Vaults Cracked, Exchange Unpatched, and GPT-5 Jailbroken

DEF CON & Black Hat drop zero-days while enterprise patching lags behind

August 13, 2025 

The original Microsoft Exchange Server launched in 1996. Nearly 30 years later, thousands of unpatched instances remain prime targets for attackers.

📬 This Week’s Clickables

  • 🚨 Major Breaches & IncidentsAir France/KLM, healthcare leak, Venice Film Festival hack, university breach
    🛡️ Emerging Threats & VulnerabilitiesU.S. court breach, OT economic risk, 29K unpatched Exchange servers
    🎯 Black Hat & DEF CON HighlightsVault zero-days, Dell firmware flaws, GPT-5 jailbreak
    🕵️ Privacy WatchCCPA opt-out evasion, women’s safety app leak
    🧭 Mitigation & Best PracticesKey steps for each risk

🚨 Major Breaches & Incidents

  • Air France & KLM Supply-Chain Breach
    A third-party contact center platform used by Air France and KLM was compromised, exposing customer names, loyalty program details, and contact information. The airlines confirmed no payment or passport data was involved, but affected passengers have been notified. Investigations are ongoing into whether the breach data has been sold or misused.
    👉 Takeaway: Third-party integrations can be a weak link—minimize vendor data access and enforce strict breach disclosure timelines.

  • Healthcare Data Leak Hits 485K Patients
    A U.S. cervical cancer screening program suffered a breach via its contracted laboratory partner, exposing personal and medical records for nearly half a million patients. Data exposed includes full names, birth dates, contact details, and screening results. This incident adds to the growing trend of healthcare vendors being targeted to reach sensitive health data.
    👉 Takeaway: Vet vendors handling PHI with HIPAA-grade security controls and mandate regular third-party audits.

  • Venice Film Festival Database Breach
    Attackers infiltrated the event’s registration database, stealing personal details for attendees and journalists—including tax codes, email addresses, and phone numbers. Some of the stolen data has reportedly appeared on dark web forums. Organizers have not confirmed the attack vector, but the breach raises questions about cultural event cybersecurity.
    👉 Takeaway: Event and media platforms should encrypt attendee databases and require MFA for all admin accounts.

🎯 Black Hat & DEF CON Highlights

  • HashiCorp Vault Zero-Days Expose Secrets
    Researchers disclosed nine critical vulnerabilities in HashiCorp Vault, including the platform’s first known remote code execution flaw. Attackers could exploit these bugs pre-authentication to steal or alter stored secrets. HashiCorp has released patches, but urges immediate rotation of all tokens and credentials.
    👉 Takeaway: Apply patches now, rotate all secrets, and audit access logs for unusual activity.

  • CyberArk Conjur Vulnerabilities Enable Root Access
    Five newly disclosed vulnerabilities in CyberArk Conjur could allow attackers to bypass authentication and gain root privileges in environments managing sensitive application credentials. The flaws were presented at Black Hat as part of a broader analysis of secret management tools.
    👉 Takeaway: Update to the latest Conjur release, monitor for unauthorized secret retrievals, and enforce role-based access control.

  • Dell ControlVault3 Firmware Flaws Persist Through Reinstalls
    Cisco Talos researchers identified five vulnerabilities in Dell’s ControlVault3 security chip that could allow persistent malware installation. Because the flaws reside in firmware, malicious implants can survive operating system reinstalls. Dell has issued firmware updates for affected models.
    👉 Takeaway: Apply firmware updates promptly and validate hardware integrity during forensic checks.

  • GPT-5 Jailbroken at DEF CON
    Security researchers demonstrated methods to bypass GPT-5’s built-in safety controls, enabling the model to produce malicious or disallowed outputs. The jailbreak was achieved through carefully crafted prompts and prompt-injection techniques. These findings highlight ongoing risks in generative AI deployment.
    👉 Takeaway: Limit sensitive AI usage to controlled environments, implement guardrails, and monitor for prompt injection abuse.

🕵️ Privacy Watch

  • Data Brokers Hide CCPA Opt-Out Pages
    An investigation found that over 30 U.S. data brokers were deliberately preventing their CCPA opt-out and data deletion pages from appearing in search results. This practice makes it harder for consumers to exercise their legal rights. Regulators have been alerted and may pursue enforcement action.
    👉 Takeaway: Include privacy compliance audits in vendor risk assessments and confirm opt-out process visibility.

  • Women’s Safety App ‘Tea’ Leaks 72K ID Images
    A breach in the “Tea” safety app exposed over 72,000 user ID images and thousands of additional personal photos. Lawsuits are already being filed, with plaintiffs alleging negligence in securing sensitive data. This incident raises concerns about privacy in apps targeting vulnerable demographics.
    👉 Takeaway: Apps handling sensitive images must use encryption-at-rest and undergo regular third-party security reviews.

AI native CRM for the next generation of teams

Powerful, flexible, and intuitive to use, Attio is the CRM for the next-generation of teams.

Sync your email and calendar, and Attio instantly builds your CRM—enriching every company, contact, and interaction with actionable insights in seconds.

Join fast growing teams like Flatfile, Replicate, Modal, and more.

🛡️ Emerging Risks & Warnings

  • U.S. Court System Breached
    The federal judiciary confirmed a breach of its CM/ECF and PACER systems, exposing sealed court records and confidential informant information. The intrusion’s timeline remains unclear, but officials are fast-tracking security upgrades and seeking emergency funding. Russia is suspected to be behind the attack.
    👉 Takeaway: Critical national systems require multi-layered authentication, continuous monitoring, and rapid breach detection capabilities.

  • OT Cyber Events Could Cost $330B Annually
    New research estimates that severe cyber incidents targeting operational technology (OT) could cost the global economy up to $330 billion each year. The report cites the increasing interconnection between IT and OT systems as a key driver of risk. High-impact industries include energy, manufacturing, and transportation.
    👉 Takeaway: Separate IT and OT networks, deploy OT-specific intrusion detection, and run regular recovery simulations.

  • Over 29,000 Exchange Servers Unpatched Against High-Severity Flaw
    Security researchers warn that more than 29,000 Microsoft Exchange servers remain vulnerable to CVE-2024-38063, a remote code execution flaw rated 8.8/10 in severity. Exploitation could allow full system takeover and data theft. The bug was disclosed weeks ago, yet patch adoption remains alarmingly low.
    👉 Takeaway: Patch Exchange servers immediately and review logs for indicators of compromise dating back to the vulnerability’s disclosure.

🧭 Mitigation & Best Practices

Vendor & Supply Chain Breaches (Air France/KLM, Healthcare, Venice Film Festival)

  • Limit the amount of sensitive data shared with third-party vendors.

  • Include contractual requirements for MFA, encryption, and breach notification timelines.

  • Conduct regular security audits on vendor systems and integrations.

Critical Infrastructure & National Systems (U.S. Court System, OT Risk)

  • Isolate OT networks from IT networks with strict firewall rules.

  • Implement continuous network monitoring with anomaly detection tuned for OT protocols.

  • Maintain offline backups of critical control system configurations and run recovery drills.

Patch Management Gaps (29K Unpatched Exchange Servers)

  • Prioritize patching for all internet-facing systems with known RCE vulnerabilities.

  • Automate vulnerability scanning to flag outdated builds and misconfigurations.

  • Review historical logs for IoCs back to the date of public disclosure.

Secrets Management Flaws (HashiCorp Vault, CyberArk Conjur)

  • Apply vendor patches immediately and rotate all stored secrets.

  • Enable logging for every secret retrieval and alert on anomalies.

  • Enforce least privilege access and review role assignments quarterly.

Firmware Persistence Threats (Dell ControlVault3)

  • Update firmware directly from OEM sources and confirm checksums before deployment.

  • Integrate hardware attestation into endpoint management platforms.

  • Include firmware-level threat hunting in forensic workflows.

AI Model Abuse (GPT-5 Jailbreak)

  • Restrict AI model access to sandboxed environments for sensitive tasks.

  • Monitor prompts and outputs for signs of jailbreak or prompt-injection attempts.

  • Layer external guardrails or content filters over model APIs.

Privacy Compliance (CCPA Opt-Out Evasion, Tea App Breach)

  • Audit vendor privacy compliance alongside security posture.

  • Confirm that all legal opt-out and deletion processes are easy to find and functional.

  • Encrypt sensitive personal images and restrict access to vetted staff only.

Thanks for reading this week’s edition. Like what you see? Forward it!

Hate everything you see or have other feedback? Reply back to this email!