Cyber security July 2025

This posting is here to collect cyber security news in July 2025.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

75 Comments

  1. Tomi Engdahl says:

    Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication

    Dozens of FortiWeb instances have been hacked after PoC targeting a recent critical vulnerability was shared publicly.

    https://www.securityweek.com/fortinet-fortiweb-flaw-exploited-in-the-wild-after-poc-publication/

    Reply
  2. Tomi Engdahl says:

    Fraud: A Growth Industry Powered by Gen-AI

    With generative AI enabling fraud-as-a-service at scale, legacy defenses are crumbling. The next wave of cybercrime is faster, smarter, and terrifyingly synthetic.

    https://www.securityweek.com/fraud-a-growth-industry-powered-by-gen-ai/

    Reply
  3. Tomi Engdahl says:

    Google Warns 2 Billion Gmail Users As AI Summaries Hacked
    https://www.forbes.com/sites/zakdoffman/2025/07/14/googles-gmail-warning-if-you-see-this-youre-being-hacked/

    Google warns Gmail users to beware of “a new wave of threats” that exploit AI upgrades to attack users. This includes “indirect prompt injections,” with “hidden malicious instructions within external data sources,” visible to your AI tools but not to you.

    Now one of these hacks has been confirmed in a new report, dropping one such attack into the public domain and leaving Gmail’s 2 billion users are at risk. Google’s fast-paced Gmail AI upgrades have opened new attack surfaces, and just as with other deployments, it is proving alarmingly easy to trick AI into hacking users.

    Reply
  4. Tomi Engdahl says:

    They Can Steal Your Passwords Just From Fan Noise
    https://m.youtube.com/watch?v=kDMfDN7iuQY

    Reply
  5. Tomi Engdahl says:

    Andy Greenberg / Wired:
    Researchers: at least 750 US hospitals faced disruptions on the day of last year’s big CrowdStrike outage, and 200+ had outages related to patient care services — Of those, more than 200 appear to have had outages of services related to patient care following CrowdStrike’s disastrous crash, researchers have revealed.

    At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds
    Of those, more than 200 appear to have had outages of services related to patient care following CrowdStrike’s disastrous crash, researchers have revealed.
    https://www.wired.com/story/at-least-750-us-hospitals-faced-disruptions-during-last-years-crowdstrike-outage-study-finds/

    Reply
  6. Tomi Engdahl says:

    Financial Times:
    X says France’s criminal probe over algorithmic “manipulation” and “fraudulent” data extraction is “distorting French law in order to serve a political agenda”

    https://www.ft.com/content/21818d23-71d7-45a4-ae8c-e7940f5d9e00

    Reply
  7. Tomi Engdahl says:

    Microsoftin palvelussa vakava maailmanlaajuinen haavoittuvuus: ”Kiristyshaittaohjelmahyökkääjien unelma”
    Anna Helakallio21.7.202509:45Tietoturva
    Microsoft julkaisi haavoittuvuuden korjaavan päivityksen sunnuntaina.
    https://www.tivi.fi/uutiset/a/64795eb1-4741-4415-8311-b9d4dc5b32ca

    Reply
  8. Tomi Engdahl says:

    A surveillance vendor was caught exploiting a new SS7 attack to track people’s phone locations
    https://techcrunch.com/2025/07/18/a-surveillance-vendor-was-caught-exploiting-a-new-ss7-attack-to-track-peoples-phone-locations/

    Security researchers say they have caught a surveillance company in the Middle East exploiting a new attack capable of tricking phone operators into disclosing a cell subscriber’s location.

    The attack relies on bypassing security protections that carriers have put in place to protect intruders from accessing SS7, or Signaling System 7, a private set of protocols used by the global phone carriers to route subscribers’ calls and text messages around the world.

    Reply
  9. Tomi Engdahl says:

    Google sues 25 alleged BadBox 2.0 botnet operators, all of whom are in China
    Ads giant complains of damage to its reputation and finances … and crime, too
    https://www.theregister.com/2025/07/17/google_sues_25_unnamed_chinese/

    Google has filed a lawsuit against 25 unnamed individuals in China it accuses of breaking into more than 10 million devices worldwide and using them to build a botnet, called BadBox 2.0, and then to carry out other cybercrimes and fraud.

    “As of April 2025, BadBox 2.0 is comprised of more than ten million infected AOSP-based TV streaming boxes, tablets, projectors, and after-sale car infotainment systems,” according to the lawsuit [PDF]. “In fact, BadBox 2.0 is the largest botnet of infected [connected TVs] CTVs ever uncovered and expands beyond CTVs to include additional devices such as tablets, digital projectors, and others.”

    Reply
  10. Tomi Engdahl says:

    Intel CPUs are crashing again during summer heatwaves, Firefox dev warns
    The lesson: if you haven’t applied the firmware patch that solves the problem, do it now.
    https://www.pcworld.com/article/2851951/intel-cpus-are-crashing-again-during-summer-heatwaves-firefox-dev-warns.html

    Reply
  11. Tomi Engdahl says:

    Washington Post:
    Researchers say hackers linked to the Chinese government were behind at least some of the recent widespread attacks using the SharePoint RCE vulnerability — Researchers say Chinese and other criminal hackers have exploited a security flaw in SharePoint software widely used by governments and businesses — and may come back.

    https://www.washingtonpost.com/technology/2025/07/21/china-hackers-microsoft-sharepoint/?pwapi_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZWFzb24iOiJnaWZ0IiwibmJmIjoxNzUzMDcwNDAwLCJpc3MiOiJzdWJzY3JpcHRpb25zIiwiZXhwIjoxNzU0NDUyNzk5LCJpYXQiOjE3NTMwNzA0MDAsImp0aSI6ImUwMTZjMjg5LWNlYTQtNDA5OC05NzM5LTgxZmQxZjZjN2YzZCIsInVybCI6Imh0dHBzOi8vd3d3Lndhc2hpbmd0b25wb3N0LmNvbS90ZWNobm9sb2d5LzIwMjUvMDcvMjEvY2hpbmEtaGFja2Vycy1taWNyb3NvZnQtc2hhcmVwb2ludC8ifQ.YSflkjRm1ObpQkdFfVkQ2IxmEvDzitVtxfB0-Gf53fM

    Reply
  12. Tomi Engdahl says:

    Alan Suderman / Associated Press:
    Critics say tokenization, led by Robinhood, could undermine securities law and investor protections that have made the US financial system the envy of the world

    The risks and rewards of tokenization as crypto heavyweights push for it
    https://apnews.com/article/crypto-robinhood-openai-tokenization-sec-bfd41220717fe9b6ebcd0305005e0018

    As cryptocurrencies become more intertwined with the traditional financial system, industry heavyweights are racing for a long-sought goal of turning real-world assets into digital tokens.

    “Tokenization is going to open the door to a massive trading revolution,” said Vlad Tenev, the CEO of the trading platform Robinhood at a recent James Bond-themed tokenization launch event in the south of France.

    Advocates say tokenization is the next leap forward in crypto and can help break down walls that have advantaged the wealthy and make trading cheaper, more transparent and more accessible for everyday investors.

    But critics say tokenization threatens to undermine a century’s worth of securities law and investor protections that have made the U.S. financial system the envy of the world. And Robinhood’s push into tokenizing shares of private companies quickly faced pushback from one of the world’s most popular startups.

    Reply
  13. Tomi Engdahl says:

    Weak Password Allows Hackers To Sink 158-Year-Old Company
    https://wonderfulengineering.com/weak-password-allows-hackers-to-sink-158-year-old-company/?fbclid=IwY2xjawLtSjVleHRuA2FlbQIxMQABHlyraCc5847kR73Pa43Kp-YsYFHLweHqfaDuI1lqGBp_Qi8utPkxqjl0YyKG_aem_LB3R6dEYTAkF0xBDOj7tOw

    A sobering reality of the digital age was revealed when a 158-year-old UK company was brought down by a single weak password. 700 workers lost their jobs when KNP, a transport company based in Northamptonshire that operates under the well-known “Knights of Old” brand, was completely destroyed by a ransomware attack.

    By attempting to guess an employee’s password, hackers from the Akira ransomware gang are thought to have gained access to KNP’s systems. Once inside, they demanded a ransom, estimated at up to £5 million, to unlock the encrypted data. KNP was forced to permanently cease operations since it was unable to pay and lacked access to vital information.

    The business had industry-standard IT systems and cyber insurance, but it was helpless against this attack.

    There are numerous cases like this one. An estimated 19,000 ransomware attacks occurred in the UK last year alone.

    just “too many attackers” and not enough defenders. According to Suzanne Grimmer of the National Crime Agency, the availability of hacking tools that require little technical expertise is to blame for the nearly twofold increase in incidents over the past two years.

    Officials discourage ransom payments, which only serve to increase crime, and emphasize prevention. However, in order to survive, many businesses continue to opt for silent payment methods. To make sure companies are prepared to handle the increasing cyber threat, some, like Paul Abbott, are now advocating for mandatory cybersecurity assessments, or what he calls a “cyber-MOT.” The demise of KNP serves as a terrifying reminder of how vulnerable even century-old institutions can be to cyberattacks as they develop and become more intense.

    Reply
  14. Tomi Engdahl says:

    Suomalaisilta Mobilepay-käyttäjiltä huijattiin vuonna 2024 yhteensä noin 180 000 euroa, Mobilepay kertoo turvallisuuskatsauksessaan.

    Suurin osa huijatuista summista oli 10–4 000 euron välillä, mutta isompiakin summia on sen mukaan menetetty. Kaikkiaan Mobilepayn läpi kulki viime vuonna 6,6 miljardia euroa. Sen sovelluksella on Suomessa lähes kolme miljoonaa käyttäjää.

    https://www.iltalehti.fi/digiuutiset/a/e50bc783-cd39-4739-994f-b19beb15103b

    Reply
  15. Tomi Engdahl says:

    Microsoft Says Chinese APTs Exploited ToolShell Zero-Days Weeks Before Patch

    Microsoft says the Chinese threat actors Linen Typhoon, Violet Typhoon, and Storm-2603 have been exploiting the ToolShell zero-days.

    https://www.securityweek.com/microsoft-says-chinese-apts-exploited-toolshell-zero-days-weeks-before-patch/

    Reply
  16. Tomi Engdahl says:

    Reclaiming Control: How Enterprises Can Fix Broken Security Operations

    Once a manageable function, security operations has become a battlefield of complexity.

    https://www.securityweek.com/reclaiming-control-how-enterprises-can-fix-broken-security-operations/

    Reply
  17. Tomi Engdahl says:

    Dell Says Data Leaked by Hackers Is Fake

    Dell confirms the compromise of a demo environment containing synthetic data after hackers leak allegedly stolen information.

    https://www.securityweek.com/hackers-leak-fake-dell-data/

    Reply
  18. Tomi Engdahl says:

    Vulnerabilities Expose Helmholz Industrial Routers to Hacking

    Eight vulnerabilities, including ones allowing full control over a device, have been discovered and patched in Helmholz REX 100 industrial routers.

    https://www.securityweek.com/vulnerabilities-expose-helmholz-industrial-routers-to-hacking/

    Reply
  19. Tomi Engdahl says:

    700 menetti työnsä: 158-vuotias firma kaatui yhteen salasanaan
    Johtaja halusi säästää kyseisen työntekijän hirvittävältä tiedolta, BBC kertoo.

    700 menetti työnsä: 158-vuotias firma kaatui yhteen salasanaan
    https://www.is.fi/digitoday/tietoturva/art-2000011382128.html

    Vuonna 1865 perustettu yritys joutui BBC:n mukaan sulkemaan ovensa kärsittyään musertavan kiristysohjelmahyökkäyksen. Se onnistui tiettävästi yhden arvaamalla selvitetyn salasanan avulla, ja nyt 700 ihmistä on vailla töitä.

    https://www.bbc.com/news/articles/cx2gx28815wo

    Reply
  20. Tomi Engdahl says:

    Replit’s CEO apologizes after its AI agent wiped a company’s code base in a test run and lied about it
    https://www.businessinsider.com/replit-ceo-apologizes-ai-coding-tool-delete-company-database-2025-7

    Replit’s CEO has apologized after its AI coder deleted a company’s code base during a test run.
    “It deleted our production database without permission,” said a venture capitalist who was building an app using Replit.
    “Possibly worse, it hid and lied about it,” he added.

    Reply
  21. Tomi Engdahl says:

    A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
    Joseph Cox
    Joseph Cox
    ·
    Jul 21, 2025 at 9:05 AM
    Infostealer data can include passwords, email and billing addresses, and the embarrassing websites you use. Farnsworth Intelligence is selling to divorce lawyers and other industries.

    https://www.404media.co/a-startup-is-selling-data-hacked-from-peoples-computers-to-debt-collectors/

    Reply
  22. Tomi Engdahl says:

    Spain awards Huawei contracts to manage intelligence agency wiretaps
    The Spanish government is using Huawei to manage and store judicially authorized wiretaps in the country used by both law enforcement and intelligence services, despite concerns about how the Chinese government could compel Huawei to assist Beijing with its own intelligence activities.

    The Ministry of the Interior officially awarded Huawei a €12.3 million ($14.3 million) contract following a standard public procurement process, as first reported by Spanish digital newspaper The Objective. Huawei had already been contracted to provide technical support to SITEL (Sistema Integrado de Interceptación Legal de las Telecomunicaciones), Spain’s integrated system for intercepting telecommunications.

    https://therecord.media/spain-awards-contracts-huawei-intelligence-agency-wiretaps

    Reply
  23. Tomi Engdahl says:

    W3C Releases Digital Credentials API Draft to Advance Standardized Identity Verification on the Web
    https://idtechwire.com/w3c-releases-digital-credentials-api-draft-to-advance-standardized-identity-verification-on-the-web/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*