Skip to content

breach_cve_trends

Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches: July 09-16, 2025

During the week under review, threat actors shifted from high-noise ransomware campaigns to quieter, precision intrusions abusing zero-day or recently patched vulnerabilities and abusing trusted cloud or software-supply-chain services. Fortinet’s FortiWeb, Citrix NetScaler ADC/Gateway and Wing FTP Server all saw in-the-wild exploits within 72 hours of public disclosure—highlighting the narrowing window between a patch release… Read More »Weekly Cybersecurity Intelligence Report Cyber Threats & Breaches: July 09-16, 2025

M&S, Co-op, and Harrods Cyberattacks: Mitigating Social Engineering Risks

On July 9, 2025, the UK’s National Crime Agency (NCA) arrested four individuals, aged 17 to 20, in connection with coordinated cyberattacks targeting UK retailers M&S, Co-op, and Harrods. The attacks are attributed to the threat actor group known as Scattered Spider and involved advanced social engineering techniques, phishing emails, and infostealer malware. Customer data… Read More »M&S, Co-op, and Harrods Cyberattacks: Mitigating Social Engineering Risks

Fortinet FortiWeb Vulnerability (CVE-2025-25257)

On July 8, 2025, Fortinet disclosed active exploitation of CVE-2025-25257, a critical SQL injection vulnerability in FortiWeb. The flaw resides in the Fabric Connector module and allows unauthenticated attackers to execute arbitrary database commands through specially crafted HTTP or HTTPS requests. Exploited systems included FortiWeb instances directly exposed to the internet. Date of Incident: July 8,… Read More »Fortinet FortiWeb Vulnerability (CVE-2025-25257)

Citrix NetScaler ADC and Gateway Vulnerability (CVE-2025-5777): Securing Remote Access Gateways

On July 10, 2025, CISA confirmed active exploitation of a critical vulnerability in Citrix NetScaler ADC and Gateway, identified as CVE-2025-5777. The flaw, dubbed Citrix Bleed 2, allows attackers to bypass authentication in configurations using Gateway or AAA virtual servers. Following confirmation, the vulnerability was added to the CISA Known Exploited Vulnerabilities (KEV) catalog, prompting… Read More »Citrix NetScaler ADC and Gateway Vulnerability (CVE-2025-5777): Securing Remote Access Gateways

Wing FTP Server Vulnerability (CVE-2025-47812)

On July 7, 2025, a critical vulnerability in Wing FTP Server was actively exploited in the wild. Identified as CVE-2025-47812 and carrying a maximum CVSS score of 10.0, the flaw allows unauthenticated attackers to execute arbitrary system commands through the product’s web interface. Security researcher Julien Ahrens discovered the issue, which originates from improper null… Read More »Wing FTP Server Vulnerability (CVE-2025-47812)

Use Cases
Technology
About
Partner
Resources

FireCompass – An EC Council Ecosystem Company.
©2025 . All Rights Reserved.

CONSENT REQUIRED

Before you continue —
a quick consent notice

This website uses functional cookies and third-party services to operate. Before they can load, we need your consent through our Consent Management Platform, operated by CookieYes (cookieyes.com).

Data transmitted to cookieyes.com
  • Your browser's IP address — transmitted as part of the outbound HTTP request
  • Your browser's User-Agent string — transmitted as part of the outbound HTTP request
  • No other data is collected or transmitted at this stage

Functional cookies are required for this website to operate. If you decline, the site cannot be fully displayed. You are always welcome to return and accept at any time.

By clicking "Accept & Continue" you will be directed to the CookieYes consent manager where you can make granular choices.  |  Privacy Policy