Cybersecurity Weekly Update (July 4, 2025): Qantas Breach, ICC Attack, Crypto Scams, Zero-Days & Global Threats
This week was punctuated by major cyber happenings worldwide. A leak of data at Qantas exposed sensitive personal data of nearly six million customers, with the International Criminal Court facing a cyber-attack pegged to espionage activities.
The U.S. Department of Justice brought charges against a North Korean IT fraud ring while Europol took down a $540-million crypto scam. There have been surges in vishing attacks and Iranian hacktivists’ activity worldwide.
At the time of writing, numerous critical vulnerabilities have been disclosed, including one for Citrix (Bleed 2), another for Google Chrome, and one more for TeleMessage.
The overall trend seems to be the escalation of state-sponsored cyber operations, rampant social engineering scams, and the never-ending exploitation of zero days that demand immediate fixes.
Major Breaches & Incident Responses
Qantas Airline Breach
There was also a data breach with Qantas Airways after a call centre platform in Manila suffered a compromise. There were names, birth dates, email IDs, phone numbers, and frequent-flyer IDs of an estimated 6 million customers leaked by the breach.
Fortunately, no credit-card or passport details seem to have been leaked” as The Guardian news reported.
The Scattered Spider group is now held responsible for the breach as they allegedly applied “vishing” and pretexting tactics.
There is an ongoing investigation by the Australian Federal Police and OAIC, and customers are warned to be on the lookout for phishing attempts as well.
International Criminal Court (ICC)
According to a report from the ICC, covering “sophisticated” cyber-attack, as seen in multiple reports from The Australian, AP News, and Bleeping Computer. The breach has been mitigated, but investigations are still taking place.
The impact comes shortly after a NATO summit held just a short distance away, causing concerns of geopolitical hacking motivations. So far, there is no confirmation if any data was compromised during the hack.
Whether the breach was geopolitically motivated or not, the ICC acted quickly, reflecting the stance of governmental organizations nearing policies and protocols pertinent to generation cybersecurity.
The incidents surrounding the ICC hacking should help teach organizations our understanding related to incidents, while providing lessons for those looking for a Cyber Security Course in India to take to learn about incident response processes in the current climate.
Source: Apnews
Law Enforcement & Government Actions
DOJ Takedown: North Korea IT Fraud
Several individuals alleged to be working for North Korea have been indicted by the U.S. Department of Justice for orchestrating an IT fraud scheme where North Korean employees masqueraded as remote workers based in the United States, targeting over 100 businesses, and fleeing with over $5 million. Pyongyang called the charges “a smear campaign” (SecurityWeek).
Europol’s $540M Crypto Fraud Bust
Europol took down a huge pig butchering crypto scam that laundered 460 million euro or approximately $540 million through fake exchanges and shell companies and exploited victims on online dating applications. Five individuals were arrested in Spain (RSI Security Blog)
U.S. & U.K. Warnings: Iran-linked Threats
The U.S. and U.K. have also issued joint warnings about Iranian state-sponsored hacktivists targeting critical infrastructure following attacks against Israel (Axios).
New York Reporting Requirements
In New York, the government is now required to report cyberattacks within 72 hours, and ransom payments within just 24 hours. WSJ
Vulnerabilities & Threat Intelligence
Citrix “Bleed 2” & ADC/Gateway vulnerabilities
Despite patches being available for quite some time, there are still an estimated 2,100 Citrix servers vulnerable to CVE – 2025-5777 and CVE – 2025-6543.
SecurityWeek describes recent active exploitation attempts, including the inevitable zero-day attacks, which would permit VPN access bypass and enterprise network access.
Chrome 138 zero-day
Google’s Chrome 138 software update addresses a high-severity zero-day vulnerability that is now actively exploited in the wild; users need to update as soon as possible to mitigate compromise risk (SecurityWeek).
TeleMessage vulnerabilities
CISA published warnings on two-of-the exploited vulnerabilities that exist in the TeleMessage TM SGNL messaging app. They indicate that “these vulnerabilities can allow attackers to intercept sender/recipient data to monitor message sender, message contents and recipient.
Anthropic MCP RCE bug
A remote code execution (RCE) vulnerability was identified in Anthropic’s Model Context Protocol inspector tool that raised further concerns over the security of AI tools (The Hacker News).
ModSecurity WAF DoS vulnerability
Due to an empty XML parsing weakness, attackers could cause denial-of-service (DoS) in ModSecurity web application firewall (WAF) protection will be impacted (Cyware).
Social Engineering & Phishing Trends
Callback Phishing (TOAD) Using PDF
After McAfee published this report, malicious actors began distribution of fake PDFs that impersonated reputable brands, including Microsoft, DocuSign, NortonLifeLock, and Geek Squad. These PDFs were used to convince victims to call fake hotlines, which would ultimately enable scammers to collect sensitive information from the victims and launch further attacks.
AI-Assisted Phishing (Vercel v0)
Okta has warned organizations that attackers are using Vercel’s generative AI tools (v0) to automatically clone phishing pages at scale. This represents a new phase in AI-assisted phishing that results in more sophisticated scams that are more difficult to detect.
An uptick in “Vishing”
Australia’s privacy agency has reported a marked increase in voice-based phishing (or “vishing”) scams, with a focus on targeting airlines and call centers. This is not surprising, given the heightened targeting of customer service and human interaction to exploit trust.
Understanding these evolving social engineering tactics is imperative for anyone studying a Cyber Security Course in India to develop effective defense strategies.
Ransomware & Malware Developments
Cl0p Ransomware Exfiltration Tool Vulnerability
In a shocking twist, researchers found a high severity remote code execution (RCE) vulnerability (CVSS 8.9) in the Cl0p ransomware Python-based exfiltration tool, which allows adversaries the potential to compromise their own infrastructure and data.
Hackers Targeting Airlines through Scattered Spider
The Scattered Spider group, known for breaching Qantas recently, has begun to target airline systems across the board. This shows a growing threat to aviation cybersecurity and passenger safety.
BianLian Ransomware Tactics Shift
The BianLian ransomware group from Russia has shifted tactics and is focusing exclusively on encrypting victim’s data and stealing information through compromised Remote Desktop Protocol (RDP) credentials, thereby raising the risk of significant operational disruption.
Policy, Regulation & Industry Response
Have There Been Changes to Australian Data Privacy Laws?
The Qantas breach highlighted the gaps in Australia’s data privacy legislation. Experts are calling for further reforms to protect consumer data.
U.K. Cyber Security and Resilience Bill
The Cyber Security and Resilience Bill in the U.K. has passed its first reading and is awaiting full legislation. The bill will require organizations to report incidents, undertake security audits and report vulnerabilities in a coordinated manner.
CISA Domestic Action
CISA is encouraging organizations to patch critical vulnerabilities with TeleMessage, AMI BMC, FortiOS and others, with a mid-July deadline to alleviate the impact of exploitations.
Global Threat Environment
Iranian Hacktivism
Iranian hacktivist groups are newly employing Russian proxy tactics and are increasingly executing disruptive cyber operations against critical infrastructure in the US.
North Korean Espionage and Fraud
North Korea’s remote IT farms continue to compromise US enterprise systems for espionage and fraud (New York Post).
Ongoing Exploitation from Cyber Criminal Groups
Groups like those called Scattered Spider and BianLian continue to exploit third party system weaknesses and unsecured Remote Desktop Protocol (RDP) access openings, demonstrating a continued lack of supply chain and remote access security.
The growing global threat landscape underscores the need for further training in cyber security, including a Cyber Security Training in India.
Scams & Fraud Insights
Crypto Romance Scams
Globally, crypto romance scams netted an estimated €460 million by manipulating victims through fake relationships and fake investments.
Parking-Fine Vishing Scam
Scammers are now texting and emailing residents, falsely claiming council-related parking fines due to a council data breach in Glasgow, that takes advantage of residents and represent an immediate risk of financial loss for victims.
Brand Impersonation Callback Phishing
There is an increase in callback phishing attacks that use PDF documents pretending to be trusted brands to lure victims.
Defensive Guidance & Recommendations
User & Consumer Tips
Beware of unsolicited pdf attachment and call back spurious parties; always check with the legitimate organization.
Post-Qantas attack, initiate MFA and monitor the accounts closely for any attempted phishing. Do keep your software and devices up to date, including Chrome 138, Citrix, TeleMessage, and RDP.
Enterprise & IT Controls
Give urgency in patching the critical vulnerability in Citrix ADC, Chrome, TeleMessage, Anthropic MCP, and ModSecurity. Secure RDP access and call-center systems with stringent voice-call verification protocols.
Encourage intelligence sharing across borders and keep abreast of emerging threats, including Iran-linked hacktivism and North Korean IT operations.
Policy & Governance
Governments should enforce a prompt class of mandatory breach reporting laws, following the example set by New York. In the meantime, airlines and critical infrastructure providers should implement third-party risk guidelines from CISA and OAIC.
A vigorous attempt to bring stronger data privacy regulations, barely existent in Australia, will heal from future breaches and foster trust.
Conclusion
Remain vigilant of AI-driven phishing and voice social engineering scams. Follow developments regarding the UK Cyber Security and Resilience Bill. Expect heightened cross-border law enforcement coordination aimed at North Korean cyber activity as well as widespread crypto fraud.
In order to develop the skills needed to combat these advanced threats, consider taking a Cyber Security Course in India and future-proof your career in Cyber Security.
Cyber Security Course in Mumbai | Cyber Security Course in Bengaluru | Cyber Security Course in Hyderabad | Cyber Security Course in Delhi | Cyber Security Course in Pune | Cyber Security Course in Kolkata | Cyber Security Course in Thane | Cyber Security Course in Chennai
