“`html
In the current swiftly changing digital landscape, the prevalence and intricacy of cyber threats are escalating, rendering it essential to remain updated on emerging dangers. Our weekly dispatch acts as a crucial reference, providing a summary of relevant cybersecurity trends, expert assessments, and implementable suggestions.
This edition addresses recent cyber events, newly uncovered vulnerabilities, and significant legislative changes impacting organizations worldwide. We concentrate on advanced phishing tactics, the surge of ransomware, and security weaknesses affecting cloud frameworks and IoT devices.
Our objective is to equip you to detect potential hazards early and strengthen your organization’s security stance. Anticipate ongoing highlights of budding risks, guidance for sophisticated security solutions, and perspectives on innovative technologies.
We appreciate your confidence in us as your cybersecurity knowledge provider. We invite your participation in discussing challenges and connecting with a community committed to enhancing our digital ecosystem. Remain cautious and knowledgeable—proactive awareness is vital for safeguarding against cyber threats.
Threats
1. NightEagle APT Targets China’s High-Tech Sectors
A highly skilled APT group, NightEagle (APT-Q-95), has been exploiting undisclosed Exchange vulnerabilities since 2023 to focus on China’s essential technology sectors, including AI, quantum tech, semiconductors, and defense industries. Utilizing adaptive malware and memory-resident tactics, they have successfully appropriated confidential intelligence for almost a year. Their activities, occurring from 9 PM to 6 AM Beijing time, hint at a Western origin, likely North America. Read More
2. Threat Actors Exploit Signed Drivers for Kernel-Level Attacks
Cybercriminals are misusing Microsoft’s Windows Hardware Compatibility Program to sign malicious kernel drivers, circumventing security measures. Over 620 drivers have been compromised since 2020, peaking in 2022. This underground market for code-signing certificates, often linked to Chinese threat actors, represents a severe risk to system integrity. Read More
3. BladeDFeline Malware Attack
Information regarding the BladeDFeline malware incident is currently sparse due to inaccessible content. We will share updates as more details become available. Read More
4. NordDragonScan Targets Windows Users
A high-severity initiative involving the NordDragonScan infostealer is aiming at Microsoft Windows users. Spread via harmful HTA scripts and RAR archives, it collects browser profiles, documents, and screenshots, transmitting data to a command-and-control server. This threat highlights the necessity for robust endpoint security measures. Read More
5. Ingram Micro Hit by Ransomware Attack
Global IT distributor Ingram Micro experienced a ransomware incident over the July 4 weekend, linked to the SafePay group. The event disrupted ordering systems and the MS Xvantage platform across multiple regions. While operations have largely been restored, it brings attention to vulnerabilities in digital supply chains. Read More
6. Weaponized Chrome Extension Delivers Malware
A harmful Chrome extension, detected in August 2024, delivers weaponized ZIP archives containing the LummaC2 stealer. Capable of manipulating cryptocurrency accounts and extracting extensive system data, this extension poses a considerable threat to users’ financial security.
Read More
7. Bluetooth Protocol Stack Vulnerabilities
Historical weaknesses in Bluetooth stacks, such as BrakTooth and BleedingTooth, have exposed billions of devices to denial-of-service and code execution threats. These vulnerabilities, found in Linux and other systems, stress the ongoing requirement for timely updates and vigilance in IoT and personal device protection. Read More
8. Hackers Exploit GeoServer RCE Vulnerability
A critical Remote Code Execution flaw (CVE-2024-36401) in GeoServer GeoTools software is under active exploitation, enabling attackers to deploy malware like cryptocurrency miners. Unpatched instances, especially in South Korea, confront significant risks, prompting urgent calls for updates. Read More
9. Qilin Emerges as Top Ransomware Group
Qilin has established itself as the leading ransomware group in 2025, with 86 reported victims in June alone. Targeting valuable sectors such as telecom and healthcare, primarily in the U.S., Qilin’s double-extortion strategies and advanced affiliate support make it a formidable adversary. Read More
Vulnerabilities
1. Scriptcase Vulnerabilities Expose Systems to Attacks
Numerous critical vulnerabilities have been discovered in Scriptcase, a low-code development framework, especially in versions like 9.4.019 and 9.10.023. These flaws encompass arbitrary file uploads, path traversal, and cross-site scripting (XSS), allowing attackers to upload harmful files, circumvent security measures, and inject malicious code into user accounts. Read More
2. Linux Boot Vulnerability Bypasses Secure Boot Protections
A notable flaw in the Linux boot process, impacting distributions like Ubuntu, Debian, Fedora, and AlmaLinux, permits attackers with brief physical access to bypass Secure Boot via the Initial RAM Filesystem (initramfs) debug shell. By triggering this shell through incorrect password attempts, malicious hooks can be implanted for sustained access. Read More
3. Comodo Internet Security 2025 Flaws Enable Remote Code Execution
Critical vulnerabilities in Comodo Internet Security 2025 (version 12.3.4.8162) expose users to remote code execution with SYSTEM privileges. Problems include improper certificate validation, path traversal, and absence of data authenticity checks, enabling man-in-the-middle attacks and arbitrary file writes. Read More
4. CISA Warns of Active Exploitation in Zimbra Collaboration Suite
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding multiple vulnerabilities in Zimbra Collaboration Suite (ZCS) being actively exploited. These flaws, such as CVE-2022-27924, enable unauthenticated attackers to seize email credentials and compromise systems in both government and private sectors. Read More
5. SAP July 2025 Patch Day Addresses Critical Flaws
SAP’s July 2025 Security Patch Day released 27 new security notes, addressing critical vulnerabilities in S/4HANA, NetWeaver, and Live Auction Cockpit. With CVSS scores reaching as high as 10.0, flaws like CVE-2025-30012 permit remote code execution and complete system compromise through insecure deserialization. Read More
6. FortiOS Buffer Overflow Vulnerability Risks Code Execution
Fortinet revealed a heap-based buffer overflow vulnerability (CVE-2025-24477) in FortiOS, affecting the cw_stad daemon. Although rated medium severity (CVSS 4.0), authenticated attackers could exploit this to run arbitrary code and elevate privileges.
Read More
7. Microsoft Patch Tuesday July 2025 Fixes 137 Flaws
Microsoft’s…
“““html
July 2025 Patch Tuesday tackled 137 vulnerabilities, including a zero-day in SQL Server and 14 critical issues across Windows, Office, Azure, and more. Key remedies focus on remote code execution and privilege escalation flaws, prompting immediate updates.
Read More
8. Apache Tomcat DoS Vulnerabilities Endanger Web Servers
Serious flaws in Apache Tomcat (versions 9.0.x to 11.0.x), such as CVE-2025-48976 and CVE-2025-48988, permit denial-of-service (DoS) assaults via memory depletion and multipart upload exploitation. Authentication circumvention is also feasible, necessitating urgent fixes.
Read More
9. Windows BitLocker Circumvention Vulnerability
A flaw in Windows BitLocker enables attackers to circumvent encryption safeguards under certain conditions. This vulnerability threatens data security on impacted systems, and users should implement the latest patches from Microsoft to reduce potential exploits.
Read More
10. Splunk Third-Party Packages Affect SOAR Versions
Problems with third-party packages in Splunk SOAR versions have been recognized, potentially compromising system integrity and security automation. Organizations utilizing Splunk SOAR ought to examine updates and patches to resolve these dependencies.
Read More
11. Microsoft Advances Microsoft 365 Security Features
Microsoft has launched new security improvements for Microsoft 365 to enhance protection against evolving threats. These updates are intended to bolster data security and compliance for enterprise users amid increasing cyber risks.
Read More
Windows
1. Windows Update Notifications Issue Fixed
A recent update has resolved a lingering problem with Windows notification sounds, ensuring that on-screen alerts and other multimedia notices now function correctly. This correction is part of Microsoft’s continuous efforts to improve user experience and system reliability.
- Read More: Link to full article
2. PowerShell 2.0 Phased Out in Windows 11
Microsoft has formally retired PowerShell 2.0, beginning with the most recent Windows 11 Insider builds. This action, long awaited since its deprecation in 2017, seeks to enhance security by removing a tool with outdated design that has been exploited by malware. Users are urged to transition to PowerShell 5.1 or the newer 7.x series for improved functionality and safety.
- Read More: Link to full article
3. KB5062554: Windows 10 Cumulative Update for July 2025
Microsoft deployed the mandatory KB5062554 cumulative update for Windows 10 versions 21H2 and 22H2 as part of the July 2025 Patch Tuesday. This update encompasses security patches addressing one zero-day vulnerability and 136 additional flaws, elevating builds to 19044.6093 and 19045.6093. Users can acquire it through Windows Update or download it from the Microsoft Update Catalog.
- Read More: Link to full article
4. Microsoft Outlook Outage Affects Global Users
On July 9-10, 2025, Microsoft Outlook encountered a widespread outage, impacting users globally for nearly 20 hours. The disruption affected accessibility to email services across web, mobile, and desktop platforms. Microsoft implemented configuration changes to rectify the issue, with service restoration nearing completion by the afternoon of July 10.
- Read More: Link to full article
5. Microsoft Exchange Online Service Outage
Microsoft recently confronted a worldwide outage impacting the Exchange Admin Center and Exchange Online, hindering administrators’ access to essential management tools. The issue, characterized by HTTP Error 500, was under review with temporary workarounds proposed. This incident also affected related services like Teams Calendar for some users.
- Read More: Link to full article
6. Windows 11 Introduces Black Screen of Death
Microsoft is converting the traditional Blue Screen of Death (BSOD) into a Black Screen of Death (BkSOD) for Windows 11, aligning with the dark theme and aiming for a less daunting crash experience. Rolling out to the Release Preview channel, this update promises expedited reboots and introduces a Quick Machine Recovery feature for enterprise users to facilitate system restoration.
- Read More: Link to full article
Threats
1. Trojanized Versions of PuTTY and WinSCP Target IT Admins
A sophisticated SEO poisoning campaign is aiming at IT professionals with malevolent versions of popular tools like PuTTY and WinSCP. Since early June 2025, attackers have utilized fictitious websites and sponsored ads to deceive users into downloading Trojanized installers that deploy the Oyster/Broomstick backdoor. This malware establishes persistence through scheduled tasks and harmful DLLs, posing a substantial risk to enterprise networks due to the elevated privileges of its targets.
- Read More: Link
2. BERT Ransomware Disrupts ESXi Virtual Machines
A new ransomware group, BERT (also known as Water Pombero), has surfaced with a destructive strategy of forcibly shutting down ESXi virtual machines prior to encryption. First detected in April 2025, this malware targets virtual environments across multiple continents, complicating recovery by invalidating snapshot backups. Its capability to execute shutdown commands on VMware ESXi hypervisors marks it as a significant threat to data centers.
- Read More: Link
3. Scattered Spider’s Advanced Cyber Intrusion Strategies
Scattered Spider, an infamous cybercriminal network, continues to target large enterprises and their IT help desks using sophisticated techniques. Employing a diverse range of tools like ADRecon, Mimikatz, and living-off-the-land methods, they use phishing, SIM swapping, and social engineering to accomplish account takeovers. Their evolving tactics, including encrypted communications, present ongoing challenges to cybersecurity measures.
- Read More: Link
4. NetSupport RAT Distributes via Hacked WordPress Sites
Threat actors are taking advantage of compromised WordPress sites to spread malicious versions of the NetSupport Manager Remote Access Tool (RAT). Utilizing phishing emails, PDFs, and gaming forums, attackers entice users to infiltrated sites where harmful JavaScript initiates a multi-stage attack chain. The operation employs the “ClickFix” method with counterfeit CAPTCHA pages to release payloads, targeting Windows users for long-term control.
- Read More: Link
5. SparkKitty Trojan Targets iOS and Android Users
Kaspersky researchers have uncovered SparkKitty, a novel Trojan spy affecting
“`both iOS and Android gadgets. Masquerading as crypto, gambling, and TikTok applications, this malware pilfers images and device data, presumably with the intent to misappropriate cryptocurrency holdings from individuals in Southeast Asia and China. This represents the second such revelation on the App Store within a year, underscoring ongoing mobile security dangers.
- Read More: Link
6. Weaponized VS Code Extensions Present Supply Chain Hazard
Intruders are focusing on developers via the Visual Studio Code extensions marketplace by uploading fraudulent extensions that imitate genuine ones. These harmful extensions, which operate with user permissions without sandboxing, can deploy ransomware or other hazards. Studies reveal how effortlessly attackers can circumvent verification badges, affecting thousands of users through deceptive installations.
- Read More: Link
7. Rhadamanthys Infostealer Employs ClickFix Method
The Rhadamanthys Stealer, first recognized in 2022, has made a comeback with a misleading ClickFix CAPTCHA delivery technique. This fileless attack chain utilizes spearphishing and obfuscated PowerShell scripts to acquire sensitive information such as login credentials and cryptocurrency wallet details. Its stealthy strategy exploits user confidence, presenting a considerable obstacle to conventional security measures.
- Read More: Link
8. Hackers Exploit GitHub for Malicious Endeavors
Cybercriminals have been misusing GitHub and other Git repository services like GitLab and Bitbucket for ill-intentioned activities. Past incidents have shown attackers leveraging compromised credentials to erase repositories and leave ransom notes, demanding Bitcoin payments. Such assaults emphasize the dangers of storing sensitive information in plaintext and the necessity for strong access controls.
- Read More: Link
9. New Zuru Malware Variant Targets macOS Users
A new variant of the Zuru malware is actively seeking out macOS users, exploiting system vulnerabilities to take over devices. While specific details about its attack method and effects are still emerging, this situation highlights the increasing attention of threat actors on Apple’s ecosystem, which has been traditionally viewed as more secure than other platforms. Read More
The post Weekly Cybersecurity Roundup: Key Vulnerabilities, Threats, and Data Breaches appeared first on Cyber Security News.