A pro-Ukraine hacking group called Silent Crow claims it successfully attacked Russia's national airline Aeroflot, forcing the cancellation of dozens of flights and causing widespread system failures. The group, working with Belarusian hackers Cyber Partisans, says it compromised Aeroflot's IT infrastructure and threatens to release passenger data. Russian prosecutors confirmed the cyber-attack and opened a criminal investigation.

The disruption mostly affected domestic routes but also flights to Belarus, Armenia, and Tashkent. Passengers were transferred to other carriers. This marks a rare visible impact from the ongoing cyber warfare between pro-Russian and pro-Ukrainian hacking groups since 2022.

Source: BBC News

Hackers accessed personal data belonging to most of Allianz Life's 1.4 million U.S. customers on July 16 through a social engineering attack on a third-party cloud system. The Minneapolis-based insurance company discovered the breach the next day and immediately contacted the FBI.

While Allianz Life's own systems weren't compromised, the attackers obtained personally identifiable information from customers, financial professionals, and some employees. The company is offering affected individuals 24 months of free identity theft protection and credit monitoring. This incident only impacts the U.S. subsidiary, not other Allianz entities worldwide.

Source: CBS News

A new ransomware group called Chaos has launched attacks across multiple sectors, primarily targeting US organizations with some victims in the UK, New Zealand, and India. The gang, which emerged in February 2025, uses sophisticated social engineering tactics—flooding targets with spam emails then impersonating IT security staff over phone calls to trick victims into granting remote access via Microsoft Quick Assist.

Cisco Talos researchers believe Chaos is likely formed by former BlackSuit/Royal gang members based on similar encryption methods and ransom note structures. The group demands large ransoms (one case involved $300,000) and threatens DDoS attacks plus data disclosure if victims don't pay.

Source: Infosecurity

CISA issued urgent security advisories Thursday covering vulnerabilities in devices from Honeywell, Medtronic, Mitsubishi, LG, and Network Thermostat that could allow attackers to execute malicious code or gain administrative access. The flaws affect critical infrastructure including manufacturing equipment, WiFi thermostats in commercial buildings, patient monitors, and security cameras.

Most concerning is a Network Thermostat vulnerability (CVE-2025-6260) with a 9.8 severity score that lets attackers reset credentials remotely. Medtronic's patient monitors contain three vulnerabilities requiring physical access, while Mitsubishi's manufacturing equipment faces DLL hijacking risks. Companies have released patches for most devices, though some older products won't receive fixes.

Source: Industrial Cyber

A Chinese cyberespionage group called Fire Ant has been targeting VMware and F5 vulnerabilities to breach supposedly secure, isolated networks. The hackers exploited critical flaws like CVE-2023-34048 in vCenter Server and CVE-2023-20867 in ESXi to gain complete control over virtualization infrastructure. They then used compromised systems as stepping stones to access guest virtual machines and tunnel between network segments that should've been separated.

Cybersecurity firm Sygnia found the group shows remarkable persistence, quickly adapting when defenders try to kick them out by deploying backup backdoors and changing tactics. The attack methods strongly resemble those used by another Chinese group, UNC3886.

Source: SecurityWeek

Over 400 organizations worldwide fell victim to Chinese hackers exploiting zero-day vulnerabilities in Microsoft SharePoint servers, including the Departments of Energy, Homeland Security, and Health and Human Services. The attack began Friday using the "ToolShell" exploit that bypasses multi-factor authentication.

Three Chinese threat groups are involved: Storm-2603 deployed Warlock ransomware starting July 18, while government-affiliated Linen Typhoon and Violet Typhoon focused on stealing intellectual property and espionage. Microsoft released emergency patches Monday, but nearly 11,000 SharePoint instances remained exposed Wednesday. Federal agencies report no confirmed data breaches so far, though investigations continue.

Source: CyberScoop

CISA has mandated that U.S. federal agencies urgently patch two critical Microsoft SharePoint vulnerabilities (CVE-2025-49706 and CVE-2025-49704) by July 23, following attacks by Chinese hackers. These flaws allow unauthorized access and remote code execution on SharePoint servers. Microsoft has released updates, urging all users to patch immediately.

Security experts warn of risks like data theft and persistent access. The directive underscores the persistent threat from APT groups, stressing the importance of swift patch management to protect government and critical infrastructure from cyber threats.

Source: The Hacker News 

Proofpoint researchers discovered four previously unknown Chinese hacking groups attacking Taiwan's semiconductor industry since last fall, marking a sharp increase in cyber espionage. The attackers used phishing emails disguised as job-seeking students, investment firms, and Microsoft security notices to breach chip manufacturers and investment banks analyzing the sector. One group even targeted legal personnel at semiconductor companies.

The campaigns deployed custom malware including Cobalt Strike, Voldemort backdoor, and SparkRAT. Taiwan's chip industry is globally critical, making it a prime target as China seeks to undermine the island's economic strength and national defense capabilities.

Source: Dark Reading

Ingram Micro, a major technology distributor with $48 billion in annual sales, confirmed a ransomware attack has disrupted its operations for days. The breach, attributed to the SafePay ransomware group, has halted software licensing services and left customers unable to access products dependent on the company's backend systems.

Sources suggest hackers breached Ingram Micro through Palo Alto's GlobalProtect VPN using stolen credentials. SafePay, active since November 2024 with over 220 victims, has previously targeted organizations across multiple countries. The company's website remains down, with customers reporting continued inability to access portals or receive email responses from departments.

Source: BankInfoSecurity