Friday, July 4, 2025

Security Threat Summary - July 4, 2025

         

Security Threat Summary - July 4, 2025

Critical Security Alert

  • Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials — A flaw in Cisco Unified Communications Manager could allow an attacker to gain root access. Read more

Threat Intelligence

  • Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms — A Chinese hacking group exploited zero-day vulnerabilities in Ivanti Cloud Services Appliance (CSA) to target governmental, telecommunications, media, finance, and transport sectors in France. Read more
  • Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets — Researchers discovered over 40 malicious Firefox extensions designed to steal cryptocurrency wallet secrets from platforms like Coinbase and MetaMask. Read more
  • Attackers Impersonate Top Brands in Callback Phishing — Threat actors are impersonating brands like Microsoft and PayPal in socially engineered scams to trick victims into calling adversary-controlled phone numbers. Read more
  • Criminals Sending QR Codes in Phishing, Malware Campaigns — Attackers are increasingly using QR codes to conduct phishing attacks and trick users into downloading malware. Read more

Security Breaches & Incidents

  • Big Tech's Mixed Response to U.S. Treasury Sanctions — U.S. government sanctioned a Chinese national for operating a cloud provider linked to virtual currency investment scams, but tech companies still allow them to operate accounts. Read more
  • Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams — A mobile ad fraud operation, IconAds, consisting of 352 Android apps, has been disrupted for loading out-of-context ads and hiding app icons. Read more

Security Tools & Best Practices

  • New Cyber Blueprint Aims to Guide Organizations on AI Journey — Deloitte's new blueprint aims to bridge the gap between AI adoption and preparedness among leaders and employees. Read more
  • IDE Extensions Pose Hidden Risks to Software Supply Chain — Malicious extensions can bypass verification checks in popular integrated development environments, posing risks to the software supply chain. Read more

Emerging Security Technologies

  • The Hidden Weaknesses in AI SOC Tools that No One Talks About — Many AI-powered SOC platforms rely on pre-trained AI models that may not be suitable for modern security operations. Read more

Share: