---
title: "Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws , Cybersecurity News [August 11, 2025] | DuoCircle"
description: "Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws, Cybersecurity News [August 11."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2025/"
---

Quick Answer

Cybersecurity headlines for the week of August 11, 2025\. Trend Micro identified Charon ransomware, which uses APT-style techniques (DLL sideloading, anti-EDR drivers) against public-sector and aviation targets in the Middle East. Google completed notifications for a Salesforce data theft tied to ShinyHunters and the wider Salesloft Drift OAuth-token compromise. Researchers Carlo Meijer, Wouter Bokslag, and Jos Wetzels disclosed 2TETRA:2BURST, a new set of flaws in TETRA radio systems used by police, military, and critical infrastructure. CVE-2025-8088, a WinRAR zero-day path-traversal bug, was exploited by Paper Werewolf and RomCom to drop backdoors. Koi Security's GreedyBear campaign used roughly 150 malicious Firefox extensions to steal more than $1 million from cryptocurrency users, alongside a separate Ethereum trading-bot scam on AI-generated YouTube videos that drained around $900,000.

Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws , Cybersecurity News \[August 11, 2025\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2025/08/Charon-Ransomware-Threatens-Data-Breach-Notifications-TETRA-Security-Flaws---Cybersecurity-News-August-11-2025.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-34-of-2025%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Charon%20Ransomware%20Threatens%2C%20Data%20Breach%20Notifications%2C%20TETRA%20Security%20Flaws%20%2C%20Cybersecurity%20News%20%5BAugust%2011%2C%202025%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-34-of-2025%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-34-of-2025%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-34-of-2025%2F&title=Charon%20Ransomware%20Threatens%2C%20Data%20Breach%20Notifications%2C%20TETRA%20Security%20Flaws%20%2C%20Cybersecurity%20News%20%5BAugust%2011%2C%202025%5D "Share on Reddit") [ ](mailto:?subject=Charon%20Ransomware%20Threatens%2C%20Data%20Breach%20Notifications%2C%20TETRA%20Security%20Flaws%20%2C%20Cybersecurity%20News%20%5BAugust%2011%2C%202025%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-34-of-2025%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2025/08/spf-record-tester-5670.jpg) 

[Cybersecurity](/) incidents this week include **Google completing notifications** for a Salesforce breach linked to ShinyHunters, and the discovery of Charon ransomware targeting the Middle East public and aviation sectors with APT-style tactics. Researchers exposed new 2TETRA:2BURST flaws in critical TETRA radio systems, while a WinRAR zero-day was exploited by Paper Werewolf and RomCom groups. The GreedyBear campaign stole over $1 million via malicious browser extensions, alongside an Ethereum [trading bot scam](https://cointelegraph.com/news/crypto-trading-bot-scam-youtube-eth-theft) using [AI-generated YouTube videos](https://apnews.com/article/youtube-artitifical-intelligence-deep-fake-ai-creaters-0513fd9fddbd93af327f0411dd29ff3d) to drain wallets of nearly $900,000\. Let’s dissect each news in brief!

## Charon Ransomware Targets Middle East Public Sector and Aviation

Cybersecurity researchers have [found a new ransomware](https://www.trendmicro.com/en%5Fus/research/25/h/new-ransomware-charon.html) called Charon that’s going after public sector and aviation organizations in the Middle East. **Trend Micro reports** that the attackers are using some advanced tactics, like DLL side-loading and process injection, to sneak past security software. They get in by using a legitimate Edge.exe file to load a [malicious DLL](https://www.infosecurity-magazine.com/news/phishing-attack-combines-vishing/), which then unleashes the ransomware. Charon is built to shut down security services, wipe out backups, and encrypt files quickly using multithreading.

Interestingly, the attackers also tried to use a “[bring-your-own-vulnerable-driver](https://github.com/SaadAhla/dark-kill)” technique to disable endpoint detection, though it seems that part wasn’t fully working yet. The ransom notes were customized for each victim, which shows these weren’t random attacks. While it’s not confirmed, the campaign has similarities to the **Eastern-linked Earth Baxia group**, suggesting it could be them or a new group copying their style. This all points to a bigger trend where [ransomware attacks](/resources/locky-ransomware) are becoming as sophisticated as nation-state operations, combining stealthy methods with disruptive encryption to cause maximum damage.

[![attackers](https://media.mailhop.org/duocircle/images/2025/08/spf-record-checker-4322.jpg)](https://media.mailhop.org/duocircle/images/2025/08/spf-record-checker-4322.jpg)

## Google Confirms Data Breach Notifications Sent to Impacted Users

Google has now finished letting organizations know they were [affected by the recent data breach](https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion) carried out by the ShinyHunters group, also known as UNC6040\. The incident, which came to light on August 5th, involved a violation of a Salesforce database that stored contact information and notes for small and medium-sized businesses. **According to Google**, the information that was accessed mainly was basic business data, like company names and contact details, much of which is already public.

_This confirmation comes after some security researchers raised concerns about how long it took to notify the victims, pointing out that the attackers had the data for nearly two months before it was disclosed_. _While Google hasn’t shared the specific email it sent out, it has stated that everyone impacted has been contacted_. The full extent of the breach is still under investigation, and the company has yet to release all the details.

[![specific email it sent out ](https://media.mailhop.org/duocircle/images/2025/08/spf-record-4322.jpg)](https://media.mailhop.org/duocircle/images/2025/08/spf-record-4322.jpg)

## New Flaws Expose Critical Security Gaps in TETRA Communications

[Security researchers at Midnight Blue](https://www.midnightblue.nl/research/2tetra2burst) have uncovered some [serious new flaws](https://www.blackhat.com/us-25/briefings/schedule/#2-cops-2-broadcasting-tetra-end-to-end-under-scrutiny-46143) in the TETRA radio protocol, which is a system used by police, military forces, and critical infrastructure operators around the world. These vulnerabilities, called “**2TETRA:2BURST**,” target the protocol’s [end-to-end encryption](https://www.techtarget.com/searchsecurity/definition/end-to-end-encryption-E2EE). They make it possible for attackers to replay messages, break in with brute force, inject their own malicious traffic, and even decrypt communications that are supposed to be secure. The issues are pretty deep, involving a weakened encryption algorithm and no protection against replaying voice or data messages.

The researchers warned that networks carrying data are especially at risk. Even though the European standards body, ETSI, notes that the encryption isn’t **part of its official standard**, fixes for these problems are limited. To make matters worse, related flaws were also found in [Sepura SC20 TETRA radios](https://www.midnightblue.nl/blog/sepura-device-vulnerabilities) that could let an attacker with physical access steal encryption keys. For now, there’s no evidence that hackers are actively using these flaws. However, experts are urging operators to switch to more secure encryption, disable the outdated TEA1 algorithm, and add protective layers like a VPN until things are patched up.

[![steal Encryption Keys with Physical Access](https://media.mailhop.org/duocircle/images/2025/08/spf-permerror-6701.jpg)](https://media.mailhop.org/duocircle/images/2025/08/spf-permerror-6701.jpg)

## WinRAR Zero-Day Exploited by Paper Werewolf and RomCom Groups

The team behind [WinRAR had fixed a significant security flaw](https://www.win-rar.com/singlenewsview.html?&L=0&tx%5Fttnews%5Btt%5Fnews%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5) that was already being used in live attacks. This vulnerability, found in versions before 7.13, let attackers run malicious code by tricking users with a specially crafted archive file. Security firm ESET discovered the bug, while another firm, BI.ZONE reported that a **Northeastern-linked group** called Paper Werewolf likely bought the exploit on the dark web. They used it in [phishing campaigns](https://www.malwarebytes.com/blog/news/2025/02/how-ai-was-used-in-an-advanced-phishing-campaign-targeting-gmail-users) to plant malware on victims’ systems, all while showing them harmless-looking decoy documents to avoid suspicion.

At the same time, the RomCom hacking group was also using the flaw as a [zero-day attack](/cybersecurity/zero-day-attack-prevention-effective-security-measures-to-protect-your-systems/) against financial, manufacturing, and defense companies in Europe and North America. Their method involved using malicious archives to install several backdoors, including **SnipBot and RustyClaw**. Although ESET found no proof of a successful breach, it shows how skilled the group is becoming. Coincidentally, [7-Zip also released](https://seclists.org/oss-sec/2025/q3/82) a patch for a similar issue that could allow hackers to write files and run code, particularly on Unix systems.

[![zero-day attack](https://media.mailhop.org/duocircle/images/2025/08/sender-policy-framework-4322.jpg)](https://media.mailhop.org/duocircle/images/2025/08/sender-policy-framework-4322.jpg)

## GreedyBear Steals Over $1 Million Through Malicious Browser Extensions

A huge new scam called [GreedyBear](https://blog.koi.security/greedy-bear-massive-crypto-wallet-attack-spans-across-multiple-vectors-3e8628831a05) has been found using over 150 fake Firefox extensions that pretend to be popular crypto wallets like **MetaMask and TronLink**. The attackers used a sneaky trick; they’d first publish a clean extension to get it approved and then push a malicious update later. This new code was designed to steal wallet credentials and IP addresses, sending everything back to a central server. This campaign is a bigger version of the earlier [Foxy Wallet scam](https://thehackernews.com/2025/07/over-40-malicious-firefox-extensions.html) and also spreads malware through pirated software sites. It looks like they’re now targeting Chrome users and might be using AI to create fake extensions even faster. Users trying to quickly convert funds, such as [usdt to usd](https://paybis.com/usdt-to-usd/), should be especially cautious and verify that their wallet extensions are legitimate before initiating any transactions.

At the same time, another scam has popped up involving what looks like an [Ethereum trading bot](https://www.sentinelone.com/labs/smart-contract-scams-ethereum-drainers-pose-as-trading-bots-to-steal-crypto/). It’s promoted with AI-generated YouTube videos on old accounts to seem legitimate, tricking people into setting up a [malicious smart contract](https://gbhackers.com/threat-actors-exploit-smart-contracts/#google%5Fvignette). _As soon as you put money into it, the contract sends your crypto straight to the scammers’ wallets. They’ve already made off with nearly $900,000 this year alone_. It just shows how even smaller groups can use AI and fake online buzz to build trust before pulling off major thefts.

## Topics

cyber securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 6m  Microsoft Cybersecurity Transparency, Chrome Update Required, Google Calendar Phishing, Cybersecurity News \[December 23, 2024\]  Jan 2, 2025 ](/blog/announcements/cyber-security-news-update-week-1-of-2025/)[  News 6m  Trust Wallet Hack, Browser Extension Espionage, Unleash Protocol Loss, Cybersecurity News \[December 29, 2025\]  Jan 5, 2026 ](/blog/announcements/cyber-security-news-update-week-1-of-2026/)[  News 7m  Bybit’s $1.5B Loss, FatalRAT Hits APAC, GitVenom Targets Wallets,, Cybersecurity News \[February 24, 2025\]  Mar 3, 2025 ](/blog/announcements/cyber-security-news-update-week-10-of-2025/)[  News 6m  LastPass Users Phished, Amazon Down US, UK Cybersecurity Boost, Cybersecurity News \[March 02, 2026\]  Mar 9, 2026 ](/blog/announcements/cyber-security-news-update-week-10-of-2026/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws , Cybersecurity News [August 11, 2025]","description":"Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws, Cybersecurity News [August 11.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2025/","datePublished":"2025-08-18T16:45:31.000Z","dateModified":"2026-01-16T11:35:29.000Z","dateCreated":"2025-08-18T16:45:31.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2025/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1049,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/08/spf-record-tester-5670.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws , Cybersecurity News [August 11, 2025]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2025/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws , Cybersecurity News [August 11, 2025]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2025/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws , Cybersecurity News [August 11, 2025]","description":"Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws, Cybersecurity News [August 11.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2025/","datePublished":"2025-08-18T16:45:31.000Z","dateModified":"2026-01-16T11:35:29.000Z","dateCreated":"2025-08-18T16:45:31.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-34-of-2025/"},"articleSection":"announcements","keywords":"cyber security, News, Security, Updates","wordCount":1049,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/08/spf-record-tester-5670.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```