July 2025 Cybersecurity Highlights with Tony Anscombe

From zero-day exploits to policy shifts, ESET Chief Security Evangelist Tony Anscombe breaks down the cybersecurity stories that defined July 2025—and the lessons leaders should act on now.

Top stories this month

• ToolShell zero-day attacks against on-prem Microsoft SharePoint servers, underscoring urgent patching and hardening needs for business-critical collaboration platforms.
• Lumma Stealer’s return after a global disruption effort that drew on ESET expertise—its resurgence confirmed by ESET research.
• KNP, a 158-year-old UK transport company, shuttered after a ransomware attack that began with a guessed employee password, highlighting the high cost of weak authentication.
• A McHire (McDonald’s chatbot job application platform) flaw that exposed chats tied to more than 64 million US applications; the admin panel reportedly used “123456” for both username and password.
• “PerfektBlue” critical flaws in a widely used Bluetooth stack that could have enabled remote code execution across millions of vehicles.
• A UK government proposal to prohibit public sector and critical infrastructure organizations from paying ransoms after ransomware incidents.

Why it matters

• Strengthen identity and access: eliminate weak/default credentials, enforce MFA, and monitor exposed services—especially for SharePoint and other internet-facing apps.
• Vet third-party platforms: require secure defaults, robust authentication, and regular testing from vendors handling sensitive data.
• Prepare for policy change: align incident response with evolving regulations that may restrict ransom payments.

Keep learning
Don’t miss the June 2025 edition of Tony’s monthly roundup for additional context and best practices.

Connect with us on Facebook, X, LinkedIn and Instagram.

Source: WeLiveSecurity