Trending Topics Cybersecurity – August 2025

August 2025 once again highlighted how vulnerable the digital infrastructure of public institutions in Europe is. A massive cyber incident in Sweden paralyzed the systems of hundreds of municipalities and forced schools and universities to improvise. The attack on a central IT service provider is strongly reminiscent of the serious ransomware attack at Südwestfalen-IT on October 30, 2023, where a single attack also led to widespread and extensive outages that resulted in lengthy recovery work. Central IT service providers are an attractive target for criminals - if they are hit, the effects quickly spread to numerous areas.

DDoS wave hits German cities

In Germany, meanwhile, a series of targeted DDoS attacks caused city portals and public institution websites to go down. Among others, the online presence of the cities of Freiburg and Trier as well as several websites of state parliamentary groups in Saxony-Anhalt and the state portal of Saxony-Anhalt were affected by overload attacks.

The ongoing critical DDoS threat situation is partly fueled by the widespread availability of cybercrime-as-a-service services, which criminals can use to book attacks on any target domain for just a few US dollars. The attack infrastructure behind such services is usually formed by extensive botnets such as the recently dismantled Rapper botnet. This IoT-based botnet alone is said to have been responsible for over 370,000 DDoS attacks in 80 countries.

The Top IT Security Topics in August:

“MadeYouReset”: New DDoS attack technique discovered

Security researchers have discovered a critical vulnerability (CVE-2025-8671) in HTTP/2 that allows attackers to overload web servers with relatively little effort using a DDoS attack. Numerous common HTTP/2 implementations are vulnerable to the new attack technique called “MadeYouReset.” This is not only similar in name to the RapidReset attack vector known since summer 2023, which also enables enormously powerful attacks with manageable resource expenditure.

Cyber actor Salt Typhoon targets telecommunications infrastructure

The BSI, together with international partners including the NSA, CISA, and FBI, has published a security advisory on the activities of the cyber actor Salt Typhoon. This APT actor specializes in attacks in the telecommunications sector. Although the BSI is not aware of any successful attacks in Germany, preventive measures are recommended to secure networks and detect precisely possible attacks.

AI ransomware “PromptLock” independently generates malicious code on infected systems

Security researchers have identified the first AI-driven ransomware that uses a locally installed language model to independently create scripts during the attack. The malware, called “PromptLock,” flexibly adapts its approach and can encrypt, spy on, or permanently delete data. What makes it unique is that all attack scripts are generated locally and there is no connection to external servers. Security researchers see “PromptLock” as a new threat, as such attacks are much more difficult to detect.

Cyberattack in Sweden: Systems of hundreds of municipalities affected

In Sweden, a cyberattack on an IT service provider has crippled the systems of hundreds of municipalities, causing significant disruption to public administration – schools and universities are also affected. The exact impact and source of the attack are still unclear, and authorities are working to restore the systems.

Cyberattack on BüchnerBarella: Insurance broker struggles with system failures

In mid-August, industrial insurance broker BüchnerBarella fell victim to a targeted cyberattack. To protect its IT infrastructure, the company shut down all affected systems and was temporarily only available by telephone. It is still unclear whether customer data has been compromised – forensic investigations are ongoing.

Cyberattack on the city of Freiburg

The website of the city of Freiburg was temporarily paralyzed by targeted DDoS attacks. At the end of July, the city in Breisgau, along with around 30 other municipalities and districts, had already been affected by similar attacks. A pro-Russian group was suspected to be behind them. It is not yet known who is behind the renewed attacks on the Freiburg city portal.

Cyberattack on Ameos: Hospital group affected by data theft

The Ameos hospital group was the victim of a cyberattack in which some personal data was stolen. Further details on the impact and extent of the data theft are not currently known, but those affected will be informed about the data breach. According to news reports, emergency services had to be redirected to other hospitals as a result of the incident.

Data leak in the Canadian House of Commons

The Canadian House of Commons is currently investigating a data leak in which employee information was stolen in a cyberattack. The attackers apparently exploited a recently discovered Microsoft vulnerability to gain access to a database. In doing so, they captured sensitive information about the administration of the House of Commons' computers and mobile devices, as well as non-public employee data such as names, job titles, office plans, and email addresses.

Saxony-Anhalt: Wave of DDoS attacks cripples state parliamentary group websites

Several websites of state parliamentary groups in Saxony-Anhalt were crippled by DDoS attacks in August, and the Saxony-Anhalt state portal was also affected. In July, ministry websites had already been the target of similar attacks, which are believed to have originated from pro-Russian groups. Politicians therefore classify them as a direct “attack on political decision-making, freedom of expression, and the integrity of democratic institutions.”

Netherlands: Speed cameras down due to cyberattack

A cyberattack on the Dutch public prosecutor's office systems has disrupted stationary and mobile speed measurement surveillance systems in the Netherlands. The speed cameras were apparently not hacked, but shut down for security reasons. Route monitoring systems are also said to be affected by the outage.

Cybercriminals sell ID data of 70,000 Italian vacationers on the darknet

Attackers have penetrated the booking systems of numerous Italian hotels and stolen around 70,000 digital copies of ID documents. The data is now being offered for sale on the darknet at prices ranging from 800 to 10,000 euros – guests at upscale hotels in cities such as Venice, Trieste, Capri, and even Mallorca are affected. The ID cards were mostly scanned at check-in. The Italian authorities are continuing their investigations, and the data protection supervisory authority has also been notified.

DDoS botnet “Rapper Bot” shut down

A 22-year-old man from Oregon has been charged with operating the extremely powerful “Rapper Bot” botnet, which is responsible for over 370,000 DDoS attacks in 80 countries. The IoT-based botnet, which consisted of tens of thousands of hijacked devices, was used as a rental service for cyberattacks and could reach peaks of over 6 Tbit/s. Its shutdown by the authorities eliminated one of the most important sources of large-scale attacks on businesses and government institutions.

Blow against cybercrime in Africa: over 1,200 arrests

As part of “Operation Serengeti 2.0,” coordinated by Interpol, investigative authorities from 18 African countries successfully cracked down on cybercrime between June and August. A total of 1,209 suspects were arrested, around US$100 million was seized, and almost 12,000 criminal digital infrastructures were dismantled. German citizens were also affected by the attacks, particularly by scams such as fake inheritances and online fraud.

Brandenburg pushes ahead with NIS 2 implementation

The state government of Brandenburg is working on a binding statewide cyber security strategy based on the new NIS 2 implementation regulation, which for the first time defines clear responsibilities. According to a response from the state government to a minor interpellation, personnel structures have also been strengthened and cooperation with the federal government, industry, and operators of critical infrastructures has been expanded.

Myra blocks AI-based bots at the touch of a button

AI-based bots and crawlers search the internet to extract content that is used to train large language models (LLMs). With Myra, you can specifically block automated requests from LLM crawlers and effectively prevent unwanted spying on your website.

Case study: DKB relies on holistic security solutions

Deutsche Kreditbank (DKB) protects its digital infrastructure with security solutions from Myra Security. This enables the bank to not only guarantee a stable and high-performance platform for millions of customers, but also to comply with the most stringent regulatory requirements.