Thursday, July 10, 2025

Security Threat Summary - July 10, 2025

         

Security Threat Summary - July 10, 2025

Top 5 Critical Security Alerts

  • Microsoft Patches 130 Vulnerabilities, Including Critical Flaws in SPNEGO and SQL Server — Microsoft addressed 130 vulnerabilities, including critical flaws in SPNEGO and SQL Server. Read more
  • New AI Malware PoC Reliably Evades Microsoft Defender — A new AI malware proof-of-concept uses targeted reinforcement learning to evade Microsoft Defender. Read more
  • Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets — Gold Melody IAB exploits leaked ASP.NET machine keys to gain unauthorized access to organizations. Read more
  • An NVIDIA Container Bug & Chance to Harden Kubernetes — A container escape flaw in the NVIDIA Container Toolkit could allow access to AI datasets. Read more
  • Smashing Security podcast #425: Call of Duty: From pew-pew to pwned — "Call of Duty: WWII" is weaponized, allowing hackers to hijack PCs; scammers target the recently incarcerated. Read more

Threat Intelligence

  • AiLock ransomware: What you need to know — The AiLock ransomware gang threatens to report victims to regulators, email competitors, and leak data if they don't pay within five days. Read more
  • DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware — DoNot APT is targeting European foreign affairs ministries using LoptikMod malware to harvest sensitive data. Read more
  • North American APT Uses Exchange Zero-Day to Attack China — Researchers have identified a North American APT exploiting a Microsoft Exchange zero-day to attack a Chinese entity. Read more
  • U.S. Sanctions North Korean Andariel Hacker Behind Fraudulent IT Worker Scheme — The U.S. sanctioned a North Korean hacker from the Andariel group for involvement in a fraudulent IT worker scheme. Read more
  • Chinese Hacker Xu Zewei Arrested for Ties to Silk Typhoon Group and U.S. Cyber Attacks — A Chinese national was arrested in Italy for ties to the Silk Typhoon group and cyberattacks against U.S. organizations. Read more

Security Tools & Best Practices

  • Setting up Your Own Certificate Authority for Development: Why and How. — Setting up an internal certificate authority can support strong authentication and provide flexibility for developers. Read more
  • How To Automate Ticket Creation, Device Identification and Threat Triage With Tines — Tines library offers pre-built workflows for security automation, including a standout workflow for malware alerts with CrowdStrike, Oomnitza, GitHub, and PagerDuty. Read more

Emerging Security Technologies

  • Rubio Impersonator Signals Growing Security Threat From Deepfakes — An impostor posing as a secretary of state demonstrates the growing security threat from deepfakes. Read more

Share: