Critical Threats: Microsoft Zero-Day & VMware Hypervisor Attacks – Are You Exposed?

 

Microsoft just issued an urgent warning about a critical zero-day in SharePoint Server (CVE-2025-53770) with a severity score of 9.8—and yes, it’s already under attack. Dubbed “ToolShell”, this vulnerability lets attackers drop web shells and steal encryption keys. Microsoft urges everyone to deploy mitigations NOW, enable Defender AV, and assume compromise. A patch isn’t out yet, but the threat is real—and possibly nation-state backed. At the same time, VMware environments are being targeted by Chinese-linked group Fire Ant and the notorious Scattered Spider gang. These attackers are: * Infiltrating vCenter and ESXi using known CVEs * Bypassing segmentation * Injecting commands from host to guest * Cloning VMs and deploying ransomware at the hypervisor layer They’re even using social engineering to hijack Active Directory accounts and pivot into vSphere—fast. And it’s not just nation-states. Ransomware crews are in on the action. Oh—and if you're in Australia, you might’ve heard about a driver's license database breach being used to track identities and locations. Phishing scams, identity theft, and hyper-targeted fraud are on the rise. Stay vigilant. Freeze your credit. Hang up on suspicious callers. https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ https://www.securityweek.com/sharepoint-under-attack-microsoft-warns-of-zero-day-exploited-in-the-wild-no-patch-available/ https://cybersecuritynews.com/vgauth-flaws-of-vmware-tools/ 🔐 For deep observability and a modern defense platform that helps spot, stop, and investigate these threats fast—Plixer’s got your back. 🛡️ Stay safe. Stay alert. Subscribe for more cyber updates.

2025 Data Breach Surge: ITRC Reports 1,732 Compromises Already!

 

The Identity Theft Resource Center (ITRC) just dropped its H1 2025 Data Breach Report, and the numbers are already outpacing 2024 — 1,732 publicly reported compromises in just six months. If this trend continues, 2025 could be a record-breaking year for data breaches. Some Key Takeaways: * A 5% increase in breaches over 2024’s pace * Fewer mega breaches, but a huge jump in victim notices without root cause disclosures — now at 69% * Financial services and healthcare still the top targets * A surge in supply chain attacks and even physical breaches — yes, dumpster diving might be back * The danger of recycled data like reused logins and passwords https://www.idtheftcenter.org/publication/itrc-h1-2025-data-breach-report/ https://www.databreachtoday.com/topsy-turvy-data-breach-reality-incidents-up-victims-down-a-28995 Don’t forget: Plixer Field Guide Chapter 7 dives deep into Threat Mitigation — a perfect complement to this evolving cyber landscape. https://www.plixer.com/plixer-field-guide/ Stay secure, stay aware. Like, comment, and subscribe for more threat intelligence updates!

The McHire Breach: Old Mistakes in New Tech

 

Researchers discovered a serious vulnerability in McHire, McDonald’s AI-powered job application platform. The cause? An exposed API using the most basic credentials imaginable, possibly affecting 64 million job applicants. This is a case of cutting-edge AI combined with old-school security mistakes — and it may have exposed names, emails, phone numbers, and other personal info of tens of millions. Two researchers discovered that they could access the API with a Ramones-style song count-in and the username and password "123456." This highlights the dangers of combining new technology with old-school security mistakes. The full story is covered in a Wired article (and others): https://www.wired.com/story/mcdonalds-ai-hiring-chat-bot-paradoxai/ https://www.securityweek.com/mcdonalds-chatbot-recruitment-platform-leaked-64-million-job-applications/ https://www.csoonline.com/article/4020919/mcdonalds-ai-hiring-tools-password-123456-exposes-data-of-64m-applicants.html Platforms like Plixer One can help detect compromised APIs, data exfiltration, and break-ins before they spiral. Don’t let weak credentials be your weakest link. 👍 Like, 💬 comment, and 🔔 subscribe for more stories that blend cybersecurity, tech, and real-world impact.

June 2025 Ransomware Roundup — New Threats, New Tactics, Same Chaos

 

Here’s your June 2025 ransomware roundup — and it’s a wild one. Qilin is back on top with 86 confirmed victims, targeting telecom, healthcare, logistics, blockchain, and even a U.S. government contractor. That’s nearly 25% of all U.S. attacks this month. Why the surge? RansomHub’s collapse (sabotaged by rival group DragonForce in April) left a power vacuum — and Qilin moved fast to take advantage. June ransomware by the numbers: * 377 global incidents (just below May’s total of 401) * 213 U.S.-based attacks * Qilin leads with 50 U.S. victims But they’re not the only ones to watch: * CyberVolk, a pro-Russian hacktivist crew, dropped a brand-new strain. * Nova RaaS (formerly RALord) launched a new affiliate program with slick tools and high payouts. Scattered Spider is back — and may now be targeting U.S. airlines. Top attack vectors remain: Phishing, RDP compromise, unpatched vulnerabilities, and supply chain backdoors. Defensive takeaways: Segment critical assets, adopt Zero Trust, deploy immutable backups, and monitor across endpoints, networks, and cloud environments. https://cyble.com/blog/top-ransomware-groups-june-2025-qilin-top-spot/ https://darkfeed.io/time-statistics/ Don’t wait for a breach. Get ahead with layered visibility and rapid response tools. Like, subscribe, and stay vigilant — more threat insights coming soon.