Cybersecurity Weekly — July 7, 2025

This week’s update includes major ransomware group shutdowns, multi-vector attacks on enterprise platforms, critical CVEs from Cisco, Citrix, and Grafana, and ongoing global cybercrime investigations

🔓 Ransomware and Breaches

Hunters International ransomware group shuts down
The group announced its exit and offered free decryption tools to all past victims
🔗 Read more

Ingram Micro crippled by SafePay ransomware
Global IT distributor experienced widespread internal outages after targeted ransomware attack
🔗 Read more

HellCat ransomware group exploits Jira credentials
Using infostealer logs, attackers breached HighWire Press, Asseco, Racami, and LeoVegas Group
🔗 Read more

Kelly Benefits breach impacts 550,000 individuals
Attack used phishing, obfuscated malware, and MITRE ATT&CK-aligned techniques to exfiltrate data
🔗 Read more

IdeaLab confirms ransomware data theft
Tech incubator disclosed stolen sensitive employee and contractor information
🔗 Read more

Esse Health breach affects over 263,000 patients
Independent healthcare group disclosed prolonged attack that disrupted systems and leaked PHI
🔗 Read more

Telefónica data allegedly leaked
Hacker released proof-of-breach sample after claiming theft of 106GB of internal data
🔗 Read more

⚠️ Critical Vulnerabilities and Exploits

Cisco emergency patch for Unified CM flaw CVE-2025-20309
Root-level access exploit with CVSS score of 10.0 addressed in security update
🔗 Read more

Citrix patches CVE-2025-5777 and CVE-2025-6543
Session hijacking and denial-of-service bugs impacting NetScaler ADC and Gateway
🔗 Read more

Grafana issues urgent fixes for Image Renderer and Synthetic Monitoring Agent
Chromium-based flaws could allow remote code execution and memory corruption
🔗 Read more

Google Chrome zero-day CVE-2025-6554 added to KEV
Actively exploited flaw in V8 engine marks fourth zero-day for Chrome this year
🔗 Read more

Forminator plugin flaw affects 600,000 WordPress sites
CVE-2025-6463 enables full-site takeover through unauthenticated input injection
🔗 Read more

Critical Sudo bugs enable local root access
Linux and Unix systems vulnerable to privilege escalation through flawed command-line utility
🔗 Read more

Java Debug Wire Protocol abused for crypto mining
Attackers use modified XMRig and JDWP exposure to gain execution on compromised hosts
🔗 Read more

🌐 Nation-State and APT Activity

APT36 launches BOSS Linux-targeted espionage campaign
India-focused threat group used weaponized ZIPs to compromise defense personnel systems
🔗 Read more

NightEagle APT exploits Exchange zero-days in China
Previously unknown threat group observed chaining exploits in targeted espionage
🔗 Read more

North Korea-linked hackers spread NimDoor via fake Zoom updates
Mac users targeted through phishing links distributing Nim-based malware disguised as AppleScript
🔗 Read more

Taiwan issues alert on Chinese app data risks
Apps like TikTok, WeChat, and Baidu Cloud flagged for aggressive data collection and exfiltration
🔗 Read more

🧑‍⚖️ Legal and Enforcement Actions

Spain arrests cybercriminals targeting politicians and media
Two suspects accused of stealing government data and leaking samples for notoriety
🔗 Read more

Google fined over $314 million in Android data misuse case
Class action ruled in favor of California users over unauthorized idle data collection
🔗 Read more

352 Android apps linked to IconAds fraud scheme removed
Mobile ad fraud campaign hidden behind out-of-context ad injections and stealth uninstall prevention
🔗 Read more

Subscribe for weekly insights into breach activity, exploit disclosures, and evolving threat actor tactics
Subscribe here

‍