News – July 2025

July 22, 2025

Since September 2024, Interlock ransomware actors have impacted a wide range of businesses and critical infrastructure sectors in North America and Europe. These actors are opportunistic and financially motivated in nature and employ tactics to infiltrate and disrupt the victim’s ability to provide their essential services. Interlock actors leverage a double extortion model, in which they ...

July 21, 2025

One password is believed to have been all it took for a ransomware gang to destroy a 158-year-old company and put 700 people out of work. KNP – a Northamptonshire transport company – is just one of tens of thousands of UK businesses that have been hit by such attacks. Big names such as M&S, Co-op ...

July 21, 2025

Microsoft has released an urgent patch to fix a zero-day vulnerability affecting on-premises SharePoint servers. The vulnerability is already being exploited in the wild, which is why users are urged to apply the patch immediately and secure their assets. Three Microsoft products were said to be affected: SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint ...

July 21, 2025

French luxury brand Louis Vuitton recently reported a data breach affecting nearly 420,000 customers in Hong Kong, according to a Sunday report by a local newspaper. According to Xianggang Wenweipo, Hong Kong’s Office of the Privacy Commissioner for Personal Data (PCPD) said on Saturday that it received a notification from Louis Vuitton Hong Kong (LVHK) on ...

July 20, 2025

Australia is implementing comprehensive internet age verification and ID check requirements as part of a major overhaul of online safety regulation. By December 27, 2025, major platforms including Google and Microsoft must implement age verification checks on their search engines for all logged-in Australian users, facing potential fines of up to AU $50 million per breach ...

July 18, 2025

On Friday, July 18, 2025, managed file transfer vendor CrushFTP released information to a private mailing list on a new critical vulnerability, tracked as CVE-2025-54309, affecting versions below 10.8.5 and 11.3.4_23 across all platforms. According to the public-facing vendor advisory, this vulnerability in the CrushFTP managed file transfer software web interface is being exploited in the ...

July 18, 2025

Google has released version 138.0.7204.157/.158 for Chrome for Windows and Mac and 138.0.7204.157 for Chrome for Linux, which will roll out over the coming days/weeks. The updates address three high severity vulnerabilities, including CVE-2025-6558, which has an exploit in the wild. CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU vulnerability – CVSSv3 score: 8.8 Read ...

July 18, 2025

A 44-year-old Romanian national has been arrested during a law enforcement operation to dismantle a ransomware campaign called “Diskstation”. Diskstation usually targets Synology Network-Attached Storage (NAS) devices, often used in an enterprise environment for centralized file storage and sharing, data backup and recovery, and general content hosting. The group was first spotted in 2021, and has ...

July 17, 2025

The identities of more than 100 British officials, including members of the special forces and MI6, were compromised in a data breach that also put thousands of Afghans at risk of reprisal, it can be reported. The latest fallout from the breach was kept secret by an injunction until Thursday, when the order was lifted in ...

July 17, 2025

Hackers are targeting a previously reported bug in the Signal clone app TeleMessage in an effort to steal users’ private data, according to security researchers and a U.S. government agency. TeleMessage, which earlier this year was revealed to be used by high-ranking officials in the Trump administration, already experienced at least one data breach in May. ...