Infosec bits for 2025 week 28

Heloise Meyer | July 11, 2025, 9:36 a.m.

Cybersecurity News:

Africa’s cybersecurity crisis and the push to mobilizing communities to safeguard a digital future [Sadrah Irasubiza, Help Net Security]

South Africa a top target for cybercriminals [Myles Illidge, MyBroadband]

5 Lessons We Must Learn From The World’s Biggest Cyber Heists [Bernard Marr, Forbes]

Data Breaches:

Qantas is being extorted in recent data-theft cyberattack [Lawrence Abrams, BleepingComputer]

Driver's license numbers, addresses leaked in 2024 bitcoin ATM company breach [Jonathan Greig, The Record]

Nippon Steel Subsidiary Blames Data Breach on Zero-Day Attack [Eduard Kovacs, Security Week]

Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods [Ravie Lakshmanan, The Hacker News]

Vulnerabilities & Patches:

Microsoft enjoys first Patch Tuesday of 2025 with no active exploits [Iain Thomson, The Register]

Adobe Patches Critical Code Execution Bugs [Ionut Arghire, Security Week]

PerfektBlue Bluetooth flaws impact Mercedes, Volkswagen, Skoda cars [Bill Toulas, BleepingComputer]

Ivanti, Fortinet, Splunk Release Security Updates [Ionut Arghire, Security Week]

Critical mcp‑remote Flaw Allows Remote Code Execution in LLM Clients [AnuPriya, Cyber Press]

Cyber Attack:

Fix the Click: Preventing the ClickFix Attack Vector [Rem Dudas, Palo Alto Networks]

Tooling:

New technique detects tampering or forgery of a PDF document [Sinisa Markovic, Help Net Security]