Cybersecurity Weekly July 14, 2025

Ransomware arrests, critical zero-days, and a McDonald’s data leak affecting over 60 million—here’s what you need to know.

Cybersecurity Weekly — July 14, 2025

Ransomware arrests, critical zero-days, and a McDonald’s data leak affecting over 60 million—here’s what you need to know.

McDonald’s Breach Exposes 60M+ Applicant Records
Attackers exploited weak credentials and vulnerabilities in the McHire chatbot platform, exposing job applicant data worldwide.
🔗 Read More
Russian Pro Basketball Player Arrested for Ransomware
Daniil Kasatkin was arrested in France for alleged involvement in high-profile ransomware operations.
🔗 Read More
CARSTAR Hit by Sarcoma Ransomware Group
Canadian auto service chain CARSTAR has allegedly been breached, impacting operations and customer data.
🔗 Read More
Pay2Key RaaS Resurfaces Amid Geopolitical Tensions
The Iran-linked ransomware group is back, offering payouts for attacks on U.S. and Israeli targets.
🔗 Read More

Leaked Laravel APP_KEYs Allow RCE
Publicly exposed Laravel keys can now be weaponized for remote code execution via deserialization flaws.
🔗 Read More
Fortinet Patches FortiWeb Flaw (CVE-2025-25257)
A critical SQL injection issue could let unauthenticated attackers run arbitrary DB commands.
🔗 Read More
Wing FTP Server Exploit Active in the Wild
CVE-2025-47812 (CVSS 10.0) allows attackers to execute remote code via null byte injection.
🔗 Read More
PerfektBlue: Bluetooth Vulnerabilities in Vehicle Systems
Four new flaws in the BlueSDK stack affect infotainment systems in vehicles from Mercedes, VW, and Skoda.
🔗 [Read More](https://dailysecurityreview