This month in security with Tony Anscombe – July 2025 edition

Here’s a look at cybersecurity stories that moved the needle, raised the alarm, or offered vital lessons in July 2025

31 Jul 2025

With another month behind us, it’s time for ESET Chief Security Evangelist Tony Anscombe to look at cybersecurity stories that made an impact and offered vital lessons in July 2025. Here’s Tony’s rundown of some of what stood out most over the past 30 or so days.

attacks targeting on-premises Microsoft SharePoint servers by exploiting the ToolShell zero-day vulnerabilities – and the implications of these attacks for businesses,
Lumma Stealer, previously disrupted in a global operation that also relied on ESET’s expertise, has returned, as also confirmed by ESET research,
KNP, a UK transport company with a history of 158 years, has gone out of business after cybercriminals compromised its computer systems with ransomware in an attack that began by guessing an employee’s password,
a vulnerability in McHire, McDonald’s chatbot job application platform, that exposed the chats of more than 64 million job applications across the United States, with the platform’s admin panel using “123456” as both its username and password,
so-called “PerfektBlue” critical vulnerabilities in a widely used Bluetooth stack that could have allowed remote code execution on millions of cars,
the UK government’s proposal to ban public sector bodies and critical infrastructure organizations from paying ransoms after ransomware attacks.

Don’t forget to check out the June 2025 edition of Tony’s monthly security news roundup for more insights.