The Essential Cybersecurity & Threat Intelligence Report: Docker, Git & Cloud Threats

29.08.2025

Critical Weekly Cybersecurity & Threat Intelligence – August 29,

The Critical Weekly Cybersecurity & Threat Intelligence Report for August 28, 2025, delivers the latest updates shaping the security operations center (SOC) landscape.

This week, we examine a critical Docker SSRF flaw, an actively exploited Git vulnerability, a high-profile Nissan data breach linked to the Qilin ransomware gang, and the evolving tactics of Storm-0501 threat actors targeting cloud environments.

For SOC teams and security analysts, these developments highlight the urgent need for a proactive cybersecurity strategy that combines network detection and response (NDR), endpoint detection and response (EDR), and behavioural analytics to detect threats and minimize risk.

Our goal is to help organizations strengthen their security monitoring and SOC management capabilities, reduce false positives, and respond effectively to advanced persistent threats (APTs) and other suspicious activities.

Whether you’re managing sensitive data, monitoring network activity, or fine-tuning SOC management tools, this report provides actionable intelligence to support your detection and response efforts and improve your organization’s resilience.

Critical Docker Flaw Allows Host Hijacking (CVE-2025-9074)

A severe flaw in Docker Desktop for Windows and macOS allows attackers to gain control of the host system.

Severity: CVSS 9.3
Risk: Unauthorized access, privilege escalation, and potential sensitive data theft
Action: Update to the latest Docker release immediately

This vulnerability underscores the importance of network detection and response (NDR) and endpoint detection and response (EDR) tools in security operations centres (SOCs). These solutions help detect suspicious activities early and prevent deeper compromise.

Read Docker’s Security Advisory →

Qilin Ransomware Breach Targets Nissan Subsidiary

The Qilin ransomware group claims to have stolen 4 TB of sensitive data from Creative Box Inc. (CBI), a Nissan subsidiary. Stolen data reportedly includes:

3D vehicle design models
Internal reports and financial documents
VR workflows and photos

Qilin has listed CBI on its dark web extortion portal, threatening to leak stolen data unless ransom demands are met. Nissan confirmed that only CBI systems were impacted, but the incident raises concerns about supply chain security.

For SOC management teams, this event highlights the value of behavioural analytics and advanced security monitoring to detect and stop threat actors before a full-scale data breach occurs.

Git Exploit Actively Used by Threat Actors (CVE-2025-48384)

CISA warns of active exploitation of a Git vulnerability that allows arbitrary code execution.

Severity: High (CVSS 8.0)
Impact: Git, GitHub, GitLab, BitBucket, and related open source platforms
Action: Upgrade to patched versions (v2.43.7–v2.50.1) or avoid cloning untrusted repositories

Including Git in your cybersecurity strategy ensures your development pipeline is resilient to advanced persistent threats (APTs) exploiting this weakness.

See CISA’s Advisory →

Storm-0501 Ransomware Hits Cloud Environments

The Storm-0501 threat actor is now exploiting cloud environments for ransomware campaigns.

Their tactics include:

Compromising sync accounts for global admin privileges
Disabling security defences and deleting backups
Encrypting cloud storage
Delivering ransom demands via compromised Teams accounts

This approach bypasses many traditional security solutions. SOC teams need network activity monitoring, behavioural analytics, and advanced detection and response tools to detect these suspicious activities and minimize impact.

Read Microsoft’s Threat Report →

Analyst Insights & Key Takeaways

This week’s developments emphasize three critical priorities for security analysts and SOC teams:

Accelerate patch management
Rapid patching prevents attackers from exploiting vulnerabilities like Docker and Git flaws.
Secure your supply chain
The Nissan breach reinforces the need for third-party risk assessments and vendor monitoring.
Evolve your SOC strategy
The Storm-0501 campaign highlights the importance of integrating EDR, NDR, and behavioural analytics into your SOC management tools to detect and stop evolving threats in cloud environments.

A proactive cybersecurity strategy combining security monitoring with modern detection and response capabilities allows organizations to detect threats faster, reduce false positives, and strengthen defences against advanced persistent threats (APTs).

Explore Telesoft’s security monitoring solutions, built to help SOC teams detect threats in real-time, improve visibility into cloud environments, and stay ahead of advanced persistent threats (APTs).

Book a Demo Today →

Go Back

Blog & News

Stay up to date the latest news and developments.

Telesoft | The Essential Weekly Cyber Security & Threat Intelligence Report: France Travail Fine, SoundCloud Breach, Ivanti Zero-Days & Telnet Exposure

13 February 2026

The Essential Weekly Cyber Security & Threat Intelligence Report: France Travail Fine, SoundCloud Breach, Ivanti Zero-Days & Telnet Exposure

This week in cyber security, attacks are increasingly driven by identity abuse, exposed services, and delayed patching, rather than complex...

09 February 2026

Defending Forward: Turning Encrypted Traffic into Actionable Intelligence for Critical Infrastructure

How high-speed network fingerprinting restores visibility into encrypted traffic—without decryption—so critical infrastructure teams can act with confidence For organisations that...

29 January 2026

Top 5 Benefits of Managed SOC Services for Critical Organisations

Transforming Security Complexity into Clear, Actionable Defence In a world where threats move at machine speed, security teams are expected...

27 January 2026

Investing in the Future of Secure Communications: How Telesoft Prioritises R&D Over Marketing Hype

From a Shed to Global Security Every company has a story. Ours began 36 years ago in a small shed...

27 January 2026

The Essential Cyber Security & Threat Intelligence Report: Exploitation of Trust, Identity, and Weak Defaults

Executive Summary This months threat activity reinforces a consistent trend across the cyber landscape: attackers are prioritising trust abuse, credential...

31 December 2025

2025 Cyber Threat Landscape Wrap-Up: A 12-Month Overview of Cyber Threats

Executive Overview As organisations close out 2025, understanding how cyber threats evolved over the past year is critical for shaping...

10 December 2025

The Essential Weekly Cyber Security & Threat Intelligence Report: Exploits, Breaches & Fraud

This week’s cyber landscape was dominated by large-scale data breaches, active exploitation of enterprise systems, sophisticated phishing campaigns, and unprecedented...

29 December 2025

The Biggest Oil & Gas Cybersecurity Risk in 2026 — and How CISOs Can Protect IT, OT and Critical Infrastructure

A CISO’s Guide to Oil & Gas Cybersecurity: Protecting IT, OT and Critical Infrastructure from Modern Cyber Threats The oil...

26 November 2025

See Sovereign National-Scale Cyber Defence in Action — Meet Telesoft Technologies & ATCO at Black Hat MEA 2025

Experience live demonstrations of our multi-100Gbps cybersecurity platform and speak directly with our analysts about your operational needs. Telesoft Technologies,...

Telesoft | The Essential Weekly Cyber Security & Threat Intelligence Report: Triofox Exploitation, Microsoft Zero-Day, runC Container Escapes & Global Infrastructure Disruptions

21 November 2025

The Essential Weekly Cyber Security & Threat Intelligence Report: Triofox Exploitation, Microsoft Zero-Day, runC Container Escapes & Global Infrastructure Disruptions

AI-Powered Network Security: Critical Vulnerabilities, Infrastructure Disruptions, and Evolving Malware Capabilities As cyber security threats accelerate across cloud, endpoint, network,...

29 January 2026

How Optus Modernised Its IVR with Ericsson CRIMSON IVR and Telesoft’s vARNE Platform

As the telecom industry accelerates toward virtualisation, automation, and secure digital experiences, leading operators are replacing legacy voice platforms with...

20 November 2025

Telecom Network Security in 2025: Confronting Ultra-Scale Threats in a Hyperconnected World

Network Security at the Heart of Telecom’s Next Transformation The telecom industry is no stranger to rapid change. Every few...

Telesoft | The Essential Weekly Cyber Security & Threat Intelligence Report: Ransomware Attacks, Data Breaches & Remote Access Exploitation Trends

10 November 2025

The Essential Weekly Cyber Security & Threat Intelligence Report: Ransomware Attacks, Data Breaches & Remote Access Exploitation Trends

Ransomware Attack on Miljödata Exposes Personal Data of 1.5 Million Swedish Citizens Category: Data Breach | Public Sector | Ransomware...

30 October 2025

The Essential Weekly Cyber Security and Threat Intelligence Report: Espionage Tooling, SIMCARTEL Takedown, and GDPR Enforcement

This Week in Cyber: Network Detection and Response in Focus From Espionage Tooling to Data Privacy Enforcement — The Expanding...

20 November 2025

Control Is the New Currency in Financial Cyber Security

Why Financial Leaders Are Reassessing the Balance Between AI, Automation, and Governance The Financial Sector’s Cyber Reality Check In the...

Telesoft | The Essential Weekly Cyber Security & Threat Intelligence Report: AI-Powered Defence in Action: Emergency Patches, Ransomware Strikes, and Credential-Based Exploits

22 October 2025

The Essential Weekly Cyber Security & Threat Intelligence Report: AI-Powered Defence in Action: Emergency Patches, Ransomware Strikes, and Credential-Based Exploits

AI-Powered Network & Cyber Security: Emergency Patches, Ransomware, and Credential-Based Exploits As cyber threats accelerate in speed, scale, and sophistication,...