Cyber Security Headlines - August 11, 2025
Hosted by Steve Prentiss from the CISO Series
1. DARPA Awards $4 Million Prize for AI Code Review
At the DEFCON conference, the U.S. Department of Defense announced the winner of DARPA's two-year competition aimed at developing advanced artificial intelligence systems for identifying and rectifying software vulnerabilities.
Team Atlanta, comprising experts from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science and Technology, and the Pohang University of Science and Technology, emerged victorious. The competition involved scrutinizing 54 million lines of synthetic code for vulnerabilities and generating effective patches.
Steve Prentiss highlighted the achievement, stating, “[00:00] The final competition saw teams attempt to find and generate patches for synthetic vulnerabilities buried in 54 million lines of code.”
2. North Korea’s ScarCruft Group Expands to Ransomware Operations
North Korea’s notorious ScarCruft group has escalated its cyber activities by incorporating ransomware into its arsenal. According to analysts from South Korean cybersecurity firm S2W, ScarCruft is now deploying a ransomware variant named VCD, identifiable by the file extension it adds to encrypted files.
The group primarily uses phishing emails to distribute their ransomware payloads. A recent phishing attempt involved misleading recipients with a message about postal code updates related to street address changes.
Prentiss elaborated on this development, noting, “ScarCruft... is now deploying a ransomware variant known as vcd, after the extension it adds to the names of encrypted files.”
3. Columbia University Data Breach Affects 869,000 Individuals
The cyberattack on Columbia University has now impacted 869,000 people, up from the previously reported 860,000. The compromised data includes Social Security numbers, demographic information, academic histories, financial aid details, and health insurance information. Notably, patient records from Columbia University's Irving Medical Center were not accessed.
Authorities describe the breach as the work of highly sophisticated hackers with a political agenda. The perpetrator has publicly shared samples of the stolen data with prominent media outlets such as The New York Times and Bloomberg.
Prentiss provided an overview of the incident, stating, “The tally of victims in the Columbia University attack is now at 869,000 and data accessed includes Social Security numbers...”
4. Franklin Project Grows in Defending Critical Infrastructure
A year after its inception at DEFCON, the Franklin Project continues to expand, now supported by more volunteers than can be accommodated. Led by former White House official Jake Braun, the project offers free cybersecurity services to critical infrastructure sectors, assisting with tasks like setting passwords, activating multi-factor authentication, conducting asset inventories, and performing network assessments.
Despite the growing number of volunteers, the demand from infrastructure sectors across the country remains high. Braun shared insights during DEFCON, mentioning, “...one of the volunteers first challenges was convincing the water utilities that despite being located in small towns that they were still a target for Chinese and Iranian cybercruise.”
5. WinRAR Zero-Day Exploited to Deploy Malware
A recently patched vulnerability in the Windows WinRAR compression tool was exploited as a zero-day in phishing campaigns to install the ROM COM malware. This directory traversal vulnerability, addressed in WinRAR version 7.13, allowed attackers to craft archives that could extract executables into autorun paths like the Windows startup folder.
Due to WinRAR’s lack of an auto-update feature, Microsoft has advised all users to manually download and install the latest version to mitigate this risk.
6. Microsoft Warns on Cyber Attack Preparedness
Microsoft’s threat intelligence leaders emphasized the critical need for robust incident response plans at Black Hat. They revealed that only 25% of organizations have an incident response plan and have practiced it.
Sherrod de Grippo, Director of Threat Intelligence Strategy at Microsoft, explained the disparity between attacker and defender mindsets: “Attackers and threat actors think in graphs. They see the pathways that they can take to pivot around inside of a network, while defenders think in lists.” She also stressed the importance of fundamental security practices, such as keeping software updated and properly configured. De Grippo added, “If you do experience a breach, missing logs really contribute to a nightmare scenario for both intel and incident responders.”
7. Lenovo Webcams Vulnerable to Bad USB Attacks
Researchers at Eclipsium discovered vulnerabilities in certain Lenovo webcams, collectively termed BadCam, which were demonstrated at DEFCON 33. These flaws enable attackers to transform webcams into malicious USB devices capable of injecting keystrokes and initiating operating system-independent attacks.
The vulnerabilities stem from specific Lenovo webcam models running Linux without proper firmware validation, allowing weaponization without the need for physical access.
8. Windows EPM Poisoning Facilitates Domain Privilege Escalation
Safe Breach researchers reported a newly identified security issue in Microsoft's Windows Remote Procedure Call (RPC) communication protocol, known as the Windows storage spoofing bug. Although patched in the July update, the vulnerability allowed attackers to manipulate a core RPC component, enabling endpoint mapper poisoning attacks. This could permit unprivileged users to masquerade as legitimate built-in services, coercing protected processes to authenticate against malicious servers.
The researchers warned that this exploit could facilitate significant domain privilege escalation if not addressed promptly.
For more detailed insights and continuous updates on cybersecurity, visit CISOseries.com. If you have thoughts or feedback on today’s headlines or the show in general, reach out to us at feedback@cisoseries.com.
Reported by Steve Prentiss for the CISO Series.