Cyber Weekly Newsletter

Cyber Weekly Newsletter for Friday July 25, 2025

The weekly Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team

Cybersecurity awareness tips and alerts from Riskigy to empower your team to #BeCyberSmart #CyberAware

This Weeks Need-to-Know News and Alerts

⚠️ SonicWall urges customers to patch SMA 100 series appliances against a critical authenticated arbitrary file upload vulnerability that can let attackers gain remote code execution. The security flaw is caused by an unrestricted file upload weakness. https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-rce-flaw-in-sma-100-VPN-appliances/ 

⚠️ Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. Tracked as CVE-2025-37103 and rated “critical” score: 9.8. https://www.bleepingcomputer.com/news/security/hpe-warns-of-hardcoded-passwords-in-aruba-access-points/ 

⚠️ Sophos and SonicWall have alerted users of critical security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances that could be exploited to achieve remote code execution. https://thehackernews.com/2025/07/sophos-and-sonicwall-patch-critical-rce.html 

⚠️ ExpressVPN has fixed a flaw in its Windows client that caused Remote Desktop Protocol (RDP) traffic to bypass the virtual private network (VPN) tunnel, exposing the users' real IP addresses. ExpressVPN is a leading VPN service provider  used by millions. https://www.bleepingcomputer.com/news/security/expressvpn-bug-leaked-user-ips-in-remote-desktop-sessions/

⚠️ Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems . Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. . https://thehackernews.com/2025/07/critical-mitel-flaw-lets-hackers-bypass.html 

⚠️ Microsoft investigating an ongoing outage blocking Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center. The company has yet to disclose which regions are currently affected by this ongoing service issue. https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-outage-affecting-microsoft-365-admin-center/ 

⚠️ CISA has warned that attackers are actively exploiting two security vulnerabilities in the SysAid IT service management (ITSM) software to hijack administrator accounts. Tracked as CVE-2025-2775 and CVE-2025-2776, were patched in March. https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-sysaid-vulnerabilities-in-attacks/ 

⚠️ Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access. Cisco ISE plays a central role in network access control, managing which users and devices are allowed onto corporate networks and under what conditions. https://thehackernews.com/2025/07/cisco-confirms-active-exploits.html 

⚠️ Veeam Recovery Orchestrator (VRO) users locked out after MFA rollout. Veeam warned customers that a recently released version of Recovery Orchestrator blocks Web UI logins after enabling multi-factor authentication (MFA). https://www.bleepingcomputer.com/news/technology/veeam-recovery-orchestrator-users-locked-out-after-mfa-rollout/ 

⚠️ Microsoft releases emergency patches for SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8)  a code injection and remote code execution bug. https://thehackernews.com/2025/07/critical-microsoft-sharepoint-flaw.html 

⚠️ Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access. Must-use plugins (aka mu-plugins) are special plugins that are automatically activated on all WordPress sites in the installation. https://thehackernews.com/2025/07/hackers-deploy-stealth-backdoor-in.html 

⚠️ Coast Guard Issues Cybersecurity Rule for Maritime Transport Safety. The cybersecurity requirements follow an extended timeline over the next two years, and are meant to secure US shipping ports from disruption by malicious actors. https://www.darkreading.com/threat-intelligence/marine-transportation-final-cyber-rule 

⚠️ Hacker sneaks infostealer malware into early access Steam game. EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. https://www.bleepingcomputer.com/news/security/hacker-sneaks-infostealer-malware-into-early-access-steam-game/ 

⚠️ Amazon AI coding agent hacked to inject data wiping commands. Hackers planted data wiping code in a version of Amazon's generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. Q is a free extension that uses generative AI. https://www.bleepingcomputer.com/news/security/amazon-ai-coding-agent-hacked-to-inject-data-wiping-commands 

⚠️ LLM plugin vulnerabilities highlight threat to AI ecosystems. Research revealed troubling security flaws in how LLM plugins are designed, including vulnerabilities that could enable data leaks, remote code execution, and even full takeover of AI sessions. https://www.scworld.com/feature/llm-plugin-vulnerabilities-highlight-growing-threat-to-ai-ecosystems 

From Our Blog

✅ Preparing for Account Takeover and Business Email Attacks

Both tactics are employed by cybercriminals to gain unauthorized access to valuable information or financial assets. While they share some commonalities, the methodologies and specific targets of these attacks distinguish them from one another. In this post, we will delve into what sets ATO and BEC attacks apart, their similarities, and effective measures for defending against them…Read more now at https://riskigy.com/blog/f/preparing-for-account-takeover-and-business-email-attacks 

✅ Ransomware Groups Are Impersonating IT Support

Ransomware groups continue to evolve their tactics, and one of the latest trends involves impersonating IT support to gain access to organizational networks. This alarming development in the cyber threat landscape demands immediate attention from businesses and individuals alike. By understanding how these groups operate and proactively implementing best practices, organizations can reduce their exposure to this emerging threat…Read more now at https://riskigy.com/blog/f/ransomware-groups-are-impersonating-it-support 

✅ Managing Bring Your Own AI (BYOAI) Risk

While the Bring Your Own AI (BYOAI) trend can enhance productivity and foster innovation, it also introduces a set of compelling risks that businesses must manage carefully. As AI continues to transform the business landscape, a new trend has emerged, Bring Your Own AI (BYOAI)....Read more at https://riskigy.com/blog/f/managing-bring-your-own-ai-byoai-risk 

✅ Key Differences Between Data Privacy and Data Security

Although these terms are often used interchangeably, they represent distinct facets of protection when managing sensitive information. This post explores the differences between data privacy and data security, providing examples of regulations and highlighting risks businesses face in each area…Read more at https://riskigy.com/blog/f/key-differences-between-data-privacy-and-data-security 

✅ Surge in ClickFix and Fake CAPTCHA Attacks

ClickFix, a social engineering tactic that surfaced last year, involves threat actors designing deceptive websites or phishing attachments that show fake errors and then instruct users to click a button to resolve them…Read more https://riskigy.com/blog/f/surge-in-clickfix-and-fake-captcha-attacks 

Recent Data Breach News

⚠️ Major European healthcare network discloses security breach. AMEOS Group, an operator of a massive healthcare network in Central Europe, has announced it has suffered a security breach that may have exposed customer, employee, and partner information. https://www.bleepingcomputer.com/news/security/major-european-healthcare-network-discloses-security-breach/ 

⚠️ US nuclear agency hacked via critical SharePoint vulnerability. U.S. National Nuclear Security Administration, U.S. Education Department, Florida’s Department of Revenue among the organizations exploited by various reported SharePoint zero-day bugs. https://www.scworld.com/news/us-nuclear-agency-hacked-via-critical-sharepoint-vulnerability 

⚠️ Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit. Clorox is suing IT giant Cognizant for gross negligence, alleging it enabled a massive cyberattack by resetting an employee's password without first verifying their identity. https://www.bleepingcomputer.com/news/security/hackers-fooled-cognizant-help-desk-says-clorox-in-380m-cyberattack-lawsuit/ 

⚠️ Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access. The recently disclosed Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. https://thehackernews.com/2025/07/hackers-exploit-sharepoint-zero-day.html 

⚠️ Ring denies breach after users report suspicious logins. On May 28th, many Ring customers reported seeing unusual devices logged into their accounts from various locations worldwide, leading them to believe their accounts had been hacked. https://www.bleepingcomputer.com/news/security/ring-denies-breach-after-users-report-suspicious-logins/ 

⚠️ Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers. CrushFTP is widely used in government, healthcare, and enterprise environments. Assigned the CVE identifier CVE-2025-54309, the vulnerability carries a CVSS score of 9.0. https://thehackernews.com/2025/07/hackers-exploit-critical-crushftp-flaw.html 

⚠️ Dell confirms breach of test lab platform by World Leaks extortion group. Dell acknowledged that the threat actor had breached its Customer Solution Centers platform, which is used to demonstrate Dell products and solutions to customers. https://www.bleepingcomputer.com/news/security/dell-confirms-breach-of-test-lab-platform-by-world-leaks-extortion-group/ 

Cybersecurity Is Complex! We Are Here To Help

Cyberthreats are everywhere, you don’t have to face them alone. Get Cybersecurity & Tech help from Riskigy!

✔ Looking for an expert to assist your firm or clients? 

✔ Need a pro to explain Tech or Cyber to your management? 

✔ Vetting a new investment or acquisition? 

✔ Want to build a cyber aware staff? 

✔ Need immediate assistance with an incident? 

✔ Considering adding a vCISO or vCTO to your team?

✔ Seeking help with SOC-2, SEC/FINRA, or FTC readiness?

Contact us to discuss how we can assist!