1.4K
Each month brings a new wave of cyber threats — and July 2025 proved no different. From luxury brands to critical infrastructure, this past month saw a series of high-impact breaches and ransomware attacks that reinforced a harsh reality: no organization is immune, regardless of industry or size.
Relying solely on prevention tools is no longer a sufficient defense. The true measure of your cybersecurity maturity lies in how well you respond when — not if — an incident occurs.
As a cybersecurity and IT solutions provider, we’ve closely tracked these events. The takeaway is clear: it’s time to shift the narrative from “How do we stop them?” to “How do we respond when they’re already inside?”
July’s Threat Landscape: Who Was Hit and What It Means
Luxury & Retail
A major breach at a high-end fashion label (e.g., Louis Vuitton) by the Scattered Spider gang reminded us that even well-funded brands are prime targets for consumer data theft.
Non-Profit & Humanitarian
The Rhysida ransomware attack on German charity Welthungerhilfe exposed the reality that humanitarian missions offer no shield from malicious actors.
Government & Critical Infrastructure
Sophisticated attacks hit the U.S. Nuclear Weapons Agency, the National Guard, and even the International Criminal Court, signaling heightened geopolitical threats.
Enterprise & Tech
Dell suffered a breach via the World Leaks group, while Qantas was compromised in another Scattered Spider incident — showing that even major enterprises remain vulnerable.
These incidents, among others, underscore a simple, undeniable fact: your organization will likely be targeted. The question is whether you are prepared to handle the fallout.
What This Month Revealed
- Ransomware Campaigns
- Major Data Breaches
- Targeted Cyber Attacks
- Emerging Malware & Ransomware
- New Vulnerabilities & Patch Releases
- Industry Advisories & Reports
Ransomware Attacks in July 2025
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
| July 01, 2025 | Welthungerhilfe | Ransomware gang attacks German charity that feeds starving children | Rhysida | Welthungerhilfe, a major German hunger-relief charity, was hit by a ransomware-as-a-service (RaaS) group—identified as the Rhysida gang—which stole and encrypted data, demanding 20 BTC (~$2.1 million) in exchange for the return of donor and organisational information. The charity refused to pay and immediately shut down affected systems while investigators responded. | German Hunger Relief Charity Hit to By Rhysida Ransomware Gang |
| July 02, 2025 | IdeaLab | IdeaLab confirms data stolen in ransomware attack last year | Hunters International ransomware | IdeaLab confirmed that its systems were breached in October 2024 by the Hunters International ransomware group, which stole sensitive data—names and other personal information—affecting current and former employees, contractors, and their dependents. | IdeaLab Ransomware Attack 2024 |
| July 03, 2025 | Ingram Micro | Ingram Micro suffers global outage as internal systems inaccessible | SafePay Ransomware | Ingram Micro suffered a global outage in early July when the SafePay ransomware gang infiltrated its internal systems—likely via its VPN—disrupting website access, order processing, and internal operations . | Source: Bleeping Computer |
| July 11, 2025 | Albemarle County (VA) | Albemarle latest Virginia county hit with ransomware | INC Ransomware Group | Albemarle County (VA) was hit by a ransomware attack beginning the evening of June 10, 2025, which disrupted internet services and likely exposed sensitive data—including names, addresses, Social Security, driver’s license, passport and military IDs—of county employees, school staff, and possibly residents, prompting involvement from the FBI, CISA, and local authorities. The attack has been attributed to the INC Ransom group (aka INC_RANSOM), a Russian-linked extortion operation—with no ransom paid and victims offered a year of free identity monitoring through Kroll. | Source: The Record Media |
| July 18, 2025 | WineLab | Russian alcohol retailer WineLab closes stores after ransomware attack | Akira ransomware | Russian alcohol retailer WineLab was forced to shut down its retail operations and online services following a ransomware attack, reportedly carried out by the Akira ransomware gang, which severely disrupted the company’s IT infrastructure and customer services. | Source: Bleeping Computer |
| July 31, 2205 | Dollar Tree | Dollar Tree denies ransomware claims, says stolen data is from defunct discount chain | A suspected Snowflake-related threat actor group, INC ransomware also claimed the attack | A data breach impacting Dollar Tree via its service provider Zeroed-In Technologies exposed sensitive personal information—including names, Social Security numbers, and financial data—of nearly 2 million individuals, with the Snowflake-related threat actor group suspected to be behind the attack. INC Ransomware group claimed on its dark-web leak site to have extracted 1.2 TB of sensitive data from what it labeled as Dollar Tree—but Dollar Tree responded the claim likely referred to legacy systems of a defunct chain (99 Cents Only Stores), not its own data. | Source: The Record Media |
Data Breaches in July 2025
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
| July 01, 2025 | Kelly Benefits | Kelly Benefits says 2024 data breach impacted 550,000 customers | Unknown | Maryland-based Kelly Benefits confirmed that a data breach between December 12–17, 2024, compromised personal information from its IT systems, ultimately impacting 553,660 individuals as reported to U.S. authorities. | Source: Bleeping Computer |
| July 01 and 10, 2025 | Qantas | Qantas discloses cyber attack amid Scattered Spider aviation breaches | Scattered Spider | Qantas disclosed a major cyberattack that exposed personal details—names, email addresses, phone numbers, birthdates, and frequent‑flyer numbers—for up to six million customers via a third‑party contact‑centre platform, with investigations pointing toward the Scattered Spider threat group behind the incident. | Qantas Data Breach |
| July 03, 2025 | Telefónica | Hacker leaks Telefónica data allegedly stolen in a new breach | “Rey” (Internet name) associated with the HellCat ransomware group | A hacker known as “Rey”, associated with the HellCat ransomware group, leaked a sample of 2.6 GB (part of an alleged 106 GB dump) stolen from Telefónica’s internal systems—comprising over 20,000 files of internal communications, logs, invoices, customer and employee data from a May 30 breach—while Telefónica hasn’t officially confirmed whether it’s a new incident or old data. | Source: Bleeping Computer |
| July 08, 2025 | Bitcoin Depot | Driver’s license numbers, addresses leaked in 2024 bitcoin ATM company breach | Unknown | Bitcoin Depot, the operator of over 8,000 cryptocurrency ATMs, suffered a data breach in June 2024 that exposed sensitive personal information—names, addresses, driver’s license numbers, phone numbers, emails, and birthdates—of approximately 26,700 users, with no publicly identified threat actor involved and victims not offered identity protection due to regulatory gaps. | Source: The Record Media |
| July 16, 2025 | Louis Vuitton | Louis Vuitton says regional data breaches tied to same cyber attack | ShinyHunters | Luxury brand Louis Vuitton confirmed that customer data breaches in the UK, South Korea, Turkey, Italy, and Sweden stem from a single cyber attack—believed to be linked to the ShinyHunters extortion group—resulting in unauthorised access to personal information like names, contact details, passport numbers, addresses, and shopping history, though no payment data was compromised. | Source: Bleeping Computer |
| July 16, 2025 | Co-op UK | Co-op confirms data of 6.5 million members stolen in cyber attack | Scattered Spider | Co-op UK confirmed that a third-party cyber attack targeting its loyalty programme provider, Azpiral, resulted in the unauthorised access and theft of personal data—including names, email addresses, phone numbers, and loyalty card details—of approximately 6.5 million members. | Source: Bleeping Computer |
| July 17, 2025 | U.S. National Guard | Chinese hackers breached the National Guard to steal network configurations | Chinese state-backed hackers (allegedly) | Chinese state-backed hackers reportedly breached the U.S. National Guard’s systems to steal network configurations, potentially exposing sensitive infrastructure details without directly accessing classified data. | Source: Bleeping Computer |
| July 20, 2025 | Dell | Dell confirms breach of test lab platform by World Leaks extortion group | World Leaks extortion group | Dell confirmed that its test lab platform was breached by the World Leaks extortion group, resulting in unauthorised access to limited customer information, including names, addresses, and hardware details—though no financial or sensitive data was exposed. | Source: Bleeping Computer |
| July 22, 2025 | Affidea | Major European healthcare network discloses security breach | Unknown | A major European healthcare network, Affidea, disclosed a cyber attack that disrupted its clinical operations in multiple countries, with systems taken offline as a precaution, though the identity of the threat actor remains unknown. | Source: Bleeping Computer |
| July 23, 2025 | Toptal’s GitHub account | Hackers breach Toptal GitHub account, publish malicious npm packages | Unknown | Hackers breached Toptal’s GitHub account and published malicious npm packages designed to steal data from developers, though the identity of the threat actors remains unknown. | Source: Bleeping Computer |
| July 24, 2025 | Indian Council of Agricultural Research (ICAR) | Data breach at ICAR hits key recruitment, agri research projects | Unknown | A cyber attack on the Indian Council of Agricultural Research (ICAR) led to a major data breach that disrupted key recruitment processes and agricultural research projects across multiple institutes, though the identity of the threat actor remains unknown. | ICAR Data Breach |
| July 26, 2025 | The Tea dating safety app | Hackers leak 13,000 user photos and IDs from the Tea app, designed as a women’s safe space | Unknown | The breach of the Tea dating safety app had a severe impact on user privacy and platform integrity, as hackers gained unauthorised access to misconfigured cloud storage and stole over 72,000 images, many of which contained highly sensitive content such as nude or partially nude photos submitted by users for identity and background checks. These images were subsequently leaked and circulated on online forums like 4chan, potentially subjecting victims to public humiliation, blackmail, and long-term emotional distress. | Tea Dating Safety App Data Breach |
| July 26, 2025 | Allianz Life Insurance | Allianz Life confirms data breach impacts majority of 1.4 million customers | Clop ransomware | Allianz Life Insurance confirmed a data breach that impacted the majority of its 1.4 million customers, exposing sensitive personal information due to the exploitation of a vulnerability in a third-party file transfer tool (MOVEit), with the Clop ransomware gang suspected to be behind the attack. | Allianz Life Data Breach |
| July 27, 2025 | Naval Group | France’s warship builder Naval Group investigates 1 TB data breach | Unknown | French warship builder Naval Group launched an investigation after a hacker allegedly leaked 1 TB of internal data—including documents on submarines, warships, and supplier information—though the identity of the threat actor remains unconfirmed. | Source: Bleeping Computer |
| July 28, 2025 | Orange Telecom | French telecom giant Orange discloses cyber attack | Unknown | French telecommunications giant Orange disclosed a cyber attack that targeted its email platform service provider, resulting in the unauthorised access of personal data belonging to an undisclosed number of customers; the threat actor behind the attack has not yet been publicly identified. | Source: Bleeping Computer |
Cyber Attacks in July 2025
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
| July 01, 2025 | The International Criminal Court | International Criminal Court hit by new ‘sophisticated’ cyber attack | Unknown | The International Criminal Court in The Hague was struck by a sophisticated and targeted cyber attack that disrupted its systems—though no data loss has been confirmed and no threat actor has been publicly identified. | Source: Bleeping Computer |
| July 06, 2025 | Shellter Elite | Hackers abuse leaked Shellter red team tool to deploy infostealers | An unknown Russian speaking group | Hackers exploited a leaked copy of the Shellter Elite red-team tool between April and July 2025 to deploy infostealer malware against unsuspecting victims, with activity traced to Russian-speaking cyber criminal groups using a single license leak. | Source: Bleeping Computer |
| July 09, 2025 | GMX, a decentralized exchange | More than $40 million stolen from GMX crypto platform | Unknown | GMX suffered a major exploit on its V1 protocol—losing around $40–43 million, including FRAX, USDC, WBTC, and ETH—due to a GLP price manipulation re‑entrancy flaw, after which the attacker began returning most funds in exchange for a 10% white‑hat bounty, though official identity of the actor remains unknown. | Source: The Record Media |
| July 17, 2025 | BigONE cryptocurrency exchange | Hacker steals $27 million in BigONE exchange crypto breach | Unknown | The BigONE cryptocurrency exchange suffered a $27 million theft after a hacker exploited a vulnerability in a third-party platform, prompting the exchange to halt withdrawals and launch an investigation, though the attacker’s identity remains undisclosed. | Source: Bleeping Computer |
| July 18, 2025 | Singapore government | Critical infrastructure in S’pore under attack by cyber espionage group: Shanmugam | State sponsored APT | Singapore’s Minister K. Shanmugam stated that a state-sponsored Advanced Persistent Threat (APT) group had launched cyber-espionage attacks on the nation’s critical infrastructure sectors—such as telecommunications, energy, and government—compromising sensitive systems and posing significant national security risks. | Singapore Cyber Espionage Attack |
| July 22, 2025 | U.S. Nuclear Weapons Agency | US nuclear weapons agency hacked in Microsoft SharePoint attacks | Chinese state-sponsored hackers | The U.S. Nuclear Weapons Agency, part of the Department of Energy, was compromised in a cyber attack exploiting a Microsoft SharePoint vulnerability, with Chinese state-sponsored hackers suspected of accessing sensitive network information. | Source: Bleeping Computer |
| July 24, 2025 | Steam (game) | Hacker sneaks infostealer malware into early access Steam game | Unknown | A threat actor covertly embedded an infostealer malware into an early access game on Steam, compromising gamers’ systems by stealing sensitive data such as browser credentials and cryptocurrency wallet information; the game’s developer was unaware and removed the title once alerted. | Source: Bleeping Computer |
| July 28, 2025 | Lovense | Lovense sex toy app flaw leaks private user email addresses | Unknown | A vulnerability in the Lovense sex toy app exposed private email addresses of users through an insecure API, potentially compromising customer privacy, though no specific threat actor has been attributed to the flaw. | Source: Bleeping Computer |
| July 29, 2025 | Russian airline Aeroflot | Russian airline Aeroflot grounds dozens of flights after cyber attack | Unknown | Russian airline Aeroflot suffered a cyber attack that disrupted its online check-in and mobile app systems, forcing the grounding and delay of dozens of domestic and international flights; while the exact threat actor has not been confirmed, speculation points toward possible politically motivated attackers amid ongoing cyber tensions. | Source: Bleeping Computer |
| July 29, 2025 | St. Paul Public Schools in the city of St Paul | Minnesota activates National Guard after St. Paul cyber attack | Unknown | Minnesota activated its National Guard cyber unit after a significant cyber attack on St. Paul Public Schools disrupted critical IT systems, prompting concerns of a potential ransomware incident, though the exact impact and threat actor remain under investigation. | Source: Bleeping Computer |
| July 30, 2025 | Russian pharmacy chain, Rigla | Cyber attack shuts down hundreds of Russian pharmacies, disrupts healthcare services | Unknown | A cyber attack severely disrupted operations at Russia’s largest pharmacy chain, Rigla, forcing it to shut down over 3,000 pharmacies, with speculation pointing to pro-Ukrainian hackers as the likely perpetrators behind the incident. | Source: The Record Media |
New Ransomware/Malware Discovered in July 2025
| New Ransomware/Malware | Summary |
| NimDoor malware | North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organisations. |
| Batavia spyware | A previously undocumented spyware called ‘Batavia’ has been targeting large industrial enterprises in Russia in a phishing email campaign that uses contract-related lures. |
| AMOS malware | Malware analysts discovered a new version of the Atomic macOS info-stealer (also known as ‘AMOS’) that comes with a backdoor to attackers’ persistent access to compromised systems. |
| Anatsa malware | The Android banking trojan Anatsa resurfaced on Google Play in July 2025—hidden inside a fake PDF viewer with over 50,000 downloads—enabling overlay phishing, keylogging, and automated transactions targeting North American bank apps. |
| TapTrap (attack/malware) | Researchers have uncovered TapTrap, an Android tapjacking exploit that tricks users into tapping hidden permission dialogs—thanks to invisible animations—allowing zero-permission apps to sneakily gain access or even wipe devices. |
| Interlock RAT via FileFix technique | The Interlock ransomware group now uses a novel “FileFix” social-engineering trick—prompting victims to paste disguised PowerShell commands into File Explorer’s address bar—to stealthily install a PHP-based remote access trojan (RAT) and pave the way for ransomware deployment. |
| An undisclosed new variant of the Konfety malware | Threat analysts have identified a new variant of the Konfety Android malware that uses intentionally malformed APK files—manipulating ZIP metadata and compression settings—to evade static analysis tools and security scanners while posing as legitimate apps and delivering ad fraud, redirects, and data exfiltration. |
| LameHug malware | The newly discovered LameHug malware uses large language models (LLMs) to dynamically generate malicious Windows commands in real time for data theft and system reconnaissance. |
| Coyote malware | The Coyote malware abused the Windows Accessibility framework to stealthily steal sensitive data, exploiting trusted system components to evade detection during its attacks. |
| Kosake malware | A new Linux malware strain named Kosake was discovered hiding its malicious payload in seemingly harmless panda images, and it used steganography techniques to evade detection while executing information-stealing and backdoor functionalities |
Vulnerabilities Discovered & Patches Released in July 2025
| Date | New Flaws/Fixes | Summary |
| July 02, 2025 | CVE-2025-6463 | The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. |
| July 02, 2025 | CVE-2025-5777, CVE-2025-6543 | Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gateway appliances. |
| July 03, 2025 | CVE‑2025‑5959, CVE‑2025‑6554, CVE‑2025‑6191, CVE‑2025‑6192 | Grafana has issued a critical security update for its Image Renderer plugin and Synthetic Monitoring Agent to patch four high‑severity Chromium vulnerabilities that could enable sandboxed remote code execution or memory corruption via crafted HTML content. |
| July 09, 2025 | CVE‑2025‑3648 | A newly disclosed critical vulnerability in ServiceNow—known as “Count(er) Strike” (CVE‑2025‑3648)—allows low‑privileged users to infer and enumerate sensitive data from tables they shouldn’t access by exploiting permissive ACL logic that leaks record counts in the UI and source HTML. |
| July 09, 2025 | CVE‑2025‑44957, CVE‑2025‑44962, CVE‑2025‑44954, CVE‑2025‑44960, CVE‑2025‑44961, CVE‑2025‑44963, CVE‑2025‑44955, CVE‑2025‑6243, CVE‑2025‑44958 | Multiple critical vulnerabilities in Ruckus Networks’ Virtual SmartZone (vSZ) and Network Director (RND) management platforms remain unpatched, potentially allowing attackers to bypass authentication, gain root access, execute arbitrary commands, and fully compromise enterprise wireless environments. |
| July 14, 2025 | CVE‑2025‑7029, CVE‑2025‑7028, CVE‑2025‑7027, CVE‑2025‑7026 | A firmware security firm discovered four critical UEFI vulnerabilities in Gigabyte motherboards that remain unpatched—allowing attackers with administrative access to bypass Secure Boot, execute arbitrary code in privileged System Management Mode, and deploy persistent bootkit malware invisible to the operating system. |
| July 16, 2025 | CVE‑2025‑6558 | Google released an urgent Chrome update to patch CVE‑2025‑6558, a high-severity (8.8) sandbox escape zero-day actively exploited via malformed HTML in the ANGLE GPU layer, enabling remote code execution in the GPU process and bypassing Chrome’s security sandbox |
| July 17, 2025 | CVE-2024-20337 | Cisco has disclosed a critical vulnerability in its Identity Services Engine (ISE) that allows unauthenticated remote attackers to execute commands as root, urging immediate patching. |
| July 18, 2025 | CVE-2024-3576 | Hackers are actively scanning for a critical TeleMessage vulnerability that allows unauthorized Signal app cloning, potentially exposing user credentials and sensitive messages. |
| July 18, 2025 | CVE-2024-4040 | A zero-day vulnerability in CrushFTP was actively exploited by attackers to hijack servers through unauthenticated remote access and extract files from outside designated virtual file systems. |
| July 21, 2025 | CVE-2024-3661 | A vulnerability in ExpressVPN’s Windows app, tracked as CVE-2024-3661, exposed users’ real IP addresses during remote desktop sessions, potentially compromising user anonymity despite using the VPN. |
| July 22, 2025 | CVE-2024-20359 and CVE-2024-20358 | Cisco confirmed that multiple maximum-severity remote code execution (RCE) vulnerabilities in Identity Services Engine (ISE), were being actively exploited in attacks, allowing unauthenticated attackers to execute arbitrary commands on affected systems. |
| July 22, 2025 | CVE-2023-47246 | CISA warned that hackers were actively exploiting a critical vulnerability in SysAid IT service management software, tracked as CVE-2023-47246, to gain unauthorised access and deploy malware in targeted attacks. |
| July 24, 2025 | CVE-2024-36680 | Mitel warned of a critical authentication bypass vulnerability in its MiVoice MX-ONE communication platform, tracked as CVE-2024-36680, which could allow unauthenticated attackers to gain administrative access. |
| July 28, 2025 | CVE-2023-39143 | CISA warned that a critical remote code execution vulnerability in PaperCut print management software, tracked as CVE-2023-39143, was actively exploited in the wild, urging organizations to patch immediately. |
| July 30, 2025 | CVE-2024-5275 | Apple patched a WebRTC security vulnerability, tracked as CVE-2024-5275, that was actively exploited in the wild as part of Chrome zero-day attacks, allowing potential arbitrary code execution. |
Warnings/Advisories/Reports/Analysis
| News Type | Summary |
| Report | The U.S. Treasury Department sanctioned a Russia-based company that had provided technical tools to ransomware gangs and digital drug traffickers. |
| Report | Building automation giant Johnson Controls has started notifying individuals whose data was stolen in a massive ransomware attack that impacted the company’s operations worldwide in September 2023. |
| Report | Researchers uncovered a widespread phishing campaign that used thousands of fake retail websites impersonating major brands like Apple and PayPal to steal credit card data from online shoppers. |
| Report | Esse Health alerted over 263,000 patients that their personal and health data had been stolen in an April 21 cyberattack that had disrupted key patient-facing network and phone systems. |
| Report | More than 40 fake Firefox add-ons posing as wallets like Coinbase, MetaMask, and Trust Wallet were uploaded between April and July 2025 to steal users’ private keys and drain their crypto wallets—a campaign traced to a Russian‑speaking threat group |
| Report | Malicious Chrome extensions, posing as legitimate utilities, were found with a total of 1.7 million downloads on the Chrome Web Store and were discovered to have secretly tracked users, stolen browsing data, and redirected them to unsafe sites—malicious behaviour added later via updates—with no specific threat actor publicly named |
| Report/Analysis | A sophisticated social engineering scheme allowed attackers to trick a third‑party into resetting an M&S employee’s password on April 17, 2025, enabling intrusion and deployment of DragonForce ransomware that led to widespread encryption and the theft of around 150 GB in data across the retailer’s network. |
| Report | Cyber criminals have created over 17,000 fraudulent websites masquerading as trusted news outlets like CNN, BBC, and CNBC to promote deceptive cryptocurrency investment schemes and lure victims into fake trading platforms across more than 50 countries. |
| Report | Four individuals in the UK—aged between 17 and 20—were arrested in July 2025 in connection with ransomware attacks that disrupted operations at major retailers Marks & Spencer, Co‑op, and Harrods, in a campaign attributed to the social‑engineering‑focused cyber crime group known as Scattered Spider. |
| Report | A 26-year-old Russian professional basketball player, Daniil Kasatkin, was arrested in France on June 21 at the request of U.S. authorities for allegedly acting as a negotiator for a ransomware gang that targeted nearly 900 U.S. companies and two federal agencies between 2020–2022, though his lawyer insists he lacked technical skill and may have been unknowingly implicated. |
| Report | Former Mexican President Enrique Peña Nieto is under formal investigation after allegations that he received up to $25 million in bribes from Israeli businessmen to secure government contracts—including for the deployment of Pegasus spyware from NSO Group—though so far no concrete evidence supports the claims . |
| Report | The UK’s National Cyber Security Centre (NCSC) has launched the Vulnerability Research Initiative (VRI), a formal collaborative program engaging external cybersecurity researchers to bolster the nation’s ability to discover, analyse, and address software and hardware vulnerabilities more effectively than internal efforts alone. |
| Report | A former officer of the UK’s National Crime Agency (NCA) was jailed after being convicted of stealing over £150,000 worth of Bitcoin seized during a criminal investigation. |
| Report | Indonesia extradited Russian national Alexander Zverev on July 11, 2025, to face Russian charges after allegedly running a Telegram channel that sold sensitive personal data obtained from law enforcement and telecom databases between 2018 and 2021. |
| Report | Romanian police, supported by over 100 HMRC investigators, arrested 13 individuals in Romania and one in the UK for orchestrating a large-scale phishing fraud targeting Britain’s tax authority, which used stolen personal data to submit fraudulent PAYE, VAT, and child benefit claims totaling approximately £47 million . |
| Report | Google has filed a lawsuit to disrupt the BadBox botnet, a massive cyber crime operation that infected over 10 million Android devices globally through malicious firmware, enabling activities like fraud, data theft, and unauthorised account creation. |
| Report | A newly released Phobos ransomware decryptor enables victims of multiple Phobos variants to recover their encrypted files for free, offering a crucial tool for affected users without needing to pay ransom. |
| Report | The UK government linked Russia’s GRU military intelligence agency to the “Authentic Antics” cyber campaign, which used custom credential-stealing malware to target politicians, journalists, and public figures in the UK and beyond over several years. |
| Report | Chinese state-sponsored hackers were linked to attacks exploiting Microsoft SharePoint using the custom Trojan-ToolShell malware, enabling remote command execution and persistent access to compromised systems. |
| Report | The UK government announced a forthcoming ban that prohibited public sector organisations from paying ransomware gangs, aiming to deter cyber criminal activity and reduce incentives for attacks. |
| Warning | CISA and the FBI issued a joint alert warning that Interlock ransomware attacks had escalated in frequency and impact, targeting organisations across critical infrastructure sectors and exfiltrating sensitive data before encryption. |
| Report | Hackers had impersonated Clorox staff to deceive Cognizant’s IT help desk and reset multifactor authentication, leading to a 2023 ransomware attack that Clorox claimed caused $380 million in losses, as revealed in a lawsuit. |
| Report | Dior began notifying U.S. customers of a data breach that exposed sensitive personal information, including names, email addresses, phone numbers, birthdates, and encrypted passwords, due to unauthorised access to its systems. |
Conclusion:
The cyberattacks of July 2025 serve as a powerful wake-up call for all businesses in North America. While investing in preventative measures is important, your ability to recover and continue operations is what will ultimately define your success in the face of a cyber threat. A well-defined and regularly tested cyber incident response plan is your most powerful tool for achieving that resilience.
In a world where cyber threats are a matter of “when,” not “if,” and no industry is safe, a robust defense is your most critical asset. At Synergy IT Solutions, we move beyond simple prevention, offering a comprehensive suite of cybersecurity services designed to build true business resilience. From crafting and testing a detailed cyber incident response plan through realistic tabletop exercises, to providing continuous managed IT security services that fortify your network, we act as your trusted partner. Our team of experts, based in Canada & USA , is dedicated to helping businesses across North America navigate the complex threat landscape, ensuring your operations remain secure, your data protected, and your business poised for uninterrupted growth.
Ready to prepare for the inevitable? Contact us today to develop a robust incident response plan and conduct a tabletop exercise to test your business’s resilience.
Source : https://www.cm-alliance.com/cybersecurity-blog/july-2025-biggest-cyber-attacks-ransomware-attacks-and-data-breaches
