Threat Landscape Briefing – August 2025

In this month’s briefing we explore:

Widespread Zero-Day Attacks on SharePoint (00:41)
- Microsoft SharePoint servers have been suffering from a significant cyberattack campaign since at least July 18, 2025, targeting a set of zero-day vulnerabilities.
- See how Info-Tech can help you: Improve Organizational Resilience With a Tabletop Program.
Useful Browser Extension … or Sleeper Agent Spyware? (06:13)
- A series of browser extensions that, despite setting a years-long reputation of being useful, safe, and benign, have each slowly started to deploy malicious code.
- Explore Info-Tech’s guidance: Create a Zero Trust Implementation Plan.
Indirect Prompt Injection Attack on Google Gemini for Workspace (13:19)
- A novel prompt-injection vulnerability that targets Google Gemini for Workspace has been uncovered in the wild.
- See Info-Tech's Improve Email Security research.
Opossum Attack – Application Layer Desynchronization (19:49)
- The Opossum attack is a cross-protocol application layer desynchronization attack that targets TLS-based protocols.
- Get some insights: Implement Risk-Based Vulnerability Management.

Schedule Analyst Call

Downloads

Featured Speakers

Fred Chagnon

Principal Research Director

Read Bio

Kate Wood

AVP

Read Bio

Carlos Rivera

Principal Research Advisor, Security & Privacy

Read Bio

Visit our IT’s Moment: A Technology-First Solution for Uncertain Times Resource Center
Over 100 analysts waiting to take your call right now: +1 (703) 340 1171