AMD has CPU meltdown, Mozilla Thunderbird has vulnerabilities, Indian defense sector attacked - Cybersecurity Headlines

Summary

Cyber Security Headlines – July 10, 2025

Hosted by CISO Series

1. AMD Warns of New CPU Vulnerabilities: Transient Scheduler Attack

AMD has disclosed a new side-channel vulnerability named the Transient Scheduler Attack (tsa), impacting a broad range of its CPU chips, including popular Ryzen and EPYC processors. While the individual flaws are rated as low to medium severity, cybersecurity firms Trend Micro and CrowdStrike classify the threat as critical due to the potential for kernel data leakage.

"The attack requires local code execution, and AMD has issued patches and recommends sysadmins update affected systems." — Sarah Lane [01:30]

Administrators are urged to apply the provided patches promptly to mitigate potential risks associated with these vulnerabilities.

2. Multiple Vulnerabilities Discovered in Mozilla Thunderbird

Security analysts have identified several vulnerabilities within Mozilla Thunderbird that could permit arbitrary code execution. Some of these flaws are rated as high severity, enabling attackers to install malicious programs or access sensitive data, particularly on systems with administrative privileges. Notable issues include a critical use-after-free bug and other memory safety concerns.

"Though there are no known active exploits, users are being urged to update to version 140 or later, apply least privilege principles, and follow patch management and endpoint protection." — Sarah Lane [02:15]

Users are strongly advised to update Thunderbird to the latest version and adhere to best security practices to safeguard their systems.

3. Crypto Platform Breaches: Bitcoin Depot and GMX

In a day marked by significant breaches in the cryptocurrency sector:

Bitcoin Depot, a major Bitcoin ATM operator, reported a breach compromising the data of nearly 27,000 users.
Shortly after, GMX, a decentralized crypto exchange, confirmed a $43 million theft from its platform attributed to an exploit. Despite having undergone top-tier security audits, GMX has suspended trading and is offering the attacker a 10% bounty for the return of the stolen funds.

"More than $40 million stolen from GMX crypto platform hours after Bitcoin Depot disclosed a breach." — Sarah Lane [03:00]

These incidents highlight the persistent vulnerabilities within the crypto ecosystem and the substantial financial impacts of such attacks.

4. APT36 Targets Indian Defense Sector

A recent report by Sai Firma reveals that APT36, linked to Pakistan, is actively targeting India's defense sector. The group employs a sophisticated phishing campaign exploiting Boss Linux, a system widely used in Indian government infrastructures. The attack vector involves malicious zip files containing deceptive linux.desktop shortcuts, which subsequently download decoy PowerPoint files and deploy an ELF binary to gain unauthorized access.

"Experts warn that the shift to Linux shows evolving tactics and call for stronger email filtering and endpoint monitoring, user training, and least privileged access to counter persistent threats in government infrastructure." — Sarah Lane [04:00]

The evolving tactics underscore the need for enhanced security measures within critical government systems.

5. Severe Flaws Unpatched in Ruckus Networks Management Devices

Researchers have uncovered multiple severe vulnerabilities in Ruckus Networks' management devices, specifically the Virtual Smart Zone (VSZ) and Ruckus Network Detector (RND). The identified flaws include hard-coded SSH keys, unauthenticated remote code execution, and weak secret management. As of now, these vulnerabilities remain unpatched.

"Carnegie Mellon's Cert CC says that Ruckus and parent company CommScope have not responded to disclosure attempts until patches are released." — Sarah Lane [04:45]

System administrators are strongly advised to isolate management interfaces and enforce stringent access protocols to protect their wireless infrastructures.

6. Czech Republic Bans Deepseek AI Startup Over Cybersecurity Concerns

The Czech Republic has prohibited the use of Chinese AI startup Deepseek within its state administration, citing significant cybersecurity risks. The decision stems from concerns over unauthorized data access influenced by China's stringent data laws. This move aligns with similar actions taken by Italy and Australia.

"Deepseek was founded back in 2023 and released its first large language model the same year." — Sarah Lane [05:30]

The ban reflects growing apprehensions about data sovereignty and the potential misuse of foreign-developed AI technologies in governmental operations.

7. Ingram Micro Recovers from Global Ransomware Attack

Ingram Micro is in the process of restoring its systems following a ransomware attack executed by the SafePay group just before July 4th. The incident disrupted ordering systems and necessitated a shift to remote work for employees. The company has resumed taking phone and email orders in multiple countries and has undertaken comprehensive security measures, including password and multi-factor authentication (MFA) resets.

"It's unclear if data was stolen, though SafePay is known for exfiltration and similar attacks." — Sarah Lane [06:15]

Recovery is ongoing, with internal systems related to logistics and fulfillment gradually returning online.

8. Do NotAPT Expands Operations to European Foreign Ministries

Cybersecurity firm Trellix reports that the Do NotAPT group, associated with India-linked threat actors, has expanded its targeting to European foreign ministries. The group employs custom LopticMod malware delivered through phishing emails that impersonate defense officials. Active since at least 2018, the malware facilitates data exfiltration, remote access, and long-term persistence, leveraging advanced anti-analysis techniques.

"Though the campaign's command and control server is now offline, the attack signals a shift in Do NotAPT’s focus from South Asia to European diplomatic targets." — Sarah Lane [07:00]

This strategic shift indicates an adaptation in threat actors' objectives, emphasizing the need for heightened vigilance within European diplomatic circles.

Conclusion

Today's cybersecurity landscape underscores the dynamic and evolving nature of threats facing both governmental and private sectors. From CPU vulnerabilities and software flaws to sophisticated phishing campaigns and substantial breaches in the crypto realm, the imperative for robust security measures and proactive defenses has never been more critical. Stakeholders are encouraged to stay informed, promptly apply security patches, and adopt best practices to mitigate potential risks.

For more detailed stories behind these headlines, visit CISOseries.com.

Transcript

Unknown Host (0:00)

From the CISO series, it's Cybersecurity Headlines.

Sarah Lane (0:07)

These are the cybersecurity headlines for Thursday, July 10, 2025. I'm Sarah Lane. AMD warns of new meltdown Spectre like bugs affecting CPUs, AMD disclosed a new side channel vulnerability, dubbed the Transient Scheduler Attack, or tsa, affecting a wide range of its channel chips, including Ryzen and EPYC processors. The individual flaws are rated low to medium severity, but Trend Micro and CrowdStrike both consider the threat critical due to potential kernel data leakage. The attack requires local code execution, and AMD has issued patches and recommends sysadmins update affected systems. Multiple vulnerabilities in Mozilla Thunderbird could allow for arbitrary code execution Multiple vulnerabilities in Mozilla Thunderbird, some rated high severity, could allow arbitrary code execution, potentially letting attackers install programs or access sensitive data, especially on systems with admin privileges. The flaws include a critical use after free bug and memory safety issues. Though there are no known active exploits, users are being urged to Update to version140 or later, apply least privilege principles and follow patch management and endpoint protection. Best Practices Bitcoin Depot breach exposes Data of nearly 27,000 crypto users More than $40 million stolen from GMX crypto platform Hours after Bitcoin Depot, a major Bitcoin ATM operator, disclosed a breach affecting nearly 27,000 users, decentralized crypto exchange GMX confirmed a $43 million theft from its platform due to an exploit. GMX says it had undergone top tier security audits but has now suspended trading and is offering the attacker a 10% bounty for the return of stolen funds. Threat actor targeting Indian defense sector A new report from Sai Firma reveals that Pakistani linked APT36 is targeting India's defense sector which with a phishing campaign exploiting Boss Linux widely used in Indian government systems. The attack uses zip files containing malicious linux.desktop shortcuts that then download decoy PowerPoint files while deploying an ELF binary for unauthorized access. Experts warn that the shift to Linux shows evolving tactics and call for stronger email filtering and endpoint monitoring, user training and least privileged access to counter persistent threats in government infrastructure. Huge thanks to our sponsor Vanta. Do you know the status of your compliance controls right now? Like right now, right this second? We know that real time visibility is critical for security, but when it comes to our GRC programs we rely on point in time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that is a new way to GRC. Get started at vanta.com headlines Ruckus Networks leaves severe flaws unpatched in management devices Researchers have disclosed multiple severe vulnerabilities in Ruckus Networks Virtual Smart Zone, or vsz, and Ruckus Network Detector or rnd, including hard coded SSH keys, unauthenticated remote code execution and weak secret management, none of which have been patched. The flaws could allow attackers full control over wireless infrastructure, especially in large scale deployments. Carnegie Mellon's Cert CC says that Ruckus and parent company Commscope have not responded to disclosure attempts until patches are released. Admins are urged to isolate management interfaces and enforce secure access protocols. The Czech Republic bans Deepseek in state administration over cybersecurity concerns the Czech Republic has banned Chinese AI startup Deepseek from use in state administration over cybersecurity concerns, citing risks of unauthorized data access due to China's data laws. The decision follows warning from the country's cybersecurity agency and mirrors similar moves by Italy and Australia. Deep Seq was founded back in 2023 and released its first large language model the same year. Ingram Micro starts restoring systems after ransomware attack Ingram Micro is restoring systems following a global ransomware attack by the SafePay group that hit just before July 4th. The attack took down ordering systems and forced employees to work remotely. The company has resumed taking phone and email orders in multiple countries and and reset all passwords and mfa. Internal systems tied to logistics and fulfillment are gradually coming back online, but full recovery is ongoing. It's unclear if data was stolen, though. SafePay is known for exfiltration and similar attacks. Do Not APT expands operations targets European Foreign ministries with LopticMod malware Cybersecurity firm Trellix says. Indian Linked Apt Group do not team targeted a Europe foreign Ministry with its custom Loptic mod malware delivered via phishing emails impersonating defense officials. The malware, active since at least 2018, enables data exfiltration, remote access and long term persistence using anti analysis innovation techniques. Though the campaign's command and control server is now offline, the attack signals a shift in do nots focused from South Asia to European diplomatic targets. Be sure to register to join us for this week's Super Cyber Friday event. All about hacking the Resilience mindset. We'll be talking about how to get buy in for shifting the overall framing of your security program, both within your security team and within the organization as a whole. It all starts 1pm this Friday, July 11th. Be sure to register and join us at our Events page and@cisoseries.com and if you have thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I'm Sarah Lane reporting for the CISO series, and we'll talk to you next time.