Gmail users - reset your passwords, Bridgestone tyres attacked, Android patches and new botnet bypassing Windows Defender...
Welcome to this week’s Security News. We’ve collated the best articles from the around the internet and put them all into one place. We’ve also got the latest CVE information to help you stay ahead of vulnerabilities. If you have any queries or concerns about anything in this week’s news, then please get in touch with our team who can advise further. For our existing clients, if we believe anything may affect your organisation, our team will be in touch directly.
News & Articles
Recommendation: Gmail users - reset your passwords!
In the wake of a data breach involving one of Google’s third-party Salesforce systems, which we reported a few weeks ago, it’s advised for Gmail users to reset their password and ensure they have multi-factor authentication enabled.
The incident, which occurred in June 2025, has escalated concerns over sophisticated phishing campaigns targeting a massive user base.
According to Google’s analysis, the threat actor accessed and retrieved a limited set of data containing basic, largely public business information like company names and contact details.
Attackers are leveraging the news of the breach to craft scams that appear legitimate, tricking users into revealing their login credentials or two-factor authentication (2FA) codes.
Given the heightened risk of follow-on attacks, Google is urging all Gmail users to remain vigilant and take proactive security measures. We recommends updating passwords, enabling two-factor authentication, and being wary of unsolicited emails or calls requesting personal information.
Bridgestone Confirms Cyberattack Impacts Manufacturing Facilities
Tyre manufacturing giant Bridgestone Americas has confirmed it is responding to a cyberattack that disrupted operations at some of its manufacturing facilities this week.
In a statement, the company asserted that the incident has been contained and that business is now operating normally, though a full investigation into the breach is ongoing.
Bridgestone acknowledged that it identified a “limited cyber incident” that impacted its production capabilities. “We have launched a comprehensive forensic analysis and believe we contained the incident early,” the company stated.
While Bridgestone’s official statements characterise the incident as “limited,” reports from local officials suggest a potentially more widespread event. Pierre-Luc Bellerose, Mayor of Joliette, Quebec, where Bridgestone operates a large plant, told local media that he believes the attack affected all of the company’s factories in North America.
Two Exploited Vulnerabilities Patched in Android
Google last week rolled out fixes for a total of 111 unique CVEs as part of the September 2025 set of Android patches, including exploited zero-days.
The exploited vulnerabilities, both privilege escalation issues, impact the Android Runtime (CVE-2025-48543) and Linux kernel (CVE-2025-38352).
“There are indications that the following may be under limited, targeted exploitation: CVE-2025-38352, CVE-2025-48543,” Google’s advisory reads.
Users are advised to update their devices to a security patch level of 2025-09-05 as soon as it becomes available for them.
New Botnet Uses ‘UAC Prompt Bombing’ to Bypass Windows Defender Protections
Security teams began observing a novel botnet strain slipping beneath the radar of standard Windows Defender defenses in early August 2025.
Dubbed NightshadeC2, this malware family leverages both C and Python-based payloads to establish persistent, remote-control access on compromised hosts.
Initial infection chains often start with customized “ClickFix” landing pages that trick users into executing commands via the Windows Run prompt, while secondary campaigns employ trojanised installers of popular utilities such as Advanced IP Scanner, CCleaner, and various VPN clients.
Once executed, NightshadeC2 rapidly escalates privileges, disables or excludes its components from Defender scans, and calls home to a dynamic command and control infrastructure.
Should Defender service checks fail or the user decline elevation, the loader repeats its prompts ad nauseam—a technique the researchers have termed “UAC Prompt Bombing.”
Latest Vulnerabilities & Exploits
CVE-2025-6085
High - Make Connector WordPress plugin
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the ‘upload_media’ function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.
CVE-2025-2411
High - Akinsoft TaskPano
Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass.This issue affects TaskPano: from s1.06.04 before v1.06.06
CVE-2025-9616
Medium - PopAd WordPress Plugin
The PopAd plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on the PopAd_reset_cookie_time function. This makes it possible for unauthenticated attackers to reset cookie time settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2025-9467
Medium - Vaadin Upload
When the Vaadin Upload’s start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation.
Sources: CyberSecurityNews, SecurityWeek