Global Site
Argentina Aruba Barbados Bolivia Brazil Canada Cayman Islands Chile Colombia Costa Rica Curacao El Salvador Guatemala Honduras Mexico Paraguay Peru Puerto Rico Saint Martin Suriname United States Uruguay Venezuela
Contact Us
home News
Weekly Cyber Threat Advisory 4 July 2025

Weekly Cyber Threat Advisory 4 July 2025

7/8/2025
Weekly Cyber Threat Advisory 4 July 2025
Insert Featured Image Caption

Stay Ahead of the Curve: Top Cyber Threats and Vulnerabilities You Need to Know

In last week's cyber threat advisory, we spotlight several critical vulnerabilities, sophisticated attack campaigns, and alarming security developments that organizations and individuals must act upon immediately.

Major Vulnerabilities

Cisco Unified CM (CVE-2025-20309): A critical flaw due to static root credentials allows unauthenticated remote attackers to gain full system control. No known exploits yet, but immediate patching is essential. More details: https://sec.cloudapps.cisco.com/security/center/publicationListing.x

Chrome Zero-Day (CVE-2025-6554): Actively exploited in the wild, this V8 engine flaw permits remote code execution via crafted HTML. All users must update their Chrome versions urgently. More details: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html

Sudo Privilege Escalation (CVE-2025-32463): Found in all major Linux distributions and macOS Sequoia, this allows local users to gain root access. Patching to the latest Sudo version is critical. More details: https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot

Anthropic MCP Inspector (CVE-2025-49596): A severe remote code execution flaw threatens AI development environments. Malicious websites can hijack developer systems—highlighting risks to modern AI tooling. More details: https://www.oligo.security/blog/critical-rce-vulnerability-in-anthropic-mcp-inspector-cve-2025-49596

Active Attack Campaigns

Chinese APTs Exploit Ivanti CSA Zero-Days: Houken intrusion set targets the French government and telecoms using multiple zero-days. Attacks extend to Southeast Asia and NGOs. More details: https://www.cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-009/

NightEagle Targets Chinese Tech & Defense: Exploiting an Exchange Server flaw, this campaign uses stealthy implants and SOCKS proxies to steal sensitive mailbox data. Patching is unavailable, but monitoring is vital. More details: https://github.com/RedDrip7/NightEagle_Disclose/blob/main/Exclusive%20disclosure%20of%20the%20attack%20activities%20of%20the%20APT%20group%20NightEagle.pdf

Security News Highlights

Malicious IDE Extensions: Attackers are bypassing verification in tools like Visual Studio Code, exposing developers to remote code execution. More details: https://www.ox.security/can-you-trust-that-verified-symbol-exploiting-ide-extensions-is-easier-than-it-should-be/

Firefox Extension Scams: Over 40 malicious extensions are targeting cryptocurrency wallets by mimicking legitimate plugins. Users must verify sources before installing. More details: https://blog.koi.security/foxywallet-40-malicious-firefox-extensions-exposed-4c14419de486

North Korean Web3 Campaigns: Kimsuky APT uses Nim-based malware and fake job sites in phishing campaigns to deploy remote access tools and steal data. More details: More details: https://www.sentinelone.com/labs/macos-nimdoor-dprk-threat-actors-target-web3-and-crypto-platforms-with-nim-based-malware/

PDF-Based Callback Phishing: Attackers are impersonating Microsoft, DocuSign, and more using PDFs to trick users into calling fake support lines and installing malware. More details: https://blog.talosintelligence.com/pdfs-portable-documents-or-perfect-deliveries-for-phish/

Stay protected by regularly updating systems, verifying sources, educating users, and monitoring for anomalous activity.
For more threat insights, subscribe to our weekly advisories.

For consultation and for tailored cybersecurity advisory, contact our team at Crowe UAE, +971 55 343 8693, manesh.nair@crowe.ae