Good Morning Security Gang!
It’s Wednesday, August 13th, 2025, and Patch Tuesday has left us with a mountain of updates to digest. From Microsoft’s 107 fixes to industrial control system advisories, ransomware disruptions in South Korea, ongoing Salesforce-targeted breaches, Citrix and Fortinet device attacks, and one of the most inspiring stories of community-driven cybersecurity I’ve seen in a while.
Today’s episode is all about taking action before you’re the headline. Let’s break it all down so you can patch, protect, and prioritize.
"I think that as more and more AI tools are introduced for defenders, we're gonna have a lot more vulnerabilities... the next two to three years are going to be really really rough as more AI tools get introduced to help detect vulnerabilities within our environments." James Azar on Patch Tuesday
🛠 August 2025 Patch Tuesday – 107 Microsoft Fixes
Microsoft released 107 patches, including a publicly disclosed zero-day in Windows Kerberos (CVE-2025-53779) allowing unauthenticated attackers to gain domain admin privileges. The update also addresses 13 critical vulnerabilities—nine RCEs, three info disclosures, and one privilege escalation. Categories include 44 elevation of privilege, 35 RCE, 18 info disclosure, four DoS, and nine spoofing vulnerabilities. The Kerberos flaw requires user compromise to exploit—still not a high bar in many environments.
🔓 Fortinet, Ivanti, Adobe, SAP, Siemens, Schneider & More
Fortinet: 14 advisories, including CVE-2025-25256 (FortiSIEM RCE) with public PoC, CVE-2025-52970 (FortiWeb auth bypass), and CVE-2024-26009 (FortiManager device takeover). This vulnerability allows unauthenticated remote attackers to execute arbitrary code through specially crafted CLI requests, and here's the kicker – practical exploits have already been spotted in the wild. While Fortinet suggests it hasn't been maliciously exploited yet, the public proof-of-concept means we're likely looking at active exploitation soon.
The company also addressed two high-severity issues: an authentication bypass in FortiWeb (CVE-2025-52970) that lets remote attackers log in as any existing user, and CVE-2024-26009 affecting multiple FortiOS products, allowing unauthenticated attackers to seize control of managed devices if they know the FortiManager serial number.
Ivanti: Three advisories, including RCE in Avalanche and a password reset flaw in VADC. Ivanti wasn't sitting idle either, releasing three advisories covering authenticated remote code execution vulnerabilities in Avalanche and a medium-severity issue in their Virtual Appliance Delivery Control (VADC) that could allow remote authenticated attackers to reset admin passwords and hijack accounts. The silver lining? No known exploits yet, and even the Chinese threat actors haven't cracked these particular Ivanti vulnerabilities.
Adobe: 60+ vulnerabilities fixed across Substance 3D, Commerce/Magento, Animate, and Illustrator—many RCE and privilege escalation flaws. These patches address critical remote code execution vulnerabilities, memory leaks, privilege escalation flaws, and denial of service issues that could significantly impact creative workflows and e-commerce operations.
SAP: SAP's security patch day brought 15 new security notes with four updates to previous fixes, totaling 26 new and updated fixes since the last Patch Tuesday. Four of these have been classified as "hot news" or critical, including two code injection issues (CVE-2025-42950 and CVE-2025-42957) affecting different generations of their ERP systems. The high-priority patches address broken authentication in SAP Business and memory corruption in NetWeaver Application Server ABAP that can lead to sensitive information leaks.
Siemens, Schneider, Honeywell, ABB, Rockwell, Mitsubishi: Dozens of ICS/OT advisories affecting engineering platforms, SCADA products, and power monitoring tools—several enabling unauthenticated RCE. This was the largest ICS Patch Tuesday on record.
Siemens led with 22 new advisories, including CVE-2025-40746, a critical Simatic RTLS Locating Manager issue exploitable by authenticated attackers for code execution with system privileges. They also covered high-severity vulnerabilities across COMOS, engineering platforms, Simatic controls, and operational center products.
Schneider Electric, Honeywell, ABB, Phoenix Contact, Rockwell Automation, and Mitsubishi all released advisories covering everything from building management systems to simulation software. These vulnerabilities could lead to arbitrary code execution, sensitive data exposure, and in manufacturing and energy sectors, availability issues that could be business-critical when operations depend on continuous uptime.
🎵 K-pop Ticketing Site Hit by Ransomware—Twice
South Korea’s largest ticketing/book retailer Yes24 was knocked offline for several hours during a second ransomware attack this summer. The disruption hit just before ticket sales for K-pop band Day6’s tour, causing fan panic. The company recovered within hours this time—versus five days during the June attack.
🛡 Allianz Life Data Leak Linked to Salesforce Breaches
ShinyHunters has started leaking Allianz Life data allegedly stolen via compromised Salesforce customer accounts. Data includes names, addresses, phone numbers, and other marketing-related info—much of which isn’t sensitive by definition, but can still be abused in phishing campaigns.
🔐 Citrix Bleed 2 – 3,300 Devices Still Unpatched
CVE-2025-57777 remains unpatched on 3,300 Citrix NetScaler devices. Proof-of-concept exploits exist, and attacks were seen weeks before the fix. Netherlands’ NCSC confirmed exploitation against local companies.
🌐 Fortinet SSL VPN Brute Force Surge
GrayNoise detected a spike in brute force attempts against Fortinet SSL VPN devices—780+ malicious IPs involved, many targeting FortiOS profiles. Origin countries include the US, Canada, Russia, and the Netherlands.
💧 DEF CON Volunteers Secure Water Utilities
An inspiring DEF CON-driven initiative is pairing white-hat hackers with underfunded U.S. water utilities in Indiana, Oregon, Utah, and Vermont. The Cyber Resilience Corps, backed by Greg Newmark Philanthropies and supported by major associations, provides free OT mapping, password protocol audits, and vulnerability assessments to help protect against nation-state threats from China and Iran. This is a model for community-driven cybersecurity support nationwide.
"That's what makes our community great... When threat actors come knocking at our organizations, we come together as a community and we do it and that's why it's the best community on the planet." James Azar on the Def Con Efforts to secure water
🧠 James Azar’s CISO Take
My prediction stands firm: we're entering an era where Patch Tuesdays will reach astronomical numbers as AI-powered vulnerability detection tools become more sophisticated. While this August's 107 Microsoft patches feel overwhelming now, I believe this is just the beginning of a two-to-three-year period where defenders will be absolutely inundated with vulnerability disclosures. The challenge isn't just the volume – it's maintaining our sanity and strategic focus when every month brings what feels like emergency-level patching requirements.
However, today's episode also reminded me why I'm optimistic about our industry's future. The DEF CON water utility initiative exemplifies what makes our cybersecurity community extraordinary – 350 volunteers stepping up to protect critical infrastructure without compensation, purely driven by the mission to secure our nation's water supply. Whether it was post-October 7th efforts in Israel, COVID-era hospital support, or now water utilities, our community consistently proves that when threats emerge, we unite. That collective spirit, combined with our technical expertise and unwavering commitment to protecting others, gives me confidence that no matter how astronomical these patch numbers become, we'll find ways to manage the chaos and keep the lights on.
✅ Action Items
📥 Apply August Patch Tuesday updates for Microsoft, Adobe, SAP, Fortinet, Ivanti.
🛡 Patch Citrix NetScaler CVE-2025-57777 and terminate all active sessions.
🔐 Audit Salesforce/HubSpot for MFA enforcement and password hygiene.
🚨 Monitor for Fortinet SSL VPN brute force attempts; restrict external access if possible.
🧾 Patch ICS/OT systems from Siemens, Schneider, Honeywell, ABB, Rockwell, Mitsubishi.
💻 Educate users on phishing risks tied to “non-sensitive” personal data.
💧 Share the DEF CON water utility model with other underserved critical infrastructure sectors.
✅ Story Links:
https://www.securityweek.com/fortinet-ivanti-release-august-2025-security-patches/
https://www.securityweek.com/adobe-patches-over-60-vulnerabilities-across-13-products/
https://www.securityweek.com/sap-patches-critical-s-4hana-vulnerability/
https://www.securityweek.com/ics-patch-tuesday-major-vendors-address-code-execution-vulnerabilities/
https://therecord.media/yes24-second-ransomware-attack-kpop-ticketing-affected
https://thehackernews.com/2025/08/fortinet-ssl-vpns-hit-by-global-brute.html
https://therecord.media/def-con-franklin-water-utility-cybersecurity-volunteers
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post