Cyber Insights series: July 2025 – this month in cybersecurity

In this Cybersecurity Insights blog series, Craig Lusher, Product Principal of Secure Solutions at C8 Secure, explores the latest cybersecurity developments, threat trends and actionable strategies to mitigate emerging risks.

Craig provides an in-depth analysis of key cybersecurity developments in July, covering critical incidents such as a high-impact Microsoft SharePoint vulnerability, an emerging PDF-based QR code phishing campaign, a major ransomware event targeting a leading global technology distributor and a significant data breach involving a prominent luxury retail brand.

Hundreds of organizations impacted by zero-day Microsoft SharePoint vulnerability

On 21 July, it was reported that an unconfirmed threat actor exploited a zero-day vulnerability in Microsoft’s SharePoint collaboration platform, compromising at least 400 organizations – including the National Nuclear Security Administration (NNSA), the US federal agency responsible for the nation’s nuclear stockpile.

The vulnerability, designated CVE-2025-53770, affects self-hosted SharePoint deployments. Successful exploitation enables remote code execution, granting unauthorized access to stored files and potentially to systems across the affected company’s network.

C8 Secure perspective: The zero-day incident – a vulnerability that was actively exploited before Microsoft had the opportunity to release patches – has since been mitigated with security updates for all affected SharePoint versions, and ongoing, automated patch management remains essential to closing gaps as soon as they are discovered. We also recommend a proactive cybersecurity strategy that includes actively searching for vulnerabilities within your environment, continuously monitoring network activity for anomalies, and leveraging automated response mechanisms to isolate compromised devices, block malicious traffic and implement immediate countermeasures.

PDF-based QR code attacks bypass detection, harvest credentials

Researchers have recently identified a sophisticated wave of QR code phishing attacks, also referred to as “quishing,” in an active campaign known as “Scanception.” This threat leverages carefully crafted emails containing PDF attachments that emulate legitimate enterprise communications. Recipients are prompted to scan embedded QR codes, which redirect to credential-harvesting websites designed to compromise sensitive information. Over the past three months, the researchers have detected more than 600 unique phishing PDFs and correlated email campaigns, highlighting a sustained and evolving risk to enterprise environments.

C8 Secure perspective: The human element continues to be an organization’s weakest link when it comes to cybersecurity. To strengthen this soft spot, we advise conducting employee training to recognize and respond to phishing attempts, implementing regular phishing simulations to identify vulnerabilities, applying mobile endpoint protection against evolving threats, adopting multi-factor authentication to enhance account security and monitoring account activity for unusual or unauthorized behavior.

SafePay ransomware hits Ingram Micro, disrupting operations

On July 5, global technology distributor Ingram Micro confirmed a ransomware attack impacting its internal systems. Subsequent disclosures on July 30 indicated that the group known as SafePay claimed responsibility, asserting the exfiltration of approximately 3.5 terabytes of company data and threatening disclosure within a three-day timeframe.

C8 Secure Perspective: Protecting operations against sophisticated cyber threats requires a rigorous, multi-layered cybersecurity strategy encompassing both advanced technologies and organizational best practices. Core components of an effective framework include:

• Conducting regular security audits, comprehensive internal/external assessments and scheduled VAPTs
• Utilizing a 24/7 Security Operations Center (SOC) equipped with robust threat detection, security information and event management (SIEM) and efficient alert triage
• Developing and maintaining documented incident detection, response and recovery protocols
• Delivering ongoing cybersecurity training and awareness initiatives to all stakeholders
• Training personnel to identify phishing, social engineering and other common threat vectors
• Enforcing strong cyber hygiene, including routine software updates, proactive patch management and implementation of multi-factor authentication (MFA)
• Strengthening supply chain security through comprehensive third-party risk assessment and continuous monitoring
• Ensuring adherence to applicable cybersecurity regulations and industry standards

Louis Vuitton targeted in multi-country customer data breach

On July 2, Louis Vuitton confirmed a cyber attack that led to the exposure of customer data across several countries. The ShinyHunters cybercrime group is alleged to be responsible, with affected customers in Italy, South Korea, Sweden, Turkey, and the United Kingdom. While details regarding any ransom demand remain unknown, Louis Vuitton has advised vigilance regarding suspicious communications and is undertaking an internal review. This attack forms part of a wider campaign targeting luxury and retail brands, with other LVMH (Moët Hennessy Louis Vuitton) brands such as Dior and Tiffany, and major retailers including Adidas and Victoria’s Secret, also recently impacted.

C8 Secure perspective: The luxury giant responded that it had “implemented technical measures to contain the incident and terminate the threat actor’s access.” To further fortify breach prevention and incident response, we recommend organizations conduct comprehensive security assessments – including cybersecurity audits, Vulnerability Assessment and Penetration Testing (VAPT) and ongoing vulnerability scans (V-Scans) – to identify and remediate risks, maintain regulatory compliance and support long-term cyber resilience.

Cybersecurity solutions for a safer tomorrow

C8 Secure provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organization’s digital assets in the face of evolving cyber threats.

For more information on how C8 Secure can support your cybersecurity initiatives, email info@c8secure.com or fill out our Contact Us page.

Let’s Get Started