Top 5 Cybersecurity News Stories July 18, 2025
Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:
1. Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters
Cybercriminals are exploiting GitHub repositories to deploy malware by embedding malicious infrastructure within legitimate-looking projects. Attackers leverage fake profiles and repositories—often typosquatted or impersonating popular tools—to distribute payloads like info-stealers, RATs, clipboard hijackers, and droppers.
Tactics include password-protected ZIP files, DLL side-loading, memory injection, and obfuscation to evade detection. The campaign notably targets developers and gamers. To defend against these threats, users are advised to avoid untrusted code, scrutinize repository authenticity, implement behavior-based endpoint protection, disable executable permissions in user folders, and monitor system anomalies.
Read more on The Hacker News
2. Microsoft Teams voice calls abused to push Matanbuchus malware
Attackers are abusing Microsoft Teams voice calls to push the Matanbuchus malware loader, impersonating IT help desk staff and initiating Quick Assist sessions. The threat exploits social engineering: victims are convinced to run PowerShell scripts that deploy Matanbuchus’ stealthy loader.
The latest Matanbuchus 3.0 variant features enhanced communication protocols, in-memory execution, obfuscation, CMD/PowerShell reverse-shells, DLL/EXE/shellcode payload support, and comprehensive system reconnaissance. Offered as Malware‑as‑a‑Service for up to $15,000/month, this loader represents a growing trend of communications-based intrusion and sophisticated loader frameworks.
Read more on Bleeping Computer
3. Co-op issues update following ‘devastating’ cyber-attack data breach
The Co‑op has issued an update following a disruptive cyber‑attack in April that impacted its IT infrastructure. The breach exposed personal data of all 6.5 million Co‑op members (names, addresses, contact details), though financial data remained unaffected. Operational disruptions occurred in payment systems and supply chains, although stores and funeral services stayed open.
iStock.com/yujie chen
In response, four suspects aged 17–20 were arrested on July 10, facing charges related to blackmail, money laundering, and Computer Misuse Act violations. CEO Shirine Khoury‑Haq expressed regret and emphasized enhancements in security posture, including a collaboration to channel young technical talent into cybersecurity careers.
Read more on Manchester Evening News
4. Max severity Cisco ISE bug allows pre-auth command execution, patch now
Cisco Identity Services Engine (ISE) and ISE‑Passive Identity Connector (PIC) are affected by two critical, unauthenticated remote code execution vulnerabilities (e.g., CVE‑2025‑20337). These max‑severity flaws enable an attacker to deploy malicious files, execute arbitrary commands, or gain root privileges without authentication.
Cisco has released urgent patches and strongly recommends immediate updates; no workarounds are currently available. The vulnerabilities, exploited via exposed APIs and improper input validation, pose significant threats to enterprise access‑control infrastructure. Administrators should prioritize patching to protect ISE deployments integral to network access policy enforcement.
Read more on Bleeping Computer
5. Spies and SAS troops among UK nationals’ details in Afghan leak, BBC says
In what is considered one of the UK’s most severe data breaches, a Ministry of Defence leak in early 2022 exposed personal information of over 100 British nationals—including MI6 operatives, SAS personnel, lawmakers, and senior military officials. The data resurfaced online in 2023, prompting a covert £2 billion relocation program for more than 16,000 Afghans to protect them from Taliban reprisals.
A super‑injunction suppressing the disclosure was lifted on July 15, 2025. Defence Secretary John Healey has formally apologized, and the MoD reaffirmed its commitment to safeguarding those deployed in sensitive roles.
Read more on Reuters
At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.
For more information, please contact us now!
