Major Incidents or Breaches

  • Qantas confirmed a data breach affecting 5.7 million customers, with threat actors exfiltrating customer data.
  • Bitcoin Depot reported a data breach impacting nearly 27,000 cryptocurrency users, exposing sensitive customer information.
  • Ingram Micro is restoring operations after a ransomware attack by the SafePay group, which disrupted systems and business services.
  • McDonald’s AI hiring platform, operated by Paradox.ai, exposed the personal information of tens of millions of job applicants due to basic security flaws, including the use of the password ‘123456’.
  • Nippon Steel Solutions disclosed a data breach following exploitation of a zero-day vulnerability in network equipment.
  • Nova Scotia Power, a Canadian electric utility, reported disruption of power meters and a data breach affecting individuals in both Canada and the United States.
  • Researchers identified millions of users being spied on via malicious browser extensions available in the Chrome and Edge web stores.

Newly Discovered Vulnerabilities

  • Microsoft released patches for 130 vulnerabilities, including critical flaws in SPNEGO and SQL Server. One of the patched vulnerabilities was publicly known prior to remediation.
  • A new vulnerability in ServiceNow, dubbed “Count(er) Strike,” allows low-privileged users to enumerate and extract restricted data from tables they should not access.
  • Multiple severe vulnerabilities remain unpatched in Ruckus Wireless management products, allowing attackers to fully compromise managed network environments.
  • A container escape vulnerability in the NVIDIA Container Toolkit could allow attackers to access AI datasets across Kubernetes tenants.
  • Ivanti, Fortinet, and Splunk released security updates addressing critical and high-severity vulnerabilities in their respective products.
  • Siemens, Schneider Electric, and Phoenix Contact issued July 2025 ICS Patch Tuesday advisories, addressing vulnerabilities in industrial control systems.

Notable Threat Actor Activity

  • The Initial Access Broker (IAB) Gold Melody has been linked to campaigns exploiting leaked ASP.NET machine keys to gain unauthorized access to organizations and sell that access.
  • APT group DoNot, with suspected ties to India, expanded operations targeting European foreign ministries using the LoptikMod malware for data harvesting.
  • The U.S. Department of the Treasury sanctioned a North Korean hacker affiliated with the Andariel group for involvement in remote IT worker schemes and malware campaigns.
  • Xu Zewei, a Chinese national, was arrested in Milan for alleged involvement with the Silk Typhoon state-sponsored group and cyberattacks against U.S. organizations.
  • Researchers reported a North American APT exploiting a Microsoft Exchange zero-day to target a Chinese entity.
  • The SatanLock ransomware group has shut down its operations but plans to leak additional files stolen from victims.

Trends, Tools, or Tactics of Interest

  • Attackers are bypassing legacy MFA solutions using real-time phishing and fake websites, highlighting the limitations of traditional authenticator apps.
  • A proof-of-concept AI malware using reinforcement learning was demonstrated to reliably evade Microsoft Defender.
  • Deepfake technology was used to impersonate a government official, successfully deceiving diplomats and politicians, exemplifying the growing national security threat from AI-generated impersonations.
  • Malicious browser extensions continue to be distributed via official Chrome and Edge stores, enabling large-scale user surveillance.
  • The open-source bot blocker “Anubis” was introduced to prevent AI scrapers from accessing website content using a proof-of-work firewall.
  • SSH tunneling and direct-tcp requests were highlighted as active techniques for covert network access.
  • Security automation platforms like Tines are offering extensive libraries of pre-built workflows for ticketing, device identification, and threat triage.

Regulatory or Policy Developments Affecting the Security Industry

  • The U.S. Department of the Treasury’s OFAC imposed sanctions on a North Korean cyber actor for their role in IT worker schemes supporting the Andariel group.
  • Microsoft confirmed a widespread issue with Windows Server Update Services (WSUS) preventing synchronization and deployment of Windows updates.
  • Microsoft announced that Windows 10 Extended Security Updates (ESU) will be available for consumers and businesses post-October 2025, with varying pricing models.
  • Microsoft Authenticator on iOS will transition backups to iCloud, removing the requirement for a Microsoft personal account.
  • Google disclosed further details on Android’s Advanced Protection for Chrome, emphasizing enhanced security measures.
  • Samsung announced new security features for Galaxy smartphones, including on-device AI protections, cross-device threat detection, and quantum-resistant encryption for network security.