Top 5 Cybersecurity News Stories July 4, 2025

By Editorial Team | July 4, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of. No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. Hackers Using PDFs to Impersonate Microsoft, DocuSign, and More in Callback Phishing Campaigns

A new phishing campaign identified by cybersecurity firm Cofense involves threat actors leveraging malicious PDFs that impersonate well-known brands such as DocuSign and Microsoft. These documents redirect victims to credential-harvesting websites using obfuscated JavaScript and embedded URLs. Attackers use legitimate infrastructure (like Google Firebase) to evade detection.

The campaign primarily targets enterprise users to steal email credentials, posing risks of business email compromise (BEC) and subsequent data breaches. Organizations are urged to implement layered email security and enhance user awareness training.

2. Qantas cyber hack could have stolen ‘significant’ amount of data from six million customers

Qantas Airways disclosed a cyberattack affecting its loyalty program, potentially compromising sensitive data of an undisclosed number of frequent flyers. The breach stemmed from unauthorized access to a third-party supplier’s system.

While Qantas has not observed misuse of customer data yet, the incident raises concerns amid a wave of similar breaches across Australia’s critical sectors. Authorities and the airline’s cybersecurity teams are investigating. Customers have been advised to change passwords and monitor account activity.

3. Forminator plugin flaw exposes WordPress sites to takeover attacks

A critical vulnerability in the Forminator plugin, widely used on WordPress websites, allows unauthenticated attackers to execute arbitrary code and potentially take over affected sites. The flaw, tracked as CVE-2024-28890, stems from improper input sanitization in the plugin’s form-handling logic. Over 400,000 websites may be impacted.

Although a patch was released, security experts urge administrators to update immediately and audit sites for suspicious activity. The incident highlights the persistent risks in third-party WordPress components.

4. Cyberattack on C&M Software hits Brazilian financial industry

A cyberattack on C&M Software, a key digital service provider in Brazil’s financial sector, severely impacted banking and financial operations nationwide. The attack disrupted critical services used by financial institutions for data processing and transaction management. C&M Software responded by activating emergency protocols and initiating recovery procedures.

The incident underscores vulnerabilities in financial technology infrastructure, prompting regulatory and industry scrutiny. As services are gradually restored, stakeholders are calling for enhanced cybersecurity investment and stronger incident response frameworks across Latin America’s financial ecosystem.

5. Data breach may have exposed 200,000 home-care patients’ information, say Ontario Liberals

Ontario’s Liberal Party revealed a potential data breach affecting up to 200,000 home care patients. The compromised data may include medical histories, personal information, and care records.

While the exact source remains under investigation, initial findings suggest a third-party vendor’s compromised system. The opposition is calling for transparency and stronger data governance from the provincial government. Healthcare-related breaches in Canada are increasing, prompting renewed scrutiny of cybersecurity policies in public health services.