Akira's SonicWall zero-day, UK Legal-Aid suffers, Luxembourg 5G attack

Cyber Security Headlines – Episode Summary
Hosted by CISO Series
Release Date: August 4, 2025

1. Akira’s SonicWall Zero-Day Exploit

In the opening segment, Steve Prentiss discusses a significant cybersecurity incident involving the Akira ransomware group exploiting a zero-day vulnerability in SonicWall VPNs. Despite SonicWall devices being fully patched, the attackers successfully breached systems protected with Multi-Factor Authentication (MFA) and rotated credentials.

Steve Prentiss highlights:

"Akira ransomware delivers zero day attacks to SonicWall VPNs, including fully patched devices with MFA and rotated credentials." (00:06)

Researchers from Arctic Wolf Labs identified multiple intrusions in late July 2025, suggesting the exploitation of a previously unknown vulnerability. Their report contrasts legitimate VPN logins, typically originating from broadband ISPs, with those from ransomware groups that utilize virtual private server hosting within compromised environments. Consequently, Arctic Wolf Labs recommends disabling the SonicWall SSL VPN service until a security patch is available and implemented.

2. UK Legal Aid Program Under Siege

The podcast delves into the cascading effects of a cyberattack on the UK’s legal aid sector, a follow-up to a previous episode from May.

Steve Prentiss reports:

"After the personal data of hundreds of thousands of legal aid applicants in England and Wales dating back to 2010 was stolen in the attack, the inability for lawyers to access data or get compensated for their services has led to stress and a simple financial inability to maintain their legal aid practice." (00:06)

The attack has plunged the sector into chaos, resulting in unpaid barristers, the turning away of cases, and fears of a mass exodus from legal aid work. The compromised personal data has not only disrupted ongoing legal processes but also threatens the very foundation of the legal aid system in the UK.

3. Luxembourg’s 5G Network Attack on Huawei Systems

Luxembourg faced a nationwide telecommunications outage caused by a cyberattack targeting Huawei equipment within its telecom infrastructure.

Steve Prentiss explains:

"Luxembourg's government announced on Thursday it was formally investigating a nationwide telecommunications outage caused last week by a cyberattack reportedly targeting Huawei equipment inside its national telecoms infrastructure." (00:06)

The assault incapacitated Luxembourg’s 4G and 5G networks for over three hours, severely impacting access to emergency services as the fallback 2G system became overwhelmed. Additionally, internet access and electronic banking services were disrupted. Government statements clarified that the intent behind the attack was purely disruptive, not an attempt to breach the telecom network’s integrity, leading to a complete system failure.

4. Aeroflot’s Alleged Data Leak and Breach

Following up on a story from July 29, the episode covers the alleged data leak from Aeroflot, despite official denials.

Steve Prentiss states:

"Despite statements from the airline as well as from Russian Internet watchdog roscomnadzor that there is no evidence of a data leak, the Belarusian hacker group Cyber Partisans, which has claimed responsibility for the attack, has posted what it says is travel data, including flights taken and the passport number for Aeroflot CEO Sergei Alexandrovsky." (00:06)

Though Aeroflot has resumed normal operations, cybersecurity experts caution that full recovery of the airline's IT infrastructure might be delayed. The Cyber Partisans group alleges that the breach occurred due to employees using weak passwords and the reliance on outdated Windows 10 versions. However, these claims remain unverified independently.

5. Cursor’s AI Coding Agent Vulnerability

A critical vulnerability in Cursor, an AI-powered code editing software, has been exposed by AIM Labs researchers.

Steve Prentiss details:

"According to researchers at AIM Labs, a data poisoning attack affecting Cursor, an AI powered code editing software, could have given an attacker remote code execution privileges over user devices." (00:06)

Discovered on July 7, the flaw allows attackers to manipulate Cursor through a single line prompt, granting them nearly silent and invisible developer-level access to host devices. Although a patch was released the following day, all prior versions remain susceptible. The vulnerability, assigned a CVE number, arises when Cursor interacts with a model contest protocol server accessing tools like Slack and GitHub.

6. Surge in Social Engineering Attacks

Palo Alto Networks’ Unit 42 division released a report highlighting a significant rise in social engineering attacks over the past year.

Steve Prentiss reports:

"This technique of tricking employees into granting access to their organization's core data and systems was the top initial attack vector over the past year." (00:06)

Accounting for 36% of incident response cases, these attacks have targeted a diverse range of groups, from Scattered SPIDER to North Korean tech workers. The report analyzed data from over 700 attacks, predominantly affecting organizations in North America. The surge underscores the persistent and evolving threat of social engineering in compromising organizational security.

7. China Accuses Nvidia of Backdoors in H20 Chips

Amidst geopolitical tensions, China has accused Nvidia of embedding alleged backdoors within its H20 AI GPUs designed for the Chinese market.

Steve Prentiss outlines:

"China's Cyberspace Administration summoned Nvidia on July 31, 2025, over security concerns tied to these H20 chips, with US AI experts claiming the chips have tracking location and remote shutdown features." (00:06)

Nvidia's H20 chips, based on hopper architecture, offer robust AI performance while adhering to US export controls by limiting certain features. The accusation follows the US lifting an export ban, allowing Nvidia to resume chip sales in China. The Chinese government’s intervention suggests deeper security and privacy concerns regarding the integration of these chips into national infrastructure.

8. Microsoft Recall AI App’s Privacy Concerns

The episode addresses ongoing privacy issues with Microsoft’s Recall AI application, based on research by The Register.

Steve Prentiss highlights:

"Microsoft Recall, the infamous AI app that takes screenshots of users PC Activity, is still screenshotting sensitive information such as credit card numbers, despite promises not to do so." (00:06)

The app's default setting, "Filter Sensitive Information," is intended to prevent the capture of personal data like credit card numbers and passwords. However, tests reveal that the filter often fails, also unable to omit sensitive web history entries related to personal matters such as medical history. Furthermore, screenshots taken by Recall can be accessed by anyone with the user’s PIN, including through remote access, posing significant privacy risks.

Conclusion

This episode of Cyber Security Headlines by CISO Series provides a comprehensive overview of critical cybersecurity incidents and vulnerabilities affecting various sectors globally. From ransomware exploits and nationwide telecom outages to vulnerabilities in AI software and privacy concerns in widely-used applications, the discussions underscore the pervasive and evolving nature of cyber threats. By highlighting these incidents and the underlying issues, the podcast serves as a vital resource for professionals seeking to stay informed and proactive in the face of emerging cybersecurity challenges.

For more detailed stories behind these headlines, visit CISOseries.com.