British Airways locks out flight crews. Romance and sextortion scams on the rise. McDonald's AI bot used 123456 as password. Phishing attacks climb in Q1. Protect your cell phone.
Cybersecurity News of the Week & Patch Report, July 13, 2025
This week's essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.
Sections
Section 1: National and International News
SecureTheVillage: Events. Programs. Guides. Newsletters.
Section 2: Families and Individuals: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
Section 3: Smaller Businesses and Nonprofits: A Discipline of Cybersecurity.
Cybersecurity Nonprofit of the Week
Section 4: Patch and Update Report
Section 1: National and International News
Dr. Stan Stahl, PhD of SecureTheVillage accepted into Fast Company Executive Board: Fast Company Executive Board is a vetted professional organization of business leaders committed to shaping the future of business through technology and design. Dr. Stahl was selected to join the community based on his proven expertise in cybersecurity. “My main goal as a Fast Company Executive Board Member and Contributing Columnist is to help smaller businesses understand the impact a cyber disruption will have on their lives and provide them with clear examples of what it takes to achieve reasonable cybersecurity, ” he says. “My columns will be educational, informative and engaging for readers across the United States and beyond.”
Phishing Activity Trends Reports Q1 2025 Summary: In the first quarter of 2025, APWG observed 1,003,924 phishing attacks, This was the largest number since late 2023. … Criminals are sending millions of emails each day containing QR codes. The QR codes lead consumers to phishing sites and malware. … Attacks against the online payment and financial (banking) sectors grew in 1Q 2025, together totaling 30.9 percent of all attacks. … The total number of wire transfer BEC attacks observed in Q1 2025 increased by 33 percent compared to the previous quarter.
British Airways Locks Out Pilots and Cabin Crew Amid Cyber Threat Fears: British Airways (BA) took a drastic step last week by locking hundreds of pilots and cabin crew out of key internal systems, following heightened concerns over an imminent cyberattack. … The move came without warning, disrupting crew operations and access to essential services at London Heathrow (LHR), BA’s primary hub, as well as systems managed by its parent company, International Airlines Group (IAG), PYOK exclusively reported. … Sources reveal that the disruption was linked to the urgent deployment of new cybersecurity protocols by IAG, headquartered in Madrid. … These protocols were introduced to strengthen defenses amid increasing threats from cybercriminal groups, such as Scattered Spider, which is known for targeting large enterprises through social engineering and identity spoofing.
Suspected Scattered Spider domains target everyone from manufacturers to Chipotle: While the aviation industry has borne the brunt of Scattered Spider's latest round of social engineering attacks, the criminals aim to catch manufacturing and medical tech companies — and even Chipotle Mexican Grill — in their web, as evidenced by hundreds of domains that security researchers say look a lot like phishing websites used by the criminal crews.
This Is Not Keanu: Inside the Billion-Dollar Celebrity Impersonation Bitcoin Scam: Victims think they’re talking to Keanu Reeves. Or Kevin Costner. Then come the pleas for cash. The brazen AI-fueled con that fleeces lovestruck fans and has Hollywood finally fighting back. … In November, Margaret climbed into her Toyota Camry, left her husband of 10 years at their comfortable brick home in the rural South and drove an hour to a hotel where — she was sure — Kevin Costner was coming to meet her. … By this point, Margaret, 73, had spent months making weekly bitcoin deposits for Costner totaling about $100,000. He had messaged her that he was using the money to set up a new production company where she would eventually work for him. … Online scams take many forms, but the ones weaponizing celebrity fandom are getting intense notice in Hollywood right now. … Some 400 performers, including Scarlett Johansson have signed on to support legislation making its way through Congress called the No Fakes Act, which seeks to create protections for artists’ voices, likenesses and images from unauthorized AI-generated deep fakes.
I met the sextortion scammers destroying young lives for £1 a day: The musician Jordan Stephens travelled to Nigeria to find the men behind a crime that targets up to 65 per cent of young Britons. … It was the money that surprised him most. … “They kept talking about getting their ‘2k a day’ but in Nigeria, two thousand naira is equal to £1,” Stephens says. “Often it’s about survival — that’s what these people are destroying young men’s lives for.” … Sextortion, where criminals threaten to share sexual pictures or videos of somebody unless they pay money, is on the rise in Britain. Recent figures show that 65 per cent of teenagers and young adults in Britain have been targeted, and this year the National Crime Agency issued a warning that more than 110 child sextortion attempts were reported each month.
AI chatbot’s simple ‘123456’ password risked exposing personal data of millions of McDonald’s job applicants: Security researchers found that they could access the personal information of 64 million people who had applied for a job at McDonald’s, in large part by logging into the company’s AI job hiring chatbot with the username and password “123456.”
Crypto Hacker Who Drained $42,000,000 From GMX Goes White Hat, Returns Funds in Exchange for $5,000,000 Bounty: A crypto hacker who stole tens of millions of dollars from the decentralized crypto perpetuals exchange GMX (GMX) is turning white hat by returning the stolen funds to collect a bounty. … In a new thread on the social media platform X, GMX says the hacker who stole $42 million worth of crypto assets earlier this week from its Arbitrum (ARB)-based liquidity pool is returning the funds and collecting a $5 million reward.
Four arrested in connection with M&S and Co-op cyber-attacks: Four people have been arrested by police investigating the cyber-attacks that have caused havoc at M&S and the Co-op. … They were apprehended on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group. … The hacks - which began in mid April - have caused huge disruption for the two retailers. Some Co-op shelves were left bare for weeks, while M&S expects its operations to be affected until late July, with some IT systems not fully operational until October or November. The chairman of M&S told MPs this week that it felt like the hack was an attempt to destroy the business. The retailer has estimated it will cost it £300m in lost profits. Harrods was also targeted in an attack that had less impact on its operations.
Nearly 300,000 people were impacted by cyberattack on Nova Scotia Power: Canadian utility Nova Scotia Power is notifying about 280,000 people of a data breach that occurred following a cyberattack earlier this year. … In letters to victims, the company said an investigation revealed that hackers had access to critical systems from March 19 to April 25, allowing them to steal names, addresses, driver's license numbers, Canadian Social Insurance numbers, bank account details and troves of information from the Nova Scotia Power program including power consumption, service requests, customer payment, billing and credit history, and customer correspondencе.
Louis Vuitton says UK customer data stolen in cyber-attack: Louis Vuitton has said the data of some UK customers has been stolen, as it became the latest retailer targeted by cyber hackers. … The retailer, the leading brand of the French luxury group LVMH, said an unauthorised third party had accessed its UK operation’s systems and obtained information such as names, contact details and purchase history. … The brand, which last week said its Korean operation had suffered a similar cyber-attack, told customers that no financial data such as bank details had been compromised.
SecureTheVillage
Events
July 15: Cybersecurity Connect Discussion Group. Preparing for disruption. What your small business / nonprofit can learn from how the military plans ahead. As President & General Dwight Eisenhower famously said, “In going into battle, plans are useless, but planning is indispensable.” This month, JC Vega, CISSP, retired Army Colonel and cybersecurity strategist, joins us to unpack what that really means for small businesses and nonprofits faced with the inevitable disruptions of a cyber-event. You’ll walk away with a few battle-tested strategies (and maybe a new way to think about disruption). Cybersecurity Connect is where cybersecurity professionals, IT leaders, attorneys, risk managers, executive leaders, educators, investors, and law enforcement come together to discuss challenges, exchange ideas, and strengthen our collective defenses. July 15, 3:45 - 5:00 PDT.
Programs for smaller businesses, nonprofits, and the MSP / IT service providers who support them.
The Reasonable Cybersecurity Lab™
Guides for families and individuals
How Hackable Are You? Strengthen your cybersecurity and privacy defenses with our free updated 13-step guide.
Guide to Password Managers. What you need to know to get a password manager that's right for you.
After a Disaster: A Guide to Keep Your Phone Secure, Safeguard Your Information, and Avoid Being Scammed. This is a concise guide on how to protect yourself from scams in the aftermath of a local disaster, whether it's an earthquake, major fire, hurricane, or other crisis.
SecureTheVillage FREE Newsletters. Sign up or share with a friend!
Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter, now on Substack. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.
Family Protection Newsletter: Our monthly newsletter for non-cyber experts. For your parents, friends, and those who need to protect themselves in a digital world.
Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
Protect your phone.
SIM swapping attacks expose your online accounts to hackers — but your phone carrier can help: It’s 2025, and cell phone numbers are ubiquitous. We use our phone numbers to sign up for websites and online services, from retail and banking to social media and health providers. … But if someone can steal your phone number, they can effectively become you. … With your phone number, a hacker can start gaining access to your online accounts and even trick automated systems into thinking they are you when calling customer service. A hijacked phone number can sometimes be used to access a company’s network as if they were that employee, allowing access to sensitive files and data. … This is all the more reason to proactively protect your phone number from SIM swapping, a type of cyberattack that involves a hacker hijacking a victim’s phone number. … To combat SIM swapping three major phone carriers in the United States — AT&T, T-Mobile, and Verizon — have introduced security features that make it more difficult for malicious hackers to deceptively get a customer’s account changed, such as porting out their phone number. … Take a minute or two to check your phone carrier’s account; these features are often not publicized very well and may not be enabled by default.
Always be suspicious.
Job scams are on the rise and more people are falling for them. Protect yourself with these tips. The scams start innocuously, often with tailor-made texts or WhatsApp messages, and the scammers take time to build trust with victims before cashing in on the relationships. … As job-seekers look for work in a challenging environment, an increasing number are falling victim to job scams that promise good pay for completing easy online tasks, according to the Federal Trade Commission. … Reported losses to job scams increased more than threefold from 2020 to 2023. In the first half of 2024, they topped $220 million, according to the FTC. … Tips for spotting a task-based scam: Ignore any generic and unexpected texts or WhatsApp messages about jobs, no matter how specific or complimentary the messages. … Never pay to get paid, or to get a job. That requirement is a red flag that the position is a scam. … Don’t trust employers who says they’ll pay you to rate or like things online, without an above-board process for using the actual products or services you’re rating.
This MacBook malware lets Russian hackers remotely control your device: A fake job interview on LinkedIn might end with hackers accessing your MacBook with this new, dangerous malware upgrade.
Millions of people spied on by malicious browser extensions in Chrome and Edge: Researchers have discovered a campaign that tracked users’ online behavior using 18 browser extensions available in the official Chrome and Edge webstores. The total number of installs is estimated to be over two million. … These extensions offered functionality, received good reviews, touted verification badges, and some even enjoyed featured placement. … But when an extension has been available in the web store for a while, cybercriminals can insert malicious code through updates to the extension. These updates become the bases for future malicious activity.
Section 3: Smaller Businesses and Nonprofits: A Discipline of Cybersecurity.
Kudos to the Cyber Readiness Institute. SecureTheVillage is a big fan. Their program is a key part of our Reasonable Cybersecurity Lab™ for smaller business and nonprofits.
New and Improved: The Updated Cyber Readiness Playbook Is Here: At the Cyber Readiness Institute (CRI), we’re committed to empowering small and medium-sized businesses (SMBs) to build strong, practical cyber ready foundations. That’s why we’re pleased to announce the launch of our updated Cyber Readiness Playbook—a fresh, streamlined version designed with you in mind. … Cybersecurity is no longer a “nice to have;” it’s a business imperative. Yet we know that for many SMBs, time and resources are limited, and navigating cybersecurity best practices can feel overwhelming. That’s where the Playbook comes in. And thanks to feedback from business owners, managers, and IT leads across the globe, we’ve taken your insights and reimagined the Playbook to be more practical, more actionable, and easier to use.
Vulnerability management is a critical element of a discipline of cybersecurity.
CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting Citrix NetScaler ADC and Gateway to its Known Exploited Vulnerabilities (KEV) catalog, officially confirming the vulnerability has been weaponized in the wild. … To mitigate this flaw, organizations should immediately upgrade to the patched builds listed in Citrix's June 17 advisory, including version 14.1-43.56 and later. After patching, all active sessions, especially those authenticated via AAA or Gateway, should be forcibly terminated to invalidate any stolen tokens.
Warning to ServiceNow admins: Fix your access control lists now: Unless corrected, the vulnerability allows anyone to get at sensitive data. … A vulnerability in the way ServiceNow manages user access control lists can easily allow a threat actor to steal sensitive data, says a security vendor, who urges admins to review their custom and standard data configuration tables to beef up security.
Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now: Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to achieve pre-authenticated remote code execution on vulnerable servers. … The FortiWeb vulnerability has a 9.8/10 severity score and is tracked as CVE-2025-25257. Fortinet fixed it last week in FortiWeb 7.6.4, 7.4.8, 7.2.11, and 7.0.11 and later versions.
Cybersecurity Nonprofit of the Week … Global Anti-Scam Alliance
Our kudos this week to the Global Anti-Scam Alliance. Their mission is to create a world where people worldwide are safe from the financial and emotional trauma caused by online scams. To protect consumers worldwide from scams. GASA realizes its mission by raising awareness, enabling hand-on tools for consumers and law enforcement, facilitating knowledge sharing, organizing research, supporting the development of (legal) best practices, and offering training and education. Like SecureTheVillage, the Global Anti-Scam Alliance is a fellow-member of Nonprofit Cyber.
Section 4: Weekend Patch Report
Keeping your computers, smartphones, notepads and other devices patched and updated is #4 on SecureTheVillage's How Hackable Are You Guide. The following lists current versions of common software programs. Items in Bold have been updated. Updates are usually available from within the program. If not, updates can be downloaded from the company's website. Even as patching is increasingly automated, it's important to double-check that it's being done.
7-Zip updated to 25.00.
Adobe Acrobat Reader updated to 25.001.20566
AVG 25.6.3385.
Apple iOS 18.5
Apple iPadOS 18.5
Apple macOS Sequoia 15.5
Apple macOS Sonoma 14.7.6
Apple macOS Ventura 13.7.6
Apple watchOS 11.5
Apple tvOS 18.5
Apple vision OS 2.5
Apple Safari 18.5
Brave updated to 1.80.120.
CCleaner 6.37.11523.
Chrome updated to 138.0.7204.101.
Discord updated to 1.0.9199.
Dropbox updated to 228.4.5567.
Edge updated to 138.0.3351.83.
Evernote updated to 10.145.1.
ExpressVPN 12.103.0.22
Firefox updated to 140.0.4.
Foxit Reader 2025.1.0.27937.
Google Drive for Desktop 110.0.2.0.
iTunes 12.13.7.1.
KeePass 2 updated to 2.59.
Malwarebytes 5.3.3.198.
Microsoft 365 & Office Updated.
Microsoft Windows Updated.
Notepad++ updated to 8.8.3.
OneDrive updated to 25.115.0615.0002.
Opera Chromium updated to 120.0.5543.61.
Spotify updated to 1.2.68.525.
Teams updated to 25163.3611.3774.6315.
TeamViewer 15 updated to 15.67.5.
Thunderbird updated to 140.0.1.
Zoom 6.5.3.7509.