Cybersecurity & Ethical Hacking Update: Key News from 13 – 19 July 2025
It has not been a slow week in cybersecurity. In fact, just last week we saw everything from a China-sponsored breach of the US National Guard to a serious zero-day exploit on Citrix systems. The threat landscape continues to shift just as quickly and the stakes are higher and higher every time.
There are creative attackers out there pushing the envelope using advanced techniques like typo squatted GitHub repos, weaponized CAPTCHAs, and AI-assisted malware delivery.
In this update, we provide a breakdown of the biggest stories: state-sponsored intrusions, critical zero-day vulnerabilities under active exploit, DDoS and RAT campaigns, targeted data breaches by sector, and a disjointed cybersecurity workforce unable to keep pace.
No filler just the important things you need to know.
1. State-Sponsored Intrusions & Geopolitical Cyber Strategy
National Guard Network Breach (Salt Typhoon)
A leaked DHS memo verified one of the most significant cyber intrusions in the history of U.S. military cybersecurity activities: the complete compromise of a U.S. Army National Guard network, active from March to December 2024.
The breach is tied to the China-associated threat actor Salt Typhoon, known to target specific organizations/locations quietly and covertly. According to reports from The Daily Beast.
- Admin credentials
- Internal network diagrams
- 1,462 configuration files for 70 U.S. government and critical infrastructure identities across 12 sectors
This was not just simple espionage; the hackers were mapping critical infrastructure at scale. The compromised data provides paths for lateral move into other state Guard units, defense contractors, and possibly federal systems.
The intrusion took place for approximately nine months without being realized, which suggests troubling detection gaps in even some of the most secure environments.
China’s Escalating Hacking Campaigns
Stepping back, this attack fits into a larger trend: China’s cyber operations are increasing, and becoming more offensive. U.S. officials state that Chinese contractors increased their known exploit volume from 165 incidents in 2022 to even more than 330 incidents in 2023 and 2024 is on pace to show even more.
Groups like Volt Typhoon and Silk Typhoon are using zero-day exploits and actor-for-hire commercial models to penetrate disruptions into every aspect of the public and private sectors.
As The Washington Post pointed out, these campaigns have shifted from passive surveillanace to aggression and compromise. The goal is no longer just spying; it’s maintaining access for future espionage, and preparing to do so from a persistent access capacity when needed.
2. Critical Vulnerabilities & Active Exploitation
CitrixBleed 2 (CVE‑2025‑5777)
Last week, CISA released an emergency directive after determining a critical vulnerability in Citrix ADC and Gateway appliances is actively exploited, dubbed CitrixBleed 2.
The vulnerability, an input validation vulnerability, allows attackers to steal session credentials and bypass authentication altogether. According to TechRadar, and SecurityWeek, more than 100 organizations have already been breached, with many thousands more left open.
What is more concerning regarding this incident is the response timeline. CISA went from the normal patching timeline of 21 days to 24 hours, which is serious and rarely seen.
For SOC teams and sysadmins this is a fire drill, especially if Citrix is in use for remote access or internal portals. The vulnerability allows for full session hijacking, and an attacker does not need valid credentials.
Nvidia toolkit vulnerability (NVIDIAScape)
Security researchers at Wiz exposed a critical container escape vulnerability in Nvidia’s Container Toolkit, now referred to as NVIDIAScape. If exploited, an adversary can escape a container and take full control of the host.
This is high-impact risk in the cloud, especially for AI workloads (a play on Nvidia being well ahead of market opportunity, appropriate for inference work divided into AI tooling workloads as it is computationally expensive, particularly with shared GPU clusters). Organizations that use Nvidia for AI work need an immediate patch.
Apache bug fuels ongoing crypto-mining
With each unfolding vulnerability reveal, it becomes clear that unpatched vulnerabilities in systems pose outsized risk, and that’s being demonstrated with news from The Hacker News and DIESEC noting that exploiters are taking advantage of CVE-2021-41773 known Apache HTTP Server bug, to execute Linuxsys cryptocurrency miners. Clearly, it is a reminder that patch hygiene should not be optional – it is how you survive.
Source: The Hacker News
3. Malware, DDoS & Social Engineering Campaigns
Record-Breaking DDoS & RAT Campaigns
Just last week, security companies monitored a 7.3 Tbps DDoS attack the biggest one recorded according to TechRadar. The volume of junk traffic was just the start.
Attackers used spyware based on fake CAPTCHA pages that would subsequently have users download Remote Access Trojans (RATs). DDoS is becoming more sophisticated with layered attacks that demonstrate intent: DDoS attacks are no longer just for disruption but also for misdirection.
While defenders are overwhelmed by systems, attackers are quietly dropping malware or accessing adjacent services around the chance to disrupt a service. For defenders, this means viewing the quiet part of the storm from the eye of their hurricane.
GitHub as the Malware Delivery Infrastructure
Threat actors are typosquatting repositories on GitHub, uploading clones of legitimate projects that have Amadey malware, infostealers, and RATs preloaded, DIESEC Cyber Security reports.
These malicious repositories seamlessly merge into the GitHub ecosystem, easily bypassing filters and tricking fellow developers to import corrupted dependencies. This isn’t simply a social engineering issue, it is a supply chain issue. And that demand is increasing.
DevOps and SecOps teams should work together in tightening their vetting of repositories, as well as automating the dependency check before going into production.
4. Sector-Specific Attacks & Industry Fallout
Qantas Call-Center Breach
On June 30, Qantas experienced a data breach affecting roughly 5.7 million customers according to reports by News.com.au.
The compromised data included names, contact information and frequent flyer program data; fortunately, payment information was not included. The breach occurred at a third-party call-center and illustrates the risks of vendor exposure to risk.
As a response, Qantas acted quickly: namely, applied for a court injunction to prevent the continued misuse of the data; worked with cyber agencies and law enforcement; established support helplines for impacted customers; and established a phishing awareness campaign for impacted customers.
That said, the company’s response was appropriate when responding to a data breach, but the damage to customer trust may linger much longer.
UK Co-op Breach & Ethical Hacking Pivot
After a cyberattack that compromised the personal data of 6.5 million Co-op members, the UK retailer is changing the narrative.
They have partnered with The Hacking Games and are now offering educational programs designed to teach ethical hacking to young people, as reported by The Times. A bold move to utilize the fallout from a data breach as a long-term investment into developing cybersecurity talent!
5. Industry & Workforce Trends
Outdated Hiring Practices Are Hindering Security Teams
While there is a widening gap in talent, a CM Alliance shows that only 8% of Cybersecurity jobs at Fortune 100 companies are remote work opportunities.
That’s a challenge for cyber organizations, while 26% of cyber roles remain vacant. Experts suggest it is not solely about pay inflexible job titles, minimal flexibility, and lack of mental health accommodation is forcing candidates away. Human Resource teams are often disconnected from relevant current market demand, extending the pre-hiring process.
AI in Cyber Defense & Ethical Hacking
In interesting news, last week, Google’s new AI agent, “Big Sleep,” made headlines across applications because it autonomously identified and deterred real-time cyber threats, the Economic Times reported.
Big Sleep represents a monumental achievement in AI-powered defense – efficient, speed of action, and scalable. However, this performance comes with a “but” – human oversight is a requirement most especially in high-stakes settings with economic costs associated with false-positives or blind spots.
6. Policy & Budget Shifts
Based on information from Tom’s Hardware and DIESEC Cyber Security, the U.S. government’s cybersecurity budget indicates a major disparity: $1 billion for offensive cyber operations in the Indo-Pacific region over four years and $1.23 billion in cuts to civilian defensive agencies in 2026.
Moreover, the Bureau of Cyberspace & Digital Policy at the State Department is laying off staff and is even disbanding its Digital Freedom unit, which could limit the U.S.’s ability to do cyber diplomacy and enter into partnerships around digital governance, according to Politico. The change prioritizes short-term development goals over long-term strategic stability.
7. What This Means & Recommendations
Organizations that have not already done so should prioritize patching for the CitrixBleed 2 (CVE‑2025‑5777), Nvidia container escape, Apache vulnerabilities, and other realized flaws immediately as they can both be active entry points to bad actors.
For those developing applications or tools, reviewing all source code and dependencies is no longer an option review and check along your CI/CD pipeline, try to automate your factors to help, check all 3rd part components, and check your repos for typosquatted repos.
The workforce is still a bottleneck, and organizations should put money into their flexible working policies, top pay, and mental health to attract and retain talent. With that being said emerging AI defenses, like Google has released “Big Sleep”, are encouraging, but is no substitute for a human who has skills and knowledge on security.
A person can recognize blind spots, while AI doesn’t, which is again why organizations cannot solely rely on business-as-usual approaches.
Last but not the least, when it comes to budgets; they should be strategically planned to balance offense, diplomacy and defense; if organizations solely emphasize offense and not the level of defense, there will always be something missing, which inadvertently puts all involved at risk.
8. Ethical Hacking Spotlight
Co-op’s training program for youths turns breach fallout into a future talent pipeline, showcasing how crisis drives innovation in cybersecurity education. There is also a shift across ethical hacking, making use of AI-based automation and sophisticated tools for quicker discovery of vulnerabilities and mitigation.
Conclusion & Outlook
This week spotlighted the urgency to patch critical flaws, the increasing magnitude and severity of state-sponsored threats, and modernization needs of cybersecurity resources. The presence and role of AI in the domain is rapidly growing.
The next update will cover malware on GitHub tactics, evolving DDoS defenses, and how cyber defense budgets are being reshuffled.
Ready to defend against evolving cyber threats? Boost your skills with a Cyber Security Course in India and stay ahead in this fast-changing field.
Cyber Security Course in Mumbai | Cyber Security Course in Bengaluru | Cyber Security Course in Hyderabad | Cyber Security Course in Delhi | Cyber Security Course in Pune | Cyber Security Course in Kolkata | Cyber Security Course in Thane | Cyber Security Course in Chennai
