Patient Data Breach, Hackers Exploit AI, Code Execution Bug – Cybersecurity News [August 04, 2025]

Patient Data Stolen in Cancer Centre Cyberattack

A ransomware attack on a big cancer care provider in Arkansas compromised sensitive data of the folks, approximately 113,500 patients. The breach started in January 2025 but was detected in June when hackers encrypted files using ransomware. The stolen data includes Social Security numbers, medical records, financial details, and insurance information, putting patients at high risk of identity theft. The Medusa ransomware group, known for double extortion tactics, claimed responsibility and initially demanded $700,000, later removing the clinic from its leak site, asking for a possible ransom payment.

This has been the second ransomware attack on the same provider since 2023, which shows growing threats to healthcare institutions. Recent reports show that more than 50% of healthcare organizations faced ransomware attacks in the past year. The patients who are affected are being offered identity theft protection, while authorities urge vigilance against fraud. The incident follows a similar attack on a network of cancer care providers last month, showing the healthcare sector’s vulnerability to cybercriminals.

Hackers Can Hijack AI Servers While Exploiting New Vulnerabilities

A set of highly risky security flaws in NVIDIA’s Triton AI server gives hackers complete control of affected systems. Researchers found three vulnerabilities that, when together, let the attackers run malicious code, steal sensitive AI models, or manipulate data, all without needing login credentials. The most severe bug (CVE-2025-23319) could even let hackers manipulate AI responses or even crash the whole server.

NVIDIA tried to fix the issues in its latest update (version 25.07), asking users to patch immediately. Though no attacks have been reported now, unpatched servers remain at risk. The flaws affect the Python backend, which processes AI requests from known frameworks like PyTorch and TensorFlow. Experts warn that exploiting these bugs lets hackers access private data, disrupt AI services, or even spread deeper into a company’s network. This discovery comes after NVIDIA’s recent patch for three other critical vulnerabilities, showing growing security risks in AI infrastructure.

Remote Code Execution Bugs Found in Enterprise Protection Platform

Trend Micro has issued immediate mitigation after discovering risky vulnerabilities in the Apex One on-premise management console, both allowing remote attackers to run malicious code without authentication. These flaws, rated 9.4 in severity, have already been exploited in at least one real-world attack, though details remain undisclosed. The company has said that hackers could take full control of affected systems, compromising the corporate security infrastructure.

A temporary fix is available for on-premises users, but it disables the Remote Install Agent feature; permanent patches will arrive mid-August 2025. Apex One’s Cloud-based services were automatically patched on July 31. Trend Micro has told the administrators to stop remote access to vulnerable systems while waiting for updates. The vulnerabilities stem from command injection flaws, pointing to the need for robust security alongside prompt patching. No more exploitation details were shared; however, the active attacks pin the urgency for organizations to apply mitigations as soon as possible.

Fake VPN Apps on Official Stores Linked to Massive Ad Fraud Scam

A cybercriminal group has been caught distributing fake VPN, spam blocker, and utility apps on official app stores, tricking users into costly subscriptions and ad fraud. These malicious apps, downloaded millions of times, heavily loaded the victims with ads, took personal data, and charged hidden fees. Some even make it hard to cancel subscriptions, trapping users in recurring payments.

The operation is allegedly connected to a bigger ad fraud network that redirects users to scam sites through manipulated ads. The group uses deceptive tactics, including fake developer accounts and cloaked links, to avoid detection. Security researchers warn that these scams get big because they exploit trust in legitimate app stores. Users are asked to check app reviews, permissions, and subscription terms before downloading. While app stores have removed some of the fraudulent apps, the threat remains as criminals constantly rebrand. Experts ask for more awareness of such scams, as they can be just as damaging as traditional malware attacks.

New Vulnerability Lets Malicious Containers Hijack Cloud Credentials

Recently discovered vulnerability in a big cloud container service allows attackers to steal credentials from other tasks running on the same host. Dubbed “ECScape,” the flaw lets a less privileged container impersonate more privileged ones, possibly gaining access to sensitive data and control over cloud environments. Researchers have shown how an attacker exploits an internal protocol to hijack AWS credentials, bypassing isolation measures.

Amazon, the cloud provider, in its recently released documentation. has advised users to stop running high-privilege tasks with untrusted ones and suggests switching to a fully isolated service for more security. Other controls include restricting metadata service access and monitoring for unusual IAM role usage. This discovery follows multiple recent cloud security flaws, pinning the growing risks in shared cloud infrastructures. Experts warn that containers should always be treated as possible attack vectors, with strict limits on their permissions to lessen damage if compromised.