Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [12 Jul 2025]

admin
Cybersecurity News | Daily Recap [12 Jul 2025]

Cybersecurity threats continue to evolve with critical vulnerabilities in Wing FTP Server, Laravel, FortiWeb, Citrix, and OpenVSX marketplace being actively exploited or patched. Major data breaches involve Louis Vuitton, McDonald’s, and Albemarle County, while AI security faces challenges from jailbreaks and national security concerns with DeepSeek. #WingFTP #Laravel #FortiWeb #Citrix #OpenVSX #LouisVuitton #McDonald’s #DeepSeek

Critical Vulnerabilities & Exploits

  • Hackers rapidly exploited a critical RCE flaw (CVE-2025-47812) in Wing FTP Server, urging immediate upgrades to version 7.4.4 – Wing FTP RCE
  • Over 600 Laravel apps exposed to remote code execution via leaked APP_KEYs, highlighting risks in secret management – Laravel RCE
  • Fortinet issues patch for a critical SQL injection RCE flaw in FortiWeb (CVE-2025-25257) amid public exploit tool releases – FortiWeb Exploit, FortiWeb Patch
  • CISA mandates federal agencies patch Citrix Bleed 2 (CVE-2025-5777) within 24 hours due to active exploitation by multiple threat actors – Citrix Bleed 2, CISA Citrix Order
  • Critical zero-day in OpenVSX marketplace threatens over 10 million VS Code users with extension hijacking attacks – OpenVSX Zero-Day
  • Gravity Forms WordPress plugin compromised in supply-chain attack distributing backdoored versions, risking website takeovers – Gravity Forms Attack
  • PerfektBlue Bluetooth vulnerabilities in OpenSynergy’s BlueSDK enable remote code execution on millions of vehicles across automakers – PerfektBlue Flaws

Data Breaches & Incidents

  • Louis Vuitton confirms cyber-attack exposing UK customer data, continuing a wave of breaches in UK retail and LVMH brands – Louis Vuitton Breach
  • Albemarle County hit by ransomware disrupting phone services and leaking sensitive resident and employee data, with identity protection offered – Albemarle Ransomware
  • Over 64 million McDonald’s job applicants had personal data exposed via weak default credentials and IDOR vulnerability in McHire chatbot platform – McDonald’s Data Leak

AI & Emerging Tech Security

  • Grok-4 language model from xAI was compromised by sophisticated jailbreak techniques two days post-release, showcasing AI security challenges – Grok-4 Jailbreak
  • Czech cybersecurity agency warns DeepSeek, a Chinese AI firm, is a national security threat due to risks of intelligence exploitation, leading to an official ban on government devices – DeepSeek Warning

Hardware Security

  • NVIDIA advises enabling System Level ECC as defense against Rowhammer attacks targeting GDDR6 GPU memory, stressing hardware protection for data integrity in critical workloads – NVIDIA Rowhammer Guidance, NVIDIA ECC Advice

Legal & Incident Updates

  • Airline executive Farhad Azima agrees to dismiss nearly decade-long litigation connected to alleged hack-for-hire and corporate espionage schemes involving mercenary hackers – Azima Litigation Dismissed
  • Hacker returns majority of $42 million stolen from GMX decentralized exchange following a $5 million bounty payout, while vulnerability resolution is confirmed – GMX Crypto Return

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint