AI technology is changing the patterns of cyber attacks. Cybersecurity company ESET has announced the detection of the world’s first AI-driven ransomware “PromptLock,” which utilizes the Ollama API to locally invoke OpenAI’s gpt-oss:20b model, generating and executing malicious Lua scripts in real-time to bypass traditional antivirus signature detection methods. Another security company, Kaspersky, has also reported that cybercriminals are leveraging AI technology combined with deepfake techniques to conduct high-level social engineering attacks. The involvement of AI makes the content of these phishing emails strikingly similar to genuine communications, making it difficult for victims to assess their authenticity, significantly increasing the likelihood of falling victim.

Statistics on Security Complaints from CCERT from July 2025 to August 2025
Recent Critical Vulnerability Reviews
01
Microsoft’s routine security update for August 2025 includes a total of 111 security vulnerabilities in Microsoft products, of which 17 are critical, 91 are important, and 3 are of moderate severity. Given the risks posed by these vulnerabilities, users are advised to promptly use the system’s built-in update feature for security updates. The following vulnerabilities require special attention:
Azure OpenAI Information Disclosure Vulnerability (CVE-2025-53767). A serious information disclosure vulnerability exists in the Azure OpenAI service. Users with this service enabled are advised to upgrade as soon as possible.
Microsoft Graphics Component Remote Code Execution Vulnerability (CVE-2025-50165). This vulnerability arises from a flaw in the graphics component when handling untrusted pointer reference cancellation operations, potentially allowing attackers to hijack the control flow. Attackers who successfully exploit this vulnerability can execute arbitrary code remotely without user interaction.
Windows GDI+ Heap Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-53766). Remote attackers can lure users into accessing malicious images, embedded documents, or web content, and users are advised to install the corresponding patches as soon as possible.
Windows NTLM Authentication Improper Privilege Escalation Vulnerability (CVE-2025-53778). Attackers with a certain network position or low-privilege account can obtain SYSTEM privileges through session relay, response forgery, or message replay, achieving privilege escalation.
Windows Explorer Spoofing Vulnerability (CVE-2025-50154). The attack code for this vulnerability has been published, and users should promptly install patches to prevent related attacks.
02
WinRAR is one of the most widely used compression software on the internet, and a critical security vulnerability (CVE-2025-8088) has recently been disclosed in earlier versions of the software (<7.13). This vulnerability has already been exploited for cyber attacks. Users of this software are advised to check the version of WinRAR on their systems and upgrade as soon as possible.
03
Docker Desktop is a container application favored by developers. A privilege escalation vulnerability (CVE-2025-9074) has been discovered in the Windows and MacOS versions of Docker Desktop. The vendor has patched this vulnerability in Docker Desktop version 4.44.3, and relevant users are advised to upgrade their versions promptly.
04
Recently, Apple pushed an emergency update to fix an out-of-bounds write vulnerability (CVE-2025-43300) in the Image I/O framework. This vulnerability affects all of Apple’s operating systems (MacOS, iOS, iPadOS), allowing attackers to construct special image files that cause programs to write data outside of memory buffers, potentially leading to system crashes, data corruption, or even remote execution of malicious code. This vulnerability has already been observed in the wild, and Apple users are advised to update as soon as possible.
Security Advisory
The HTTP/2 protocol has defects in multiple implementations that can be exploited to launch denial-of-service attacks. This vulnerability (CVE-2025-8671) has been named “Made YouReset.” The vulnerability arises from a mismatch between the HTTP/2 protocol specification and server implementations. When an attacker sends a malicious RST_STREAM control frame to reset a data stream, the protocol layer immediately releases stream resources and stops counting, but the server backend continues to process these “terminated” requests, leading to a single attack source maintaining a persistent “reset stream,” forcing the server to handle an excessive number of active requests beyond its design capacity, ultimately resulting in high CPU load or memory exhaustion denial of service.
Since HTTP/2 is a general-purpose protocol, this vulnerability may affect service components using HTTP/2 (such as Apache Tomcat, Netty, Jetty, etc.). Many vendors have released patches or security advisories for MadeYouReset, and administrators are advised to stay updated on relevant updates and upgrade promptly. Additionally, the following measures can be taken to mitigate risks: 1. Limit the number or rate of RST_STREAM frames sent by the server; 2. Audit backend processing mismatches in HTTP/2 implementations; 3. Refer to the technical documentation described by the vulnerability reporter for additional mitigation measures.
Source: “China Education Network” August 2025 issue
Author: Zheng Xianwei (Emergency Response Team of China Education and Research Network)
Editor: Chen Qian
For submissions or collaborations, please contact: [email protected]
Previous Recommendations
Security Observations on Educational Networks: Universities Must Guard Against AI Leaks of Internal Information
Security Observations on Educational Networks: Universities Must Establish Security Linkage Mechanisms with Supply Chain Vendors
Follow Us for More Information ↓
More Exciting Video Recommendations


Welcome to share, like, and view
Active comments may also lead to surprise gifts~
