AI Security Weekly Start of Week Brief

Monday, August 11, 2025

Author

Andres Guillen
August 11, 2025

Editor’s note — I curate primary sources (advisories, CVEs, IR blogs, MSP reports) and translate them into decisions and playbooks: automated checks and community feedback on technical accuracy. Sources are linked below. If you spot a miss, reply with a reference and I’ll credit the correction.

Monitor today

  • CISA Emergency Directive 25-02 deadlines: mitigations due 9:00 AM ET; reporting due 5:00 PM ET (today).

Focus

  • Critical vulnerability patching in hybrid environments (Exchange, Apex One) and AI inference stacks (NVIDIA Triton).

Opportunity

  • Rapid advances in AI-powered defense align with the EU AI Act's general‑purpose AI (GPAI) obligations now in force (Aug 2).

🔴 Priority Alerts

1) CISA ED 25‑02 — Microsoft Exchange hybrid

What happened — CISA issued Emergency Directive 25‑02 in response to CVE‑2025‑53786 affecting Microsoft Exchange hybrid configurations. Agencies must: assess environments; disconnect ineligible/EOL servers; apply the April 2025 Hotfix Updates; transition to the dedicated Exchange Hybrid app in Entra ID; and report status by 5:00 PM ET today.

Why it matters — Post‑auth attackers with admin rights on on‑prem Exchange can escalate into Exchange Online, impacting mail flow, identity, and tenant‑wide compromise.

Actions (≤48h)

  • Run HealthChecker; patch to the latest CU + April 2025 HUs.

  • Replace the shared service principal with the dedicated Hybrid app and rotate key credentials.

  • Monitor logs for anomalous hybrid activity and review service principals.

Role guidance

  • MSP: Treat as a cross‑tenant identity incident. Verify service principals, rotate credentials/keys, and confirm Hybrid app migration—document in tickets.

  • CISO: Confirm exposure; ensure emergency change window and board‑ready note (blast radius, compensating controls, ETA).

  • Engineer: Validate Exchange Hybrid configuration; confirm Entra ID app migration and token/key rotations.

Sources — CISA ED 25‑02 • Microsoft TechCommunity (April 2025 HUs)

2) Trend Micro Apex One (on‑prem) — pre‑auth RCE under active exploitation

What happened — Two pre‑auth command‑injection RCEs (CVE‑2025‑54948, CVE‑2025‑54987, CVSS 9.4) are being exploited against the Apex One Management Console. Trend Micro released a temporary mitigation tool, FixTool_Aug2025.exe; some console functions are limited until the mid-August critical patch.

Why it matters — Pre‑auth RCE on the endpoint security controller enables lateral movement and agent tampering.

Actions (≤48h)

  • Apply FixTool_Aug2025.exe immediately.

  • Restrict console access (VPN/IP allowlists); remove external exposure.

  • Hunt for unusual admin actions and agent tampering.

  • Stage the critical patch for release and plan maintenance.

Role guidance

  • MSP: Lock down exposure, deploy fix tool, communicate limitations to stakeholders.

  • CISO: Validate internet‑exposed consoles; require exception tracking if patch deferred.

  • Engineer: Snapshot configs; test/roll out mitigation; prepare rollback.

Sources — Trend Micro advisory • BleepingComputer/Tenable coverage

3) NVIDIA Triton inference server — vulnerability chain (update to v25.07 now)

What happened — Wiz disclosed a chain of flaws in Triton’s Python backend (CVE‑2025‑23319/23320/23334) that can be combined for unauthenticated RCE on AI inference servers. NVIDIA shipped fixes in 25.07.

Why it matters — Exploitation risks model theft, data manipulation, and an attacker's foothold in AI pipelines.

Actions (≤48h)

  • Patch Triton to 25.07.

  • Rotate API tokens/credentials used by inference services.

  • Add WAF/ingress constraints; enable request size/shape limits.

  • Review egress from Triton hosts; restrict where possible.

Role guidance

  • MSP: Inventory client Triton deployments, validate version, and document patch status.

  • CISO: Re‑classify inference clusters as Tier‑0; add them to vulnerability SLAs.

  • Engineer: Apply patch, validate model serving, and test for regressions.

Sources — NVIDIA bulletin • Wiz research

4) WinRAR zero‑day (CVE‑2025‑8088) exploited by RomCom

What happened — ESET reported active exploitation of a path‑traversal bug enabling malicious files to be placed in Windows startup locations via crafted archives; WinRAR 7.13 fixes it (manual update required).

Why it matters — Common user tooling + social engineering = stealthy persistence at scale.

Actions (≤48h)

  • Update WinRAR to 7.13; prefer centrally managed archive tools.

  • Block unapproved archivers via application control.

  • Add detections for autorun creation from archive extractions; refresh phishing comms.

Sources — ESET research • NVD/Help Net Security

5) IBM 2025 breach report — the AI governance gap is widening

What happened — IBM/Ponemon reports global average breach cost fell 9% to $4.44M, tied to faster detection/containment, while 63% of orgs lack AI governance and 13% reported AI‑related incidents.

Why it matters — Shadow AI and weak access controls are driving avoidable risk as AI usage expands.

Actions (≤48h)

  • Add AI risk questions to intake; require AI access‑control reviews.

  • Publish a 1‑pager “AI Use & Data Handling” for end‑users.

  • Package AI governance as a managed service offering.

Sources — IBM report + explainer

Week Ahead

  • Mon (today): CISA ED 25‑02 mitigation deadline 9:00 AM ET; reporting 5:00 PM ET.

  • Tue (Aug 12): Microsoft Patch Tuesday — plan pilot rings and emergency change windows.

  • Post‑event: Black Hat USA 2025 concluded Aug 7 — expect vendor patches, advisories, and decks to drop all week.

  • Ongoing: EU AI Act GPAI obligations in effect (Aug 2) — confirm model providers and documentation for EU‑exposed clients.

Priorities — Exchange hybrid remediation, Apex One mitigations, Triton patching. Ship an AI governance mini‑policy to every client.

Subscribe → https://aisecurityweekly.beehiiv.com/subscribe

Masthead

  • Editor: Andres Guillen (GTM)

  • Technical review: automated lint + guest SMEs (credit in next issue)

Sources/verification

  • CISA ED 25‑02 — directive + 9:00 AM / 5:00 PM ET deadlines and required actions.

  • Microsoft — April 2025 Hotfix Updates; Dedicated Exchange Hybrid App migration.

  • Trend Micro — Apex One advisory, FixTool_Aug2025.exe, active exploitation; mid‑Aug patch.

  • NVIDIA / Wiz — Triton security bulletin (update to 25.07) + research write‑ups.

  • WinRAR — CVE‑2025‑8088; ESET research; NVD; industry coverage.

  • EU AI Act — GPAI obligations start Aug 2, 2025.

  • IBM — 2025 Cost of a Data Breach headline metrics; AI governance gap.

Verification checklist before send: confirm ED number/wording, all CVE IDs, WinRAR version (7.13), NVIDIA Triton version (25.07), Trend Micro file name (FixTool_Aug2025.exe) and patch timing, IBM figures. Replace general source labels with direct links in the published version.

Andres Guillen

#Cybersecurity #AIsecurity #MSP #VulnerabilityManagement