. Patch your systems—this is a live, in-the-wild threat.

Malicious PyPI and npm Packages Discovered in Supply Chain Attack

Two malicious packages, termncolor and colorinal, on PyPI and npm have been found exploiting dependency chains with DLL side-loading and persistence tactics. Supply chain attacks show no sign of slowing down.

Russia's Secret Blizzard Bypassed MFA in Embassy Attacks

The Russian state-sponsored group Secret Blizzard used TLS certificate compromise to beat multi-factor authentication in high-level espionage campaigns. It’s a stark reminder that even MFA isn’t bulletproof without strong root-of-trust safeguards.

Deepfake Fraud Steals $25.6M in CFO Video Scam

A deepfake video of a CFO cost one company $25.6 million after scammers used AI-generated calls to fabricators investors. This attack proves how AI-powered social engineering is redefining identity fraud and executive impersonation dangers.

Hidden Security Costs of AI Code

Almost half of AI-generated code samples include exploitable security bugs, and over one-third contain SQL injection flaws. Teams must weigh the benefits of AI-assisted dev against its hidden security debt.

Wazuh Streamlines Compliance Across Multiple Frameworks

SIEM/XDR solution Wazuh is simplifying regulatory compliance for frameworks like PCI DSS, HIPAA, and GDPR. A unified platform can reduce risk and help teams keep pace with growing audit demands.

Patch Management Fails in BYOD, SaaS-Heavy Workplaces

With 20% of breaches in 2025 tied to unpatched systems, traditional patch management isn’t keeping up. The rise of Bring Your Own Device (BYOD) setups and SaaS sprawl demands more agile, automated vulnerability management approaches.

AI Copilots Revolutionizing Game Development

According to Coplay’s CEO, AI copilots are transforming how games are built in engines like Unity. While they still face limitations, orchestration tools may soon turn sketches into playable demos almost instantly.

EE Still Leads UK's Mobile Network Rankings

For the 12th year in a row, EE remains the best-performing mobile network in the UK. Consistency in coverage, speed, and reliability cements its place—though challengers are quickly gaining ground with 5G rollouts.

Huawei to Train 30,000 AI Professionals in Malaysia

As part of a national push for digital sovereignty, Huawei will train 30,000 AI professionals in Malaysia. It’s a big move toward inclusive growth and shows regional investments in AI are ramping up.

Want to stay ready for anything? From data recovery to bootable OS installs, our Ultimate USBs have your back. Check out our tools today.

```
, , ,

RELATED ARTICLES
Cybersecurity Warnings, Outlook Glitches, and Botnet Threats: Top Tech News for August 23, 2025
Cyber Threats, AI Security & Major Breaches: Top Tech News for August 22, 2025
Cybersecurity Breaches, AI Breakthroughs, and Major Tech Shifts – August 21, 2025 Tech Roundup
Urgent Tech & Cybersecurity News for August 20, 2025: AI Threats, Zero-Days, Microsoft Outages & More
Cybersecurity, AI, and Data Breaches: Tech News You Need for August 19, 2025
AI Breakthroughs, Google Projects, and Major Cybercrime Busts: Tech News for August 17, 2025
AI Browsers, ChatGPT Go, and Major Cyber Threats: Top Tech News for August 16, 2025
AI Breakthroughs, Cyber Threats, and Global Tech Shifts: Top Headlines for August 15, 2025