Weekly Cybersecurity Digest [August, Week 2]
Posted on August 12, 2025
Dear Valued Clients,
Welcome to this week’s cybersecurity digest, curated by Make Sense to keep you informed about the latest developments in information security across Europe. Europe’s threat picture sharpened this week: major consumer and aviation disclosures (Bouygues Telecom; Air France/KLM), a WinRAR zero-day exploited by “RomCom,” and fresh device/endpoint risks. We also track Android’s August patch, Akira’s BYOVD technique, updated UK NCSC CAF v4.0 guidance, and new EU funding that earmarks cyber-resilience. Scroll for practical steps and this week’s Cyber IQ quiz.
As always, we bring you the most relevant updates to help strengthen your operational defenses.
✅ Top Stories of the Week
i. Bouygues Telecom Confirms Breach Impacting 6.4 Million Customers
On August 7, Bouygues Telecom said attackers accessed data from about 6.4 million accounts — including contact and contract details, civil-status/company info, and some IBANs. No payment-card data or passwords were taken. Detected on August 4 and reported to CNIL, the incident comes with a public FAQ and warnings about phishing as regulators weigh GDPR implications. [Read more via BleepingComputer]
ii. Air France & KLM Disclose Customer Data Breach
Also on August 7, Air France and KLM reported that attackers compromised a third-party platform used by their contact centers, exposing some customers’ names, contact details, Flying Blue numbers/status, and service-request subject lines. Both airlines said flight operations were unaffected, cut the vendor’s access, and notified authorities in France and the Netherlands. No passwords, passport, or payment data were taken. [Read more via BleepingComputer]
iii. WinRAR Zero-Day (CVE-2025-8088) Exploited by ‘RomCom’ Against Europe
Security researchers report Russia-linked RomCom used a newly patched WinRAR zero-day in spear-phishing against finance, defense, manufacturing, and logistics targets in Europe and Canada. The path-traversal flaw let booby-trapped RARs write files to attacker-chosen locations, using résumé-themed lures. ESET reported no confirmed compromises. Patch WinRAR (fix released July 30) and tighten RAR attachment controls immediately. [Read more via SecurityWeek]
✅ Industry Trends & Insights
Android August Security Update Fixes Exploited Qualcomm GPU Bug
Google’s August security bulletin patches an Adreno GPU flaw confirmed as exploited in June. EU organizations with Android fleets should prioritize managed rollouts and verify OEM patch availability across mixed device estates. [Read more via SecurityWeek]
Akira Ransomware Uses Legit Intel Driver to Cripple Microsoft Defender
Fresh research shows Akira abusing a signed Intel CPU-tuning driver to disable Microsoft Defender before encryption, highlighting the continued rise of BYOVD (bring-your-own-vulnerable-driver) tactics. Tighten driver-load controls and block-lists, and ensure kernel-mode signing enforcement. [Read more via BleepingComputer]
✅ Regulatory & Policy Updates
UK NCSC Releases Cyber Assessment Framework (CAF) v4.0
On August 6, the NCSC published CAF v4.0 updates for operators of essential services and other high-impact entities, refining detection/response outcomes and guidance. EU/EEA organizations can use CAF mappings alongside NIS2 controls for cross-standard alignment. [Read the blog post on NCSC]
EU Funding Package Mentions Cybersecurity Resilience Boost
The EU disbursed €42.8bn under NextGenerationEU’s RRF to Spain, Italy, Portugal, Cyprus, and Malta. Spain’s €23.1bn tranche explicitly funds cybersecurity resilience—strengthening citizens’ and SMEs’ defenses by backing the domestic cybersecurity industry and innovative firms—alongside energy and transport investments. Italy received €18.3bn; Portugal €1.34bn; Cyprus €76m; Malta €48.7m. Some Spanish milestones remain suspended pending reforms and digitalization targets. [Read the press release via European Commission website]
✅ Cyber IQ Challenge + Proactive Security Hacks
Quick Quiz: Which threat actor exploited CVE-2025-8088 in targeted phishing against European firms?
A) Akira B) RomCom C) DragonForce D) BlackByte
Answer below!
Smart Security Moves of the Week
-
Block BYOVD paths: Enforce Microsoft kernel-mode driver block rules and deny-list risky drivers enterprise-wide; monitor for unsigned/suspicious driver loads.
-
Patch user endpoints fast: Prioritize WinRAR updates and Android August bulletins; validate third-party software inventories where auto-update isn’t guaranteed.
-
Tighten SaaS supply-chain access: After the Air France/KLM incident, re-check data-processing agreements, API scopes, and access logs for customer-support platforms.
✅ Quiz Answer: B) RomCom.
✅ Conclusion
Bottom line: customer data, travel loyalty systems, and desktop utilities remain prime targets, while regulators and funders push resilience. Prioritize rapid WinRAR and Android updates, enforce driver-block rules, and tighten access to third-party support platforms. Map CAF v4.0 to NIS2 where helpful, and use our checklist and quiz to brief teams. Make Sense can help turn these signals into concrete controls.
Stay secure,
The Make Sense SRL Team & CyberTania
