Exchange hybrid flaw raises cloud alarm.

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 7 August 2025

⏱️ 25 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Microsoft warns of a high-severity vulnerability in Exchange Server hybrid deployments. A Dutch airline and a French telecom report data breaches. Researchers reveal new HTTP request smuggling variants. An Israeli spyware maker may have rebranded to evade U.S. sanctions. CyberArk patches critical vulnerabilities in its secrets management platform. The Akira gang use a legit Intel CPU tuning driver to disable Microsoft Defender. ChatGPT Connectors are shown vulnerable to indirect prompt injection. Researchers expose new details about the VexTrio cybercrime network. SonicWall says a recent SSLVPN-related cyber activity is not due to a zero-day. Ryan Whelan from Accenture is our man on the street at Black Hat. Do androids dream of concierge duty? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We continue our coverage from the floor at Black Hat USA 2025 with another edition of Man on the Street. This time, we’re catching up with Ryan Whelan, Managing Director and Global Head of Cyber Intelligence at Accenture, to hear what’s buzzing at the conference. Selected Reading Microsoft warns of high-severity flaw in hybrid Exchange deployments (Bleeping Computer) KLM suffers cyber breach affecting six million passengers (IO+) Cyberattack hits France’s third-largest mobile operator, millions of customers affected (The Record) New HTTP Request Smuggling Attacks Impacted CDNs, Major Orgs, Millions of Websites (SecurityWeek) Candiru Spyware Infrastructure Uncovered (BankInfoSecurity) Enterprise Secrets Exposed by CyberArk Conjur Vulnerabilities (SecurityWeek) Akira ransomware abuses CPU tuning tool to disable Microsoft Defender (Bleeping Computer) A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT (WIRED) Researchers Expose Infrastructure Behind Cybercrime Network VexTrio (Infosecurity Magazine) Gen 7 and newer SonicWall Firewalls – SSLVPN Recent Threat Activity (SonicWall) Want a Different Kind of Work Trip? Try a Robot Hotel (WIRED) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:09.7	And now a word from our sponsor, Threat Locker, the powerful zero-trust enterprise solution that stops ransomware in its tracks.
0:26.6	Allow listing is a deny-by-default software that makes application control simple and fast. Ring fencing is an application containment strategy, ensuring apps can only access the files,
0:32.6	registry keys, network resources, and other applications they truly need to function.
0:38.3	Shut out cyber criminals with world-class endpoint protection from threat locker.
0:43.3	Microsoft warns of a high severity vulnerability in exchange server hybrid deployments.
1:00.9	A Dutch airline and a French telecom report data breaches.
1:04.5	Researchers reveal new HTTP request smuggling variants.
1:09.0	An Israeli spyware maker may have rebranded to evade U.S. sanctions.
1:13.9	CyberArk patches critical vulnerabilities in its secrets management platform.
1:18.5	The Akira gang uses a legit Intel CPU tuning driver to disable Microsoft Defender.
1:24.8	ChatTPT connectors are shown vulnerable to indirect prompt injection.
1:29.3	Researchers expose new details about the Vex Trio Cybercrime Network.
1:34.1	Sonic Wall says a recent SSL VPN-related cyber activity is not due to a zero-day.
1:40.5	Ryan Whelan from Accenture is our man on the street at Black Hat,
1:47.6	and to Android's dream of concierge duty. It's Thursday, August 7, 2025. It's Thursday, August 7th, 2025.
2:05.1	I'm Dave Bittner, and this is your Cyberwire Intel briefing. Thanks for joining us.
2:23.3	It's great to have you with us, as always.
2:26.2	Microsoft has issued a warning about a high severity vulnerability in exchange server hybrid deployments.
2:33.3	The flaw could let attackers with access to on-premises exchange
2:37.5	escalate privileges in exchange online undetected.
2:42.3	In hybrid setups, both environments share a service principle for authentication.
	...

Transcript will be available on the free plan in 16 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.