Infosec bits for 2025 week 30

Heloise Meyer | July 25, 2025, 1:18 p.m.

Cybersecurity News:

Microsoft hack spreads into SA; sensitive information at risk [Nicola Mawson, ITweb]

Humans can be tracked with unique 'fingerprint' based on how their bodies block Wi-Fi signals [Thomas Claburn, The Register]

BlackSuit ransomware extortion sites seized in Operation Checkmate [Sergiu Gatlan, BleepingComputer]

Japanese police release decryptor for Phobos ransomware after February takedown [Jonathan Greig, The Record]

As AI tools take hold in cybersecurity, entry-level jobs could shrink [Sinisa Markovic, HelpNetSecurity]

Cyberattacks:

Attacks Targeting Linux SSH Servers to Install SVF DDoS Bot [ASEC, ASEC]

Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers [Ravie Lakshmanan, The Hacker News]

ToolShell: An all-you-can-eat buffet for threat actors [ESET Research, ESET]

Active Exploitation of Microsoft SharePoint Vulnerabilities: Threat Brief (Updated July 24) [Palo Alto Networks, Palo Alto Networks]

Vulnerabilities & Patches:

ExpressVPN bug leaked user IPs in Remote Desktop sessions [Bill Toulas, BleepingComputer]

Sophos fixed two critical Sophos Firewall vulnerabilities [Pierluigi Paganini, Security Affairs]

High-Severity Flaws Patched in Chrome, Firefox [Ionut Arghire, SecurityWeek]

Cisco Confirms Active Exploits Targeting ISE Flaws Enabling Unauthenticated Root Access [Ravie Lakshmanan, The Hacker News]