CyberSecurity Newsletter 14th July, 2025
In this week’s news: McDonald’s is under scrutiny after a global data breach, serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution, Fortinet has released fixes for a critical security flaw impacting FortiWeb , a professional basketball player from Russia has been arrested over allegations of involvement in major ransomware attacks, four newly disclosed Bluetooth vulnerabilities raised significant concern across the automotive industry, Wing FTP Server has come under active exploitation in the wild, Pay2Key has resurfaced in the wake of the Israel-Iran-U.S and CARSTAR Business Group fallen victim to a cyberattack.
McDonald’s is under scrutiny after a global data breach exposed the personal details of over 60 million job applicants, including those in Australia. The breach has been linked to vulnerabilities in the company’s AI-driven McHire platform and its integrated chatbot, Olivia. Alarmingly, access to the data was reportedly achieved using one of the most common passwords: 123456.
https://dailysecurityreview.com/security-spotlight/mcdonalds-massive-ai-linked-breach-sparks-industry-concerns-over-data-security-and-governance/
Cybersecurity researchers have discovered a serious security issue that allows leaked Laravel APP_KEYs to be weaponized to gain remote code execution capabilities on hundreds of applications. "Laravel's APP_KEY, essential for encrypting sensitive data, is often leaked publicly (e.g., on GitHub)," GitGuardian said. "If attackers get access to this key, they can exploit a deserialization flaw to execute arbitrary code on the server – putting data and infrastructure at risk."
https://thehackernews.com/2025/07/over-600-laravel-apps-exposed-to-remote.html
Fortinet has released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0.
https://thehackernews.com/2025/07/fortinet-releases-patch-for-critical.html
The UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods. The arrested individuals are two 19-year-old males, one 17-year-old male, and a 20-year-old female, who were apprehended earlier today in their homes in London and the West Midlands. One of them is Latvian, and the rest are English.
https://www.bleepingcomputer.com/news/security/four-arrested-in-uk-over-mands-co-op-harrods-cyberattacks/
Daniil Kasatkin, a professional basketball player from Russia and former NCAA athlete at Penn State, has been arrested in France at the request of U.S. authorities over allegations of involvement in major ransomware attacks. According to French media reports, the arrest occurred on June 21 at Paris Charles de Gaulle Airport, shortly after Kasatkin landed with his fiancée.
https://dailysecurityreview.com/security-spotlight/russian-basketball-player-arrested-in-france-for-alleged-role-in-ransomware-operations/
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler ADC and Gateway, tracked as CVE-2025-5777, to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2025-5777 flaw, dubbed ‘CitrixBleed 2‘ (CVSS v4.0 Base Score of 9.3), can allow unauthenticated attackers to steal session cookies, similar to a past critical exploit.
https://securityaffairs.com/179813/hacking/u-s-cisa-adds-citrix-netscaler-adc-and-gateway-flaw-to-its-known-exploited-vulnerabilities-catalog.html
A set of four newly disclosed Bluetooth vulnerabilities, collectively dubbed PerfektBlue, has raised significant concern across the automotive industry. Discovered by PCA Cyber Security, the flaws impact OpenSynergy’s BlueSDK stack, widely used in vehicle infotainment systems, including those found in models by Mercedes-Benz, Volkswagen, and Skoda.
https://dailysecurityreview.com/security-spotlight/perfektblue-bluetooth-vulnerabilities-expose-millions-of-vehicles-to-remote-code-execution-risks/
The Intelligence and Security Committee (ISC) report published yesterday comes at a turbulent time geopolitically, following Israeli-US strikes on Iranian nuclear facilities. Iranian threat actors pose a major threat to the UK, especially its petrochemical, utilities and finance sectors, a new parliamentary report has warned.
https://www.infosecurity-magazine.com/news/mps-warn-iranian-threat/
A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild, according to Huntress. The vulnerability, tracked as CVE-2025-47812 (CVSS score: 10.0), is a case of improper handling of null ('\0') bytes in the server's web interface, which allows for remote code execution. It has been addressed in version 7.4.4.
https://thehackernews.com/2025/07/critical-wing-ftp-server-vulnerability.html
The DoNot APT group has recently conducted a multi-stage cyber espionage campaign targeting the Italian Ministry of Foreign Affairs, according to Trellix. The group, attributed by several cyber threat intelligence companies to India, impersonated European defense officials, mentioning their visit to Bangladesh, and lured their targets to click on a malicious Google Drive link.
https://www.infosecurity-magazine.com/news/indian-cyber-espionage-italian/
An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S. The financially motivated scheme, now operating under the moniker Pay2Key.I2P, is assessed to be linked to a hacking group tracked as Fox Kitten (aka Lemon Sandstorm).
https://thehackernews.com/2025/07/iranian-backed-pay2key-ransomware.html
Hackers are now using a stealthy approach to compromise macOS users, especially targeting developers and IT professionals. SentinelOne researchers have discovered that the threat actors are bundling legitimate Mac applications with a dangerous trojan called ZuRu and distributing these modified packages through poisoned search results.
https://dailysecurityreview.com/security-spotlight/hackers-trojanize-legitimate-mac-developer-tools-with-zuru-malware/
The Department of Justice and the FBI’s Atlanta Field Office confirmed today that they have seized and dismantled several notorious online marketplaces distributing pirated video games.
https://hackread.com/fbi-seizes-major-sites-sharing-pirated-video-games/
CARSTAR Business Group, a prominent entity in the Automotive Service & Collision Repair industry, has allegedly fallen victim to a cyberattack by the Sarcoma ransomware group. The company, which employs between 50 and 99 individuals and boasts an annual revenue of $5 million to $10 million, is headquartered in Ancaster, Ontario, Canada. This breach could have significant implications given CARSTAR’s position within the automotive repair sector.
https://dailydarkweb.net/carstar-business-group-allegedly-hit-by-sarcoma-ransomware/