Weekly Cybersecurity Digest [August, Week 3]
Posted on August 19, 2025
Dear Valued Clients,
Welcome to this week’s cybersecurity digest, curated by Make Sense to keep you informed about the latest developments in information security across Europe. This edition spotlights a major telecom outage tied to ransomware, suspected state-linked sabotage of critical infrastructure, and urgent risks from widely used remote-management tools—plus fresh vendor advisories and regulatory moves.
Our aim is to equip you with timely insights to enhance your cyber resilience and risk management initiatives.
✅ Top Stories of the Week
i. WarLock Claims Colt Attack; SharePoint Zero-Day Suspected
UK telecom Colt Technology Services suffered a cyberattack on Aug 12, causing a multi-day outage of support systems (hosting, porting, Colt Online, Voice API) but not core networks. WarLock ransomware claims responsibility, advertising 1M stolen files for $200k. Researcher Kevin Beaumont links entry to SharePoint RCE CVE-2025-53770. Colt notified authorities and is investigating with external experts. [Read more via Bleeping Computer]
ii. Norway Says Pro-Russian Hackers Briefly Seized Dam Controls in Bremanger
Norway’s Police Security Serviice chef Beate Gangås said pro-Russian hackers breached a dam’s control system in April, opening valves for four hours in Bremanger, near Bergen. The incident—likely aided by a weak password—fits Russia’s hybrid warfare tactic of signaling capability. Intelligence chief Nils Andreas Stensønes called Russia Norway’s top threat; similar water attacks have occurred abroad. [Read more on Politico]
iii. Thousands of N-able N-central Servers Remain Unpatched as Exploitation Expands
On August 18, researchers warned that multiple RMM vulnerabilities in N-able N-central are being actively probed and exploited, with thousands of internet-exposed instances still unpatched. Given broad MSP adoption across Europe, defenders should accelerate patching and enforce MFA, IP allow-listing, and least-privilege policies. [Read more via SecurityWeek]
✅ Industry Trends & Insights
F5 Issues August 2025 Quarterly Security Notification
F5 published its latest security update detailing new vulnerabilities and mitigations for BIG-IP/BIG-IQ and related products. European operators should review exposure in load balancers and ADC fleets supporting critical web apps and APIs and prioritize patch or mitigations per impact. [Check out the details on F5]
Microsoft: Fake “ChatGPT” App Drops PipeMagic Backdoor via CLFS Zero-Day
Microsoft warns threat actor Storm-2460 is disguising a ChatGPT desktop app to deliver the PipeMagic backdoor, exploiting CLFS zero-day CVE-2025-29824 before deploying ransomware. Targets span IT, finance, and real estate across the US, Europe, South America, and the Middle East. Kaspersky links campaigns to RansomExx; Symantec saw Play abusing the same flaw. [Read more via The Record]
✅ Regulatory & Policy Updates
Ofcom Updates Online Safety Fees & Penalties Regime
On August 19, Ofcom updated its statement on implementing the Online Safety Act fees and penalties regime, including guidance on calculating providers’ qualifying worldwide revenue and next steps ahead of Q4 2025 regulations. [Read the Ofcom update]
Greek DPA Sanctions Association Over Sensitive-Data Handling
On August 12, the Hellenic DPA issued fines for failures to facilitate access rights, unlawful transmission of sensitive data, and lack of cooperation—signaling continued GDPR enforcement momentum across the EU. [Read the EDPB roundup]
✅ Cyber IQ Challenge + Proactive Security Hacks
Quick Quiz: Which European telecom reported a ransomware-related outage this week?
A) Orange B) Bouygues C) Colt D) BT
Answer below!
Smart Security Moves of the Week
- Lock down RMMs (N-able/others): Patch immediately; enforce MFA and IP allow-listing; rotate API keys; audit plugin integrity; monitor for anomalous remote tasks.
- Harden edge and ADC layers: Review F5 advisories; apply vendor mitigations; restrict management planes; enable WAF/DoS protections.
- Stop fake-installer backdoors: Block unknown installers, require code-signing validation, and monitor named-pipe creation from uncommon parent processes.
✅ Quiz Answer: C) Colt
✅ Conclusion
This week’s activity shows how quickly risk can cascade—from backbone carriers to industrial assets—while attackers exploit trusted tools and themes (RMMs, “ChatGPT” installers). Prioritize rapid patching of internet-facing systems, tighten MSP tool access, and re-test incident playbooks for telecom/OT dependencies. Make Sense Trainings turns these weekly signals into concrete, auditable controls so your teams stay ready and resilient.
Stay secure,
The Make Sense SRL Team & CyberTania
