{"id":19827,"date":"2025-07-07T15:55:11","date_gmt":"2025-07-07T13:55:11","guid":{"rendered":"https:\/\/kordon.app\/?p=19827"},"modified":"2025-07-07T15:55:11","modified_gmt":"2025-07-07T13:55:11","slug":"top-cybsersecurity-news-summarised-1st-week-of-july-2025","status":"publish","type":"post","link":"https:\/\/kordon.app\/et\/top-cybsersecurity-news-summarised-1st-week-of-july-2025\/","title":{"rendered":"Top Cybsersecurity News Summarised &#8211; 1st Week of July 2025"},"content":{"rendered":"<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>I&#8217;ve been putting together these cybersecurity news roundups since April. My goal is to make it quickly <strong>scannable<\/strong> ja <strong>actionable<\/strong> for cybersecurity specialists and I guess enthusiasts?.<\/p>\n\n\n\n<p>I try to focus on <strong>new novel types of attacks, threats and industry shaping developments.<\/strong> I try to avoid reporting on &#8220;happens every day&#8221; types of things. <\/p>\n\n\n\n<p>Some weeks I struggle to keep the selection under 20 and some weeks like this, 10 is all it takes to get the gist of it.<\/p>\n\n\n\n<p>If you have been reading these and have some feedback, I&#8217;d love to get it, to make it more useful, comment, or DM me on LinkedIn. <\/p>\n\n\n\n<p>Also, <strong>you can now subscribe to get these summaries to your inbox ~ once a week. Scroll down to subscribe.<\/strong><\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>1. Like SEO, LLMs May Soon Fall Prey to Phishing Scams<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-verse\">Security researchers warn that just as attackers have manipulated search engine optimization (SEO) to poison search results, similar techniques could soon target large language models (LLMs), exploiting AI-generated responses to lead users to phishing sites or malicious content. This highlights emerging AI-targeted social engineering threats.<\/pre>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Advise employees to be cautious about links in LLM responses<\/li>\n\n\n\n<li>Advice employees always to navigate to the service directly when loging in, and not to use a link from a search result or LLM response.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/seo-llms-fall-prey-phishing-scams\">Dark Reading<\/a>, <a href=\"https:\/\/www.csoonline.com\/article\/4015404\/llms-are-guessing-login-urls-and-its-a-cybersecurity-time-bomb.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>2. Scope, Scale of Spurious North Korean IT Workers Emerges<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-verse\">Microsoft warns that thousands of North Korean IT workers posing as legitimate remote employees have infiltrated technology, manufacturing, and transportation sectors globally to steal data and generate illicit revenue, evidencing a sustained hybrid cybercrime and espionage threat.<\/pre>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/scope-scale-spurious-north-korean-it-workers\">Dark Reading (1)<\/a>, <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/doj-disrupts-north-korean-it-worker-scheme\">Dark Reading (2)<\/a>, <a href=\"https:\/\/thehackernews.com\/2025\/07\/us-arrests-key-facilitator-in-north.html\">The Hacker News<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>3. Critical Vulnerability in Anthropic&#8217;s MCP Exposes Developer Machines to Remote Exploits<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-verse\">A critical security vulnerability (CVE-2025-49596) was discovered in Anthropic's Model Context Protocol (MCP) Inspector project, allowing remote code execution on developer machines and potentially granting attackers full system control, posing a significant risk for AI development environments.<\/pre>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Upgrade all MCP Inspector instances to version 0.14.1 or later<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/thehackernews.com\/2025\/07\/critical-vulnerability-in-anthropics.html\">The Hacker News<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>4. New Flaw in IDEs Like Visual Studio Code Lets Malicious Extensions Bypass Verified Status<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-verse\">A study by OX Security shows that Visual Studio Code, IntelliJ IDEA and other IDEs use weak HTTP\u2010based checks to mark extensions as \"verified,\u201d allowing attackers to craft VSIX packages that spoof trusted publishers and execute arbitrary code. This sideloading abuse exposes developer workstations - where source code and credentials often live - to remote code execution risks.<\/pre>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Require and verify digital signatures on all installed extensions.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/thehackernews.com\/2025\/07\/new-flaw-in-ides-like-visual-studio.html\">The Hacker News<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>5. FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-verse\">A new sophisticated attack named FileFix 2.0 exploits a vulnerability in Windows browsers' webpage saving features to bypass the Mark-of-the-Web (MOTW) security mechanism, allowing malicious code execution via legitimate functions, posing serious risk for Windows users against stealthy browser-based attacks.<\/pre>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Train employees not to Save As documents from the Internet or at least not to do so with files with the .hta extension that would allow silent execution of malicious scripts.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/cybersecuritynews.com\/filefix-attack-exploits-windows-browser\/\">Cybersecurity News<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>6. Qantas Data Breach Impacts Up to 6 Million Customers<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-verse\">Australian airline Qantas disclosed a data breach impacting up to six million customers, exposing personal information such as names, email addresses, phone numbers, birthdates, and frequent flyer numbers due to a compromised third-party platform; no financial or passport data was affected.<\/pre>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.securityweek.com\/qantas-data-breach-impacts-up-to-6-million-customers\/\">SecurityWeek<\/a>, <a href=\"https:\/\/www.csoonline.com\/article\/4015911\/cyberangriff-auf-australische-fluggesellschaft-qantas-2.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>7. Patch now: Citrix Bleed 2 vulnerability actively exploited in the wild<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-verse\">A critical out-of-bounds read vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway devices known as <strong>\"Citrix Bleed 2\" is under active exploitation<\/strong>, enabling attackers to <strong>hijack sessions and bypass multifactor authentication<\/strong>, posing severe risks to enterprise networks; urgent patching and session termination are advised.<\/pre>\n\n\n\n<p><strong>Next Steps<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Deploy Citrix June 17 patches for all affected NetScaler ADC\/Gateway builds.<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4014701\/patch-now-citrix-bleed-2-vulnerability-actively-exploited-in-the-wild.html\">CSO Online<\/a>, <a href=\"https:\/\/www.securityweek.com\/thousands-of-citrix-netscaler-instances-unpatched-against-exploited-vulnerabilities\/\">SecurityWeek<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>8. Scattered Spider Shifts Focus to Airlines with Strikes on Hawaiian and WestJet<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-verse\">The cybercrime group Scattered Spider, known for sophisticated social engineering, has shifted its attacks to the airline industry, with confirmed incidents on Hawaiian Airlines and WestJet. The group exploits helpdesk identity processes to bypass MFA and steal sensitive data, posing a significant threat during peak travel seasons.<\/pre>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4014787\/scattered-spider-shifts-focus-to-airlines-after-strikes-on-hawaiian-and-westjet.html\">CSO Online<\/a>, <a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/scattered-spider-hacking-spree-airline-sector\">Dark Reading<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>9. US DOJ makes progress combatting North Korean remote IT worker schemes<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-verse\">The US Department of Justice has disrupted North Korean remote IT worker schemes by arresting facilitators, seizing financial accounts, fraudulent websites, and computers tied to 'laptop farms' used to lend legitimacy to illicit workers. <\/pre>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4015132\/us-doj-announces-progress-combatting-north-korean-remote-it-worker-schemes.html\">CSO Online<\/a>, <a href=\"https:\/\/thehackernews.com\/2025\/07\/us-arrests-key-facilitator-in-north.html\">The Hacker News<\/a>, <a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/doj-disrupts-north-korean-it-worker-scheme\">Dark Reading<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>10. Criminals take malicious AI to the next level<\/strong><\/h2>\n\n\n\n<pre class=\"wp-block-verse\">Criminals are fine-tuning malicious AI models (named <strong>WormGPT<\/strong> ja <strong>FraudGPT<\/strong>) with breached data to enhance fraud schemes, including phishing and deepfake services, and offering prompt engineering-as-a-service to bypass mainstream AI safeguards.<\/pre>\n\n\n\n<p><strong>Read more at <\/strong><a href=\"https:\/\/www.csoonline.com\/article\/4014238\/cybercriminals-take-malicious-ai-to-the-next-level.html\">CSO Online<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">Get This to Your Inbox Next Week<\/h3>\n\n\n                <div class=\"ml-embedded\" data-form=\"pKq7EM\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Most interesting and actionable cybersecurity news summarised from the 1st week of July 2025.<\/p>","protected":false},"author":1,"featured_media":19838,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,26],"tags":[],"class_list":["post-19827","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","category-blog"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19827","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/comments?post=19827"}],"version-history":[{"count":49,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19827\/revisions"}],"predecessor-version":[{"id":19877,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/posts\/19827\/revisions\/19877"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media\/19838"}],"wp:attachment":[{"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/media?parent=19827"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/categories?post=19827"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kordon.app\/et\/wp-json\/wp\/v2\/tags?post=19827"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}