In today’s rapidly evolving digital landscape, the frequency and complexity of cyberattacks are increasing, making it crucial to stay informed about emerging threats. Our weekly newsletter serves as a vital resource, offering an overview of pertinent cybersecurity developments, expert analysis, and actionable recommendations.
This issue covers recent cyber incidents, newly identified vulnerabilities, and key legislative updates affecting organizations globally. We focus on sophisticated phishing attempts, the rise of ransomware, and security flaws impacting cloud infrastructures and IoT devices.
Our goal is to empower you to identify potential threats early and enhance your organization’s security posture. Expect regular highlights of emerging risks, recommendations for advanced security tools, and insights into cutting-edge technologies.
Thank you for trusting us as your cybersecurity information source. We encourage your engagement in discussing challenges and connecting with a community dedicated to strengthening our digital environment. Stay vigilant and informed—proactive awareness is essential for defending against online threats.
Threats
1. NightEagle APT Targets China’s High-Tech Sectors
A sophisticated APT group, NightEagle (APT-Q-95), has been exploiting unknown Exchange vulnerabilities since 2023 to target China’s critical technology sectors, including AI, quantum technology, semiconductors, and military industries. Using adaptive malware and memory-resident techniques, they’ve managed to steal sensitive intelligence for nearly a year. Their operations, active from 9 PM to 6 AM Beijing time, suggest a Western origin, likely North America. Read More
2. Threat Actors Exploit Signed Drivers for Kernel-Level Attacks
Cybercriminals are abusing Microsoft’s Windows Hardware Compatibility Program to sign malicious kernel drivers, bypassing security defenses. Over 620 drivers have been compromised since 2020, with a peak in 2022. This underground market for code-signing certificates, often tied to Chinese threat actors, poses a severe risk to system integrity. Read More
3. BladeDFeline Malware Attack
Details on the BladeDFeline malware attack are currently limited due to inaccessible content. We will provide updates as more information becomes available. Read More
4. NordDragonScan Targets Windows Users
A high-severity campaign involving NordDragonScan infostealer is targeting Microsoft Windows users. Distributed via malicious HTA scripts and RAR archives, it harvests browser profiles, documents, and screenshots, sending data to a command-and-control server. This threat underscores the need for robust endpoint protection. Read More
5. Ingram Micro Hit by Ransomware Attack
Global IT distributor Ingram Micro suffered a ransomware attack over the July 4 weekend, attributed to the SafePay group. The incident disrupted ordering systems and the MS Xvantage platform across multiple regions. While operations are mostly restored, it highlights vulnerabilities in digital supply chains. Read More
6. Weaponized Chrome Extension Delivers Malware
A malicious Chrome extension, identified in August 2024, delivers weaponized ZIP archives containing the LummaC2 stealer. Capable of manipulating cryptocurrency accounts and stealing extensive system data, this extension poses a significant risk to users’ financial security.
Read More
7. Bluetooth Protocol Stack Vulnerabilities
Historical vulnerabilities in Bluetooth stacks, such as BrakTooth and BleedingTooth, have exposed billions of devices to denial-of-service and code execution risks. These flaws, found in Linux and other systems, emphasize the ongoing need for timely patches and vigilance in IoT and personal device security. Read More
8. Hackers Exploit GeoServer RCE Vulnerability
A critical Remote Code Execution flaw (CVE-2024-36401) in GeoServer GeoTools software is under active exploitation, allowing attackers to deploy malware like cryptocurrency miners. Unpatched instances, especially in South Korea, face significant risks, prompting urgent calls for updates. Read More
9. Qilin Emerges as Top Ransomware Group
Qilin has solidified its position as the leading ransomware group in 2025, with 86 claimed victims in June alone. Targeting high-value sectors like telecom and healthcare, primarily in the U.S., Qilin’s double-extortion tactics and sophisticated affiliate support make it a formidable threat. Read More
Vulnerabilities
1. Scriptcase Vulnerabilities Expose Systems to Attacks
Multiple critical vulnerabilities have been identified in Scriptcase, a low-code development platform, particularly in versions like 9.4.019 and 9.10.023. These flaws include arbitrary file uploads, path traversal, and cross-site scripting (XSS), allowing attackers to upload malicious files, bypass security restrictions, and inject harmful code into user accounts. Read More
2. Linux Boot Vulnerability Bypasses Secure Boot Protections
A significant flaw in the Linux boot process, affecting distributions like Ubuntu, Debian, Fedora, and AlmaLinux, allows attackers with brief physical access to bypass Secure Boot via the Initial RAM Filesystem (initramfs) debug shell. By triggering this shell with incorrect password attempts, malicious hooks can be injected for persistent access. Read More
3. Comodo Internet Security 2025 Flaws Enable Remote Code Execution
Critical vulnerabilities in Comodo Internet Security 2025 (version 12.3.4.8162) expose users to remote code execution with SYSTEM privileges. Issues include improper certificate validation, path traversal, and lack of data authenticity checks, enabling man-in-the-middle attacks and arbitrary file writes. Read More
4. CISA Warns of Active Exploitation in Zimbra Collaboration Suite
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an advisory about multiple vulnerabilities in Zimbra Collaboration Suite (ZCS) being actively exploited. These flaws, such as CVE-2022-27924, allow unauthenticated attackers to steal email credentials and compromise systems in government and private sectors. Read More
5. SAP July 2025 Patch Day Addresses Critical Flaws
SAP’s July 2025 Security Patch Day released 27 new security notes, tackling critical vulnerabilities in S/4HANA, NetWeaver, and Live Auction Cockpit. With CVSS scores up to 10.0, flaws like CVE-2025-30012 enable remote code execution and full system compromise through insecure deserialization. Read More
6. FortiOS Buffer Overflow Vulnerability Risks Code Execution
Fortinet disclosed a heap-based buffer overflow vulnerability (CVE-2025-24477) in FortiOS, affecting the cw_stad daemon. Though rated medium severity (CVSS 4.0), authenticated attackers could exploit this to execute arbitrary code and escalate privileges.
Read More
7. Microsoft Patch Tuesday July 2025 Fixes 137 Flaws
Microsoft’s July 2025 Patch Tuesday addressed 137 vulnerabilities, including a zero-day in SQL Server and 14 critical issues across Windows, Office, Azure, and more. Key fixes target remote code execution and elevation of privilege flaws, urging immediate updates.
Read More
8. Apache Tomcat DoS Vulnerabilities Threaten Web Servers
Critical flaws in Apache Tomcat (versions 9.0.x to 11.0.x), including CVE-2025-48976 and CVE-2025-48988, enable denial-of-service (DoS) attacks through memory exhaustion and multipart upload abuse. Authentication bypass is also possible, requiring urgent patches.
Read More
9. Windows BitLocker Bypass Vulnerability
A vulnerability in Windows BitLocker allows attackers to bypass encryption protections under specific conditions. This flaw poses a risk to data security on affected systems, and users are advised to apply the latest patches from Microsoft to mitigate potential exploits.
Read More
10. Splunk Third-Party Packages Impact SOAR Versions
Issues with third-party packages in Splunk SOAR versions have been identified, potentially affecting system integrity and security automation. Organizations using Splunk SOAR should review updates and patches to address these dependencies.
Read More
11. Microsoft Enhances Microsoft 365 Security Features
Microsoft has introduced new security enhancements for Microsoft 365 to bolster protection against evolving threats. These updates aim to improve data security and compliance for enterprise users amidst rising cyber risks.
Read More
Windows
1. Windows Update Notifications Issue Resolved
A recent update has addressed a persistent issue with Windows notification sounds, ensuring that on-screen alerts and other multimedia notifications now play as expected. This fix is part of Microsoft’s ongoing efforts to enhance user experience and system reliability.
2. PowerShell 2.0 Deprecated in Windows 11
Microsoft has officially phased out PowerShell 2.0, starting with the latest Windows 11 Insider builds. This move, long anticipated since its deprecation in 2017, aims to bolster security by eliminating a tool with outdated architecture that has been exploited by malware. Users are encouraged to migrate to PowerShell 5.1 or the newer 7.x series for enhanced functionality and safety.
3. KB5062554: Windows 10 Cumulative Update for July 2025
Microsoft rolled out the mandatory KB5062554 cumulative update for Windows 10 versions 21H2 and 22H2 as part of the July 2025 Patch Tuesday. This update includes security patches addressing one zero-day vulnerability and 136 other flaws, bumping builds to 19044.6093 and 19045.6093. Users can install it via Windows Update or download it from the Microsoft Update Catalog.
4. Microsoft Outlook Outage Impacts Global Users
On July 9-10, 2025, Microsoft Outlook experienced a widespread outage, affecting users worldwide for nearly 20 hours. The disruption impacted access to email services across web, mobile, and desktop platforms. Microsoft deployed configuration changes to resolve the issue, with service restoration nearing completion by July 10 afternoon.
5. Microsoft Exchange Online Service Disruption
Microsoft recently faced a global outage affecting the Exchange Admin Center and Exchange Online, disrupting administrators’ access to critical management tools. The issue, marked by HTTP Error 500, was under investigation with temporary workarounds suggested. This incident also impacted related services like Teams Calendar for some users.
6. Windows 11 Introduces Black Screen of Death
Microsoft is transforming the iconic Blue Screen of Death (BSOD) into a Black Screen of Death (BkSOD) for Windows 11, aligning with the dark theme and aiming for a less intimidating crash experience. Rolling out to the Release Preview channel, this update promises faster reboots and introduces a Quick Machine Recovery feature for enterprise users to aid in system restoration.
Threats
1. Trojanized Versions of PuTTY and WinSCP Target IT Admins
A sophisticated SEO poisoning campaign is targeting IT professionals with malicious versions of popular tools like PuTTY and WinSCP. Since early June 2025, attackers have used fake websites and sponsored ads to trick users into downloading Trojanized installers that deploy the Oyster/Broomstick backdoor. This malware establishes persistence through scheduled tasks and malicious DLLs, posing a severe risk to enterprise networks due to the elevated privileges of its targets.
2. BERT Ransomware Disrupts ESXi Virtual Machines
A new ransomware group, BERT (also tracked as Water Pombero), has emerged with a destructive tactic of forcibly shutting down ESXi virtual machines before encryption. First observed in April 2025, this malware targets virtualized environments across multiple continents, complicating recovery by invalidating snapshot backups. Its ability to execute shutdown commands on VMware ESXi hypervisors makes it a significant threat to data centers.
3. Scattered Spider’s Sophisticated Cyber Intrusion Tactics
Scattered Spider, a notorious cybercriminal group, continues to target large organizations and their IT help desks with advanced techniques. Utilizing a wide array of tools like ADRecon, Mimikatz, and living-off-the-land methods, they employ phishing, SIM swapping, and social engineering to achieve account takeovers. Their evolving strategies, including encrypted communications, pose ongoing challenges to cybersecurity defenses.
4. NetSupport RAT Spreads via Compromised WordPress Sites
Threat actors are exploiting hacked WordPress sites to distribute malicious versions of the NetSupport Manager Remote Access Tool (RAT). Using phishing emails, PDFs, and gaming forums, attackers lure users to compromised sites where malicious JavaScript triggers a multi-stage attack chain. The campaign employs the “ClickFix” technique with fake CAPTCHA pages to deploy payloads, targeting Windows users for long-term control.
5. SparkKitty Trojan Targets iOS and Android Users
Kaspersky researchers have uncovered SparkKitty, a new Trojan spy affecting both iOS and Android devices. Disguised as crypto, gambling, and TikTok apps, this malware steals images and device information, likely aiming to pilfer cryptocurrency assets from users in Southeast Asia and China. This marks the second such discovery on the App Store within a year, highlighting persistent mobile security risks.
6. Weaponized VS Code Extensions Pose Supply Chain Threat
Attackers are targeting developers through the Visual Studio Code extensions marketplace by uploading rogue extensions that mimic legitimate ones. These malicious extensions, which run with user privileges without sandboxing, can install ransomware or other threats. Research shows how easily attackers can bypass verification badges, impacting thousands of users with deceptive installs.
7. Rhadamanthys Infostealer Leverages ClickFix Technique
The Rhadamanthys Stealer, first identified in 2022, has resurfaced with a deceptive ClickFix CAPTCHA delivery method. This fileless attack chain uses spearphishing and obfuscated PowerShell scripts to steal sensitive data like login credentials and cryptocurrency wallet details. Its stealthy approach exploits user trust, posing a significant challenge to traditional security measures.
8. Hackers Abuse GitHub for Malicious Activities
Cybercriminals have been abusing GitHub and other Git repository platforms like GitLab and Bitbucket for malicious purposes. Historical incidents show attackers using compromised credentials to wipe repositories and leave ransom notes, demanding Bitcoin payments. Such attacks highlight the risks of storing sensitive data in plaintext and the need for robust access controls.
9. New Zuru Malware Variant Targets macOS Users
A new variant of the Zuru malware is actively targeting macOS users, exploiting system vulnerabilities to compromise devices. While specific details on its attack vector and impact are still emerging, this development underscores the growing focus of threat actors on Apple’s ecosystem, traditionally considered more secure than other platforms. Read More
