Cyber Security Headlines – July 10, 2025

Hosted by CISO Series

1. AMD Warns of New CPU Vulnerabilities: Transient Scheduler Attack

AMD has disclosed a new side-channel vulnerability named the Transient Scheduler Attack (tsa), impacting a broad range of its CPU chips, including popular Ryzen and EPYC processors. While the individual flaws are rated as low to medium severity, cybersecurity firms Trend Micro and CrowdStrike classify the threat as critical due to the potential for kernel data leakage.

"The attack requires local code execution, and AMD has issued patches and recommends sysadmins update affected systems." — Sarah Lane [01:30]

Administrators are urged to apply the provided patches promptly to mitigate potential risks associated with these vulnerabilities.

2. Multiple Vulnerabilities Discovered in Mozilla Thunderbird

Security analysts have identified several vulnerabilities within Mozilla Thunderbird that could permit arbitrary code execution. Some of these flaws are rated as high severity, enabling attackers to install malicious programs or access sensitive data, particularly on systems with administrative privileges. Notable issues include a critical use-after-free bug and other memory safety concerns.

"Though there are no known active exploits, users are being urged to update to version 140 or later, apply least privilege principles, and follow patch management and endpoint protection." — Sarah Lane [02:15]

Users are strongly advised to update Thunderbird to the latest version and adhere to best security practices to safeguard their systems.

3. Crypto Platform Breaches: Bitcoin Depot and GMX

In a day marked by significant breaches in the cryptocurrency sector:

• Bitcoin Depot, a major Bitcoin ATM operator, reported a breach compromising the data of nearly 27,000 users.

• Shortly after, GMX, a decentralized crypto exchange, confirmed a $43 million theft from its platform attributed to an exploit. Despite having undergone top-tier security audits, GMX has suspended trading and is offering the attacker a 10% bounty for the return of the stolen funds.

"More than $40 million stolen from GMX crypto platform hours after Bitcoin Depot disclosed a breach." — Sarah Lane [03:00]

These incidents highlight the persistent vulnerabilities within the crypto ecosystem and the substantial financial impacts of such attacks.

4. APT36 Targets Indian Defense Sector

A recent report by Sai Firma reveals that APT36, linked to Pakistan, is actively targeting India's defense sector. The group employs a sophisticated phishing campaign exploiting Boss Linux, a system widely used in Indian government infrastructures. The attack vector involves malicious zip files containing deceptive linux.desktop shortcuts, which subsequently download decoy PowerPoint files and deploy an ELF binary to gain unauthorized access.

"Experts warn that the shift to Linux shows evolving tactics and call for stronger email filtering and endpoint monitoring, user training, and least privileged access to counter persistent threats in government infrastructure." — Sarah Lane [04:00]

The evolving tactics underscore the need for enhanced security measures within critical government systems.

5. Severe Flaws Unpatched in Ruckus Networks Management Devices

Researchers have uncovered multiple severe vulnerabilities in Ruckus Networks' management devices, specifically the Virtual Smart Zone (VSZ) and Ruckus Network Detector (RND). The identified flaws include hard-coded SSH keys, unauthenticated remote code execution, and weak secret management. As of now, these vulnerabilities remain unpatched.

"Carnegie Mellon's Cert CC says that Ruckus and parent company CommScope have not responded to disclosure attempts until patches are released." — Sarah Lane [04:45]

System administrators are strongly advised to isolate management interfaces and enforce stringent access protocols to protect their wireless infrastructures.

6. Czech Republic Bans Deepseek AI Startup Over Cybersecurity Concerns

The Czech Republic has prohibited the use of Chinese AI startup Deepseek within its state administration, citing significant cybersecurity risks. The decision stems from concerns over unauthorized data access influenced by China's stringent data laws. This move aligns with similar actions taken by Italy and Australia.

"Deepseek was founded back in 2023 and released its first large language model the same year." — Sarah Lane [05:30]

The ban reflects growing apprehensions about data sovereignty and the potential misuse of foreign-developed AI technologies in governmental operations.

7. Ingram Micro Recovers from Global Ransomware Attack

Ingram Micro is in the process of restoring its systems following a ransomware attack executed by the SafePay group just before July 4th. The incident disrupted ordering systems and necessitated a shift to remote work for employees. The company has resumed taking phone and email orders in multiple countries and has undertaken comprehensive security measures, including password and multi-factor authentication (MFA) resets.

"It's unclear if data was stolen, though SafePay is known for exfiltration and similar attacks." — Sarah Lane [06:15]

Recovery is ongoing, with internal systems related to logistics and fulfillment gradually returning online.

8. Do NotAPT Expands Operations to European Foreign Ministries

Cybersecurity firm Trellix reports that the Do NotAPT group, associated with India-linked threat actors, has expanded its targeting to European foreign ministries. The group employs custom LopticMod malware delivered through phishing emails that impersonate defense officials. Active since at least 2018, the malware facilitates data exfiltration, remote access, and long-term persistence, leveraging advanced anti-analysis techniques.

"Though the campaign's command and control server is now offline, the attack signals a shift in Do NotAPT’s focus from South Asia to European diplomatic targets." — Sarah Lane [07:00]

This strategic shift indicates an adaptation in threat actors' objectives, emphasizing the need for heightened vigilance within European diplomatic circles.

Conclusion

Today's cybersecurity landscape underscores the dynamic and evolving nature of threats facing both governmental and private sectors. From CPU vulnerabilities and software flaws to sophisticated phishing campaigns and substantial breaches in the crypto realm, the imperative for robust security measures and proactive defenses has never been more critical. Stakeholders are encouraged to stay informed, promptly apply security patches, and adopt best practices to mitigate potential risks.

For more detailed stories behind these headlines, visit CISOseries.com.