Featured image of post Cybersecurity Week in Review: July 29 – August 4, 2025
NEWS

Cybersecurity Week in Review: July 29 – August 4, 2025

Cyberattacks, data breaches, zero-days, and global responses—discover the biggest cybersecurity headlines of this week.

By Samuel Monsempes

Major Data Breaches and Leaks

  • Pandora & Chanel (Salesforce Data Theft): Luxury jeweler Pandora revealed that a cyberattack exposed customer names, birthdates, and email addresses (no passwords or payment data) via a compromised Salesforce CRM app. French fashion house Chanel likewise suffered a Salesforce breach on August 1 attributed to the ShinyHunters group, part of a wider CRM data theft campaign targeting retail customer data.

  • Cisco (Third-Party CRM Breach): Cisco disclosed that a vishing attack on July 24 allowed hackers to access a subset of user information from a third-party CRM system. The intruders stole Cisco.com account profile data (names, email addresses, phone numbers, organization and address info, and user IDs), though no passwords or sensitive customer data were compromised. Impacted individuals and regulators have been notified.

  • Hacktivist Data Dumps: Multiple hacked datasets were leaked on DDoSecrets this week. The leaks include ~65,000 internal documents, images, and emails from the East Baton Rouge Sheriff’s Office (stolen by the Medusa ransomware gang), as well as tens of thousands of emails and files from international targets like Guatemala’s military intelligence directorate (~40K documents). Additionally, large caches of emails from the Cuban consular office in Washington D.C. and Indonesia’s Guangzhou consulate were dumped (these contain personal data and are being shared under restricted access). These breaches expose sensitive law enforcement and government data on a global scale.

Significant Cyberattacks and Incidents

  • Orange Telecom Outage: French telecom giant Orange suffered a cyberattack (detected July 25) that disrupted IT services for corporate and consumer customers. Orange’s Cyberdefense unit isolated affected systems, causing some management platforms to go offline. Services were largely restored by July 30, and Orange reports no evidence of data exfiltration to date. Authorities have been notified as the company withholds further technical details of the attack.

  • Nationwide Telecom Outage in Luxembourg: The Luxembourg government is investigating a July 23 cyberattack that knocked out 4G/5G mobile networks for over three hours. Attackers exploited a vulnerability in Huawei telecom equipment software, causing a denial-of-service that even overloaded backup 2G systems. The outage disrupted emergency calls, internet access, and banking services country-wide. Officials describe the attack as “exceptionally sophisticated” and intentionally destructive (not mere accident), and a special crisis task force has been convened to improve network resilience and consider regulatory changes (e.g. automatic network failovers).

  • Healthcare Disruptions: A wave of cyber incidents hit the health sector. Multiple hospitals in New England were forced offline by cyberattacks over the past two weeks, with one Catholic healthcare network seeing system-wide outages and Central Maine Healthcare shutting down its IT network in response to an attack. In Ohio, Kettering Health confirmed a ransomware attack by the Interlock gang that began in May, which knocked out electronic health records and phone systems, requiring elective surgeries to be canceled and ambulances diverted. While Kettering has now restored systems and removed the malware, the incident underscores the continued impact of ransomware on patient care.

  • Law Enforcement Action – Scattered Spider: International authorities are actively pursuing the Scattered Spider cybercrime group amid its ongoing extortion spree. U.K. police arrested four suspects tied to social-engineering attacks on major British retailers (Marks & Spencer, Harrods, and Co-op) that began in April. These arrests, linked to Scattered Spider (aka UNC3944), have temporarily slowed the group’s activity, creating a “brief window” for organizations to harden defenses. The FBI and CISA warn, however, that Scattered Spider continues to evolve tactics – from help-desk impersonation and SIM swapping to MFA “push bombing” – to infiltrate companies in the US, UK, Canada, and Australia. The group has even begun encrypting victim networks (e.g. VMware ESXi servers) for ransom, blurring the line between data extortion and traditional ransomware.

Critical Vulnerabilities and Patches

  • Android/Qualcomm Exploits Patched: Google’s August 2025 Android security update fixed six vulnerabilities, notably two critical Qualcomm GPU flaws (CVE-2025-21479 and CVE-2025-27038) that were actively exploited in targeted attacks. CVE-2025-21479 is an improper authorization bug in the graphics component, and CVE-2025-27038 is a use-after-free in the Adreno GPU driver – both can lead to memory corruption. Qualcomm warned in June that these were under limited, targeted exploitation, and CISA had added them to its exploited vulnerabilities catalog. Android device makers are applying the patches (delivered in the 2025-08-05 update level) to prevent potential device compromise via malicious graphics content.

  • Nvidia “Triton” AI Server RCE: Nvidia released patches for a chain of three vulnerabilities (CVE-2025-23319, CVE-2025-23320, CVE-2025-23334) in its Triton AI inference server software. When combined, the flaws allow an unauthenticated attacker to achieve remote code execution on the server. Researchers at Wiz who discovered the issue demonstrated how an attacker could leak a key shared memory identifier (info leak), then read-write that memory, and finally execute arbitrary code – potentially stealing AI model data or altering ML outputs. Nvidia’s update, issued this week, addresses 17 bugs in total. Administrators are urged to apply the Triton patches, as AI infrastructure is increasingly becoming a target for novel attacks.

  • Windows Critical RCE (NEGOEX): Microsoft’s July Patch Tuesday updates included a fix for a critical Windows vulnerability, CVE-2025-47981, in the SPNEGO Extended Negotiation (NEGOEX) security mechanism. The flaw is a heap buffer overflow that earned a CVSS 9.8 score, allowing an unauthenticated attacker to execute arbitrary code on Windows systems by sending crafted messages during the authentication negotiation. While no active exploitation was reported at release, security experts warned that this kind of network-exposed RCE could be ripe for fast weaponization. Windows admins should ensure July’s patches (or later) are applied, given the severity of this bug.

Government and Industry Cyber Responses

  • Joint Advisory on Scattered Spider: Cybersecurity agencies in the U.S., U.K., Canada, and Australia issued a joint advisory warning about the Scattered Spider threat actor’s techniques and expanding target scope. The FBI and CISA highlighted the group’s sophisticated social-engineering methods (vishing help desks, MFA fatigue, etc.) and its focus on data theft and extortion across multiple sectors. The advisory urges organizations to harden MFA processes, train staff against phishing, and review logs for the indicators of compromise detailed by the agencies. The multi-nation alert reflects the continued international cooperation against ransomware and extortion gangs.

  • UK Sanctions Russian Cyber Operatives: The U.K. government imposed sanctions on 18 Russian GRU officers and three GRU units for cyber operations supporting the war in Ukraine and other malign activity. Britain’s sanctions announcement noted the GRU’s global hacking campaigns, including deployment of the X-Agent malware (used in the DNC 2016 hack) and destructive attacks like NotPetya. These measures, coordinated with allies, freeze assets and bar travel for the named Russian cyber spies. U.K. officials warned that Russia’s state-sponsored cyber aggression could spill over beyond Ukraine, and vowed to “prepare for a range of potential scenarios”. The move comes as the EU also approved its 18th round of sanctions against Moscow, and U.S. lawmakers weigh similar steps.

  • U.S. Cyber Leadership Updates: The U.S. Senate has confirmed Sean Cairncross as the new National Cyber Director, filling a key federal cybersecurity leadership role. Cairncross will lead the Office of the National Cyber Director in coordinating national cyber strategy and policy; his confirmation comes after an extended vacancy in that post. On the legislative front, the U.S. House passed a bill to formalize the NTIA’s cybersecurity role in telecom security (a response to recent Chinese hacking campaigns like Volt Typhoon), aiming to bolster how communications infrastructure threats are addressed at the federal level. Meanwhile, regulators such as the SEC and FTC are gearing up to enforce new cyber incident disclosure and data protection rules, signaling a growing emphasis on accountability for breaches.

  • Luxembourg’s Resilience Measures: Following the unprecedented July 23 telecom outage, Luxembourg’s government convened a national crisis cell to strengthen critical infrastructure resilience. Authorities are expediting a resilience review to address the single points of failure revealed by the mobile network attack. Among measures being explored are cross-carrier roaming agreements that would allow mobile phones to automatically switch to alternate providers during outages (a practice used for emergency calls in some countries). Luxembourg’s incident has also prompted broader EU discussions on protecting telecom networks from cyber sabotage, especially where reliance on a sole vendor’s technology (like Huawei) could pose systemic risks.

Miscellaneous

  • Data Breach Costs Hit Record Highs: IBM’s newly released 2025 Cost of a Data Breach Report revealed that the average cost of a breach in the U.S. reached $10.22 million, an all-time high. Globally, the average breach cost actually dipped slightly to $4.45M (the first decline in five years), but the U.S. figure continued to climb – underscoring the outsized financial impact of breaches in America. Contributing factors include higher notification and legal costs, increased ransomware payments, and more valuable data at stake. The report also noted that stolen or compromised credentials remain the top initial attack vector, and that the average time to identify and contain a breach was still over 6 months. These findings reinforce the importance of investment in prevention and incident response capabilities to reduce breach fallout.

  • Ransomware and Extortion Trends: Industry analyses this week highlighted the shifting tactics of ransomware gangs. According to the Verizon 2025 DBIR and Cybersecurity Ventures, ransomware incidents are increasingly part of “multifaceted extortion” campaigns rather than standalone file encryption attacks. Threat groups like Scattered Spider and ALPHV/BlackCat often steal sensitive data first, then leverage quadruple extortion (encryption, data leak threats, DDoS, and victim harassment) to pressure victims. Security researchers also warn of rising threats to critical infrastructure – e.g. the FBI and CISA this week re-issued warnings about Iran-affiliated actors targeting industrial control systems and satellite networks. In the first half of 2025, the healthcare sector saw a spike in ransomware (Kettering Health, DaVita, etc.), prompting federal alerts and an AHA report advising hospitals on emergency cyber incident plans.

  • AI and Security at Black Hat: The annual Black Hat USA 2025 conference kicked off in Las Vegas, with researchers spotlighting the intersection of AI and cybersecurity. Notably, experts demonstrated new attacks on AI models (“prompt injection” and adversarial examples) and warned how generative AI can be a double-edged sword – used by defenders for threat detection, but also by attackers to automate phishing and malware development. One research team unveiled “ReVault,” a set of firmware vulnerabilities affecting millions of laptops that could let malware persist in a device’s BIOS beyond OS reinstalls (a reminder of deep hardware risks). Meanwhile, at the DEF CON AI Village, hackers and academics collaborated in red-teaming AI systems to identify flaws before malicious actors do. These events underscore that as AI adoption grows, so do concerns about AI’s role in both cyber offense and defense.

  • Major Cybersecurity Reports and Initiatives: This week also saw the release of several notable security reports. The U.S. National Security Agency (NSA) published guidance on securing AI/ML systems, responding to the White House’s call (by August 1, 2025) for a public-private consortium on AI security. In addition, the World Economic Forum’s Global Cyber Outlook 2025 emphasized the proliferation of supply chain attacks and the need for collective defense strategies. Finally, cybersecurity firms are ramping up collaborative efforts: for example, CrowdStrike reported working with law enforcement on over 300 cases of North Korean IT worker fraud schemes (where DPRK operatives pose as freelance tech workers to earn revenue for the regime) – highlighting how threat intelligence sharing is tackling novel cybercrime models.

Conclusion

  • Key Takeaways: This week’s developments illustrate the blended threat of data theft and disruption. Sophisticated attackers are targeting trusted platforms (Salesforce, help desks, telco routers) to exfiltrate data and extort victims. Even organizations with mature security can be compromised via social engineering, emphasizing the need for constant user vigilance and zero-trust principles. Ransomware remains rampant – but often accompanied by data leaks and other extortion tactics, meaning backups alone are not a sufficient defense. Critical infrastructure vulnerabilities – whether in telecom networks or hospital IT – have real-world impacts, reinforcing calls for stronger public-private collaboration on resilience.

  • Lessons & Priorities: Organizations should patch promptly, especially for high-severity flaws in widely used software (Android, Windows, NVIDIA AI tools). Proactive network monitoring and incident response planning are crucial, given breaches now cost companies millions and can take months to contain. This week also highlighted the value of international cooperation – from joint cyber advisories to law enforcement takedowns – in countering global threat actors. Going forward, security leaders must pay attention to emerging risks such as AI abuse and firmware exploits, even as they address the perennial issues of phishing, weak credentials, and unpatched systems. In summary, a layered defense and adaptive strategy are more important than ever in the face of an evolving cyber threat landscape.

Sources

  • SC Media – “Jewelry brand Pandora latest victim of attacks on Salesforce apps” (Aug 6, 2025)
  • SecurityWeek – “Cisco Says User Data Stolen in CRM Hack” (Aug 5, 2025)
  • Distributed Denial of Secrets (DDoSecrets) – Recent leaks archive (July–Aug 2025)
  • SecurityWeek – “Telecom Giant Orange Hit by Cyberattack” (July 30, 2025)
  • The Record (Recorded Future News) – “Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage” (Aug 1, 2025)
  • The Record (Recorded Future News) – “Kettering Health confirms attack by Interlock ransomware group…” (June 6, 2025)
  • Cybersecurity Dive – “FBI, CISA warn about Scattered Spider’s evolving tactics” (July 29, 2025)
  • BleepingComputer – “Android gets patches for Qualcomm flaws exploited in attacks” (Aug 5, 2025)
  • Dark Reading – “NVIDIA Patches Critical RCE Vulnerability Chain” (Aug 4, 2025)
  • CrowdStrike / Tenable (via CSO Online) – analysis of Microsoft CVE-2025-47981 (July 2025)
  • CyberScoop – “UK sanctions Russian hackers, spies as US weighs its own punishments for Russia” (July 18, 2025)
  • SecurityWeek – “Cost of Data Breach in US Rises to $10.22 Million, Says Latest IBM Report” (July 30, 2025)
© 2025 Senthorus Blog