Executive Summary

July 5, 2025, marked a significant day in the cybersecurity landscape, characterized by major data breach settlements, ongoing sophisticated cyberattacks, and critical security vulnerabilities. The day was part of a broader pattern of escalating cyber threats that defined the first half of 2025, with nation-state attacks becoming the "new norm" and critical infrastructure increasingly under siege.

Major Incidents and Developments on July 5, 2025

1. AT&T's $177 Million Data Breach Settlement

On July 5, 2025, AT&T received preliminary court approval for a massive $177 million settlement related to two major data breaches affecting millions of customers.

Key Details: - 2019 Breach: Affected 73 million individuals (7.6 million current and 65.4 million former customers) - 2022 Snowflake Breach: Impacted nearly 110 million customers' call and text metadata - Compromised Data: Social Security numbers, names, dates of birth, and frequent flyer numbers - Maximum Payouts: Up to $5,000 for 2019 breach victims, $2,500 for 2022 breach victims - Timeline: Claims process begins August 2025, final approval hearing December 3, 2025

Source: CDO Times

2. Evolve Bank & Trust Settlement

A settlement was announced for Evolve Bank & Trust's 2024 data breach, offering victims up to $3,000 in compensation plus credit monitoring services.

Breach Details: - Timeline: February-May 2024 infiltration - Affected Data: Names, Social Security numbers, bank account numbers, contact information - Settlement Benefits: Up to $3,000 for documented losses or $20 flat payment, plus one year of credit monitoring

Source: Daily Hodl

3. New Security Incidents Reported

Kentfield Hospital Cyberattack: - Victim: Kentfield Hospital (California critical care facility) - Threat Actor: World Leaks ransomware group - Impact: Patient data confirmed compromised

Max Financial Services Data Access: - Victim: Axis Max Life Insurance (subsidiary of Max Financial Services) - Nature: Unauthorized access to customer data reported by anonymous sender

Brazil Financial Sector Attack: - Victim: C&M Software (Central Bank service provider) - Impact: $140 million USD theft attributed to insider threat

Source: DataBreaches.Net

Critical Vulnerabilities and Threats

1. CitrixBleed 2 Proof-of-Concept Release

On July 5, 2025, a critical proof-of-concept exploit for "CitrixBleed 2" was publicly released, targeting Citrix NetScaler devices.

Technical Details: - Allows extraction of sensitive memory data from Citrix ADC devices - Affects enterprise networks across finance, healthcare, government, and education sectors - Enables attackers to steal login tokens and establish network persistence

Immediate Actions Required: - Apply latest Citrix firmware updates - Review system logs for unauthorized access - Implement Zero Trust principles - Conduct penetration testing on gateway devices

Source: COE Security

2. Other Critical Vulnerabilities

Roundcube Webmail (CVE-2025-49113): - CVSS Score: 9.9 (Critical) - Impact: Remote code execution affecting 53+ million hosts - Status: Over 80,000 servers confirmed exploited

Palo Alto Networks PAN-OS (CVE-2025-4231): - CVSS Score: 7.2-9.0 (High-Critical) - Impact: Command injection allowing root access - Affected Versions: 10.1 through 11.0.2

Broader Threat Landscape Context

Nation-State Activity

Iranian Cyber Threats (Warning Issued July 1, 2025): - Joint advisory from CISA, FBI, DC3, and NSA - Targeting: U.S. defense systems and critical infrastructure - Focus: Organizations with Israeli connections - Methods: Exploiting unpatched systems, default passwords, social engineering

Chinese State-Sponsored Attacks: - French government agencies compromised via Ivanti zero-day vulnerabilities - Telecommunications, finance, and transportation sectors affected - Confirmed by French National Agency for Security of Information Systems (ANSSI)

Sources: Cyber Security Review, Holm Security

Notable Criminal Activity

Mexican Drug Cartel Surveillance: - "El Chapo" cartel conducted surveillance on FBI personnel - Methods: Hacked cameras, intercepted phone calls - Objective: Identify and eliminate potential witnesses - FBI defenses reportedly still inadequate seven years later

Ransomware Developments: - Hunters International ransomware group announced closure - Offered decryption keys to all victims as "parting gesture" - Scattered Spider gang continues targeting insurance firms

Major 2025 Cyberattacks Leading to July 5

1. UNFI Cyberattack (Mid-June 2025)

• Target: United Natural Foods Inc. (major US grocery wholesaler)
• Impact: Disrupted electronic ordering, caused North American grocery shortages
• Lesson: Highlighted fragility of digital food supply systems

2. Sepah Bank Breach (March 2025)

• Target: Iran's Bank Sepah
• Perpetrator: "Codebreakers" collective
• Data Stolen: 42 million customer records (12 TB)
• Ransom Demand: $42 million in Bitcoin

3. TeleMessage Breach (May 2025)

• Target: Compliance messaging app used by US government officials
• Impact: Exposed metadata from 60+ accounts (FEMA, CBP personnel)
• Significance: Highlighted counterintelligence risks

4. SAP NetWeaver Vulnerability (April 24, 2025)

• Vulnerability: CVE-2025-31324 (critical zero-day)
• Impact: Over 581 instances actively exploited by state-linked groups
• Risk: Potential disruption to enterprise and public-sector systems

5. M&S Cyberattack (April 2025)

• Target: Marks & Spencer retail chain
• Perpetrator: Scattered Spider gang
• Method: Social engineering against contractors
• Impact: 6-week online shopping disruption, £300 million estimated losses

Source: Integrity360

Key Trends and Patterns

1. Human Element Vulnerabilities

• Social engineering remains primary attack vector
• Phishing campaigns increasingly sophisticated with AI assistance
• Employee training critical for defense

2. Supply Chain Risks

• Third-party vendor compromises leading to cascading impacts
• Need for enhanced due diligence and access controls
• Zero Trust architecture implementation essential

3. Critical Infrastructure Targeting

• Water utilities, power grids, transportation networks under constant threat
• "Midnight calls" indicating attempts to disrupt essential services
• Human vigilance paramount in critical industries

4. Geopolitical Cyber Warfare

• 700% increase in attacks on Israeli infrastructure
• Spillover effects threatening U.S. systems
• Nation-state attacks becoming normalized

Source: Cyber Security Review

Recommendations and Mitigation Strategies

Immediate Actions

1. Patch Management: Apply all critical security updates immediately
2. Access Controls: Implement phishing-resistant multi-factor authentication
3. Network Segmentation: Isolate critical systems from public internet
4. Backup Verification: Ensure comprehensive, tested backup systems

Strategic Initiatives

1. Zero Trust Implementation: Adopt "never trust, always verify" principles
2. Employee Training: Continuous cybersecurity awareness programs
3. Third-Party Risk Management: Enhanced vendor security assessments
4. Incident Response: Regular testing and updating of response plans

Regulatory and Policy Developments

• New platform guidelines for content authenticity (effective July 15, 2025)
• ENISA updated national cyber security strategy framework
• NATO integrating cybersecurity into defense spending targets
• Sweden's new digitalization strategy (2025-2030)

Conclusion

July 5, 2025, exemplified the complex and rapidly evolving cybersecurity landscape of 2025. The day's events, from major settlement approvals to new vulnerability disclosures, underscore the persistent and escalating nature of cyber threats. Organizations must adopt proactive security postures, implement robust defense mechanisms, and maintain constant vigilance against increasingly sophisticated adversaries.

The convergence of nation-state activities, criminal enterprises, and supply chain vulnerabilities creates a threat environment requiring coordinated response efforts across public and private sectors. The human element remains both the weakest link and the strongest defense, emphasizing the critical importance of comprehensive cybersecurity education and awareness programs.

Welcome to CISO Platform's Panel! CISO Platform is the world's first online community dedicated exclusively to senior security executives, including CISOs, CIOs, and cybersecurity managers. The platform's vision is simple yet powerful: enable senior security executives to share, learn, and network with their peers. And today, we're here to discuss a topic that concerns every member of this community - CISO burnout.

In association with FireCompass - A SaaS Platform for continuous Pen Testing, Red Teaming & Attack Surface Management, we delve into the complex world of CISOs, their daily battles, and the ever-looming threat of burnout. Our esteemed guests, Andy Ellis (CISO ORCA Security), Gary Bronson (CIO, Fortium Partners), Michael Seaman (VP IT, Skopos Financial), Daniel Chechik (CISO, Walkme) and Bikash Barai (Co-founder of FireCompass), share their insights.

The Alarming Reality

As a CISO, the pressure is immense. On average, CISOs work 11 more hours per week than their contracts dictate, with a staggering 10% working an additional 20 to 24 hours weekly. The role's increased strain takes its toll on various aspects of their professional and personal lives.

Impact on Tenure

Longevity in the CISO role often suffers due to excessive stress and workload. The burnout factor becomes a significant reason for CISOs deciding to seek new horizons.

Lower Engagement with Peers

The continuous firefighting mode leaves CISOs with less time and energy to engage effectively with other executives, hindering their ability to influence strategic decisions.

Impaired Leadership Capacity

CISOs, weighed down by burnout, struggle to lead their teams effectively. Essential areas such as hiring, customer communication, and professional development take a hit.

The Causes of CISO Stress

Our experts delve into the heart of the issue. Stress, they posit, occurs when expectations don't align with reality. As CISOs, many expect to be at the forefront of decision-making, but often find themselves reacting rather than proactively shaping the security agenda.

The 'C' in CISO

The prestigious 'C' in CISO, denoting Chief, implies that CISOs should be present in the room when crucial business decisions are made. However, reality often paints a different picture. Decisions are made without their input, leading to the stressful task of challenging decisions already set in stone.

>>Join the Cybersecurity Community: If you're a cybersecurity professional looking to network, learn, and grow, join the CISO Platform today: Sign Up Here.

Mitigating CISO Burnout

Now, let's explore how to manage and alleviate CISO burnout, inspired by the NIST Cybersecurity Framework's approach - Identify, Protect, Detect, Respond, and Recover.

Identify Stressors

One key step is to identify the stressors specific to your role. Accept that the world of cybersecurity is unpredictable, and challenges are part of the job. Start your day with a stoic mindset, ready to face the unexpected.

Protect Your Work

Work on shaping your environment to reduce stress. Educate your organization about the importance of cybersecurity in decision-making. Actively seek a seat at the table during crucial discussions.

Detect Stress Signals

Stress can manifest physically and mentally. Be aware of the signs and address them promptly. Create a support system within your organization to share the load.

Respond and Recover

Lastly, train your mind to handle stress effectively. Techniques like mindfulness, meditation, and time management can help maintain a healthy work-life balance.

In conclusion, CISO burnout is a real challenge, but it's not insurmountable. With the right strategies, support, and mindset, CISOs can thrive in their roles.

>>Stay Safe: Hackers Wont Wait For Your Next Pen Test: Switch to Continuous Pen Testing with FireCompass: Learn More.

In this episode of the CISOPlatform QnA, we dived into the recent Securities and Exchange Commission rules or SEC rules, that are setting a new standard for cybersecurity incident reporting, and Denise, our very own community manager at CISOPlatform joined us to share her insights that she gathered from our CISO Platform community. Here is a transcript of the discussion.


Priyanka Aash (Host, Co-founder CISOPlatform):  Hey everyone, welcome back to another episode of CISOPlatform Podcast! I'm Priyanka Aash, your host, and today we have a fascinating topic lined up that's been making waves in the cybersecurity world. We're diving into the recent Securities and Exchange Commission rules or SEC rules, that are setting a new standard for cybersecurity incident reporting, and joining us to share her insights is our very own community manager at CISOPlatform, Denise Bailey. Denise, great to have you here!

Denise Bailey (Guest, Community Manager, CISOPlatform): Thanks, Priyanka! It's always a pleasure to be on the podcast, especially when we're discussing such a pivotal advancement in safeguarding the interests of US public companies.

Priyanka Aash: Absolutely, Denise! The new SEC rules have really caught everyone's attention. Could you break it down for our listeners? What's the essence of these regulations?

Denise Bailey: Of course, Priyanka. So, these SEC rules introduced by the Securities and Exchange Commission are a significant leap forward in ensuring the security of US public companies. They lay out a comprehensive framework that demands rapid disclosure of cybersecurity incidents within just four days. Now, what's really interesting here is that companies are also required to articulate their cybersecurity posture, basically explaining how they manage risks, while boards of directors are now mandated to provide insight into their cybersecurity oversight and expertise. It's a move towards unprecedented transparency and accountability.

Priyanka Aash: Transparency and accountability indeed, Denise. Now, you've had the opportunity to interact with CISOs and security experts through our community at CISOPlatform. What's been the initial reaction to these rules?

Denise Bailey: Priyanka, it's been quite a mix of opinions and emotions. Some CISOs view this as a necessary step to ensure that companies are proactively addressing cybersecurity incidents, while others have raised concerns about the practicality of the four-day reporting window. Interestingly, a good number of companies, even those initially hesitant, are realizing that this might be a blessing in disguise. These new regulations can serve as a sort of litmus test for potential business partners, aiding due diligence efforts when evaluating partnerships, M&A deals, and supplier criteria.

Priyanka Aash: That's an intriguing perspective, Denise. Now, from your interactions, have there been any specific points of contention or areas where folks are seeking more clarity?

Denise Bailey: Absolutely, Priyanka. It's a valid question, and I think CISOs are looking for more guidance in this regard. Additionally, there's a recognition that while initial reports can be made within four days, the complete scope and impact of an incident might take longer to fully understand. This raises questions about how much detail can realistically be provided within that initial window.

Priyanka Aash: Those are valid concerns, Denise. Now, you mentioned earlier that these regulations might encourage companies to build strong cybersecurity programs integrated with board support. Can you elaborate on how this might play out?

Denise Bailey: Absolutely, Priyanka. These rules essentially challenge the status quo of cybersecurity preparedness. Companies will no longer be able to rely on flimsy foundations when it comes to protecting customer and shareholder interests. The boards of directors will need to demonstrate their active involvement and expertise in cybersecurity matters. This could potentially lead to a shift in how companies approach risk management and cybersecurity strategy, with a greater emphasis on collaboration and robust preparedness.

Priyanka Aash: Collaboration and preparedness, two crucial aspects indeed, Denise. Now, looking ahead, what do you see as the key takeaways from these SEC rules? How do you think they'll impact the cybersecurity landscape moving forward?

Denise Bailey: Priyanka, the key takeaway here is that these rules are set to instigate a profound shift in how cybersecurity incidents are reported, managed, and overseen. This level of transparency and accountability will likely elevate the importance of cybersecurity discussions within boardrooms and across organizations. We might also witness a ripple effect as other industry regulations and standards begin to adopt similar principles. In essence, these rules are poised to catalyze a fundamental improvement in cybersecurity practices, benefitting everyone involved in the process.

Priyanka Aash: Well said, Denise. It's clear that these SEC rules are stirring up some real conversations and sparking change. Thank you so much for joining us today and shedding light on this significant development.

Denise Bailey: Thank you, Priyanka, for having me. It's been a pleasure discussing this with you and I'm looking forward to seeing how these rules reshape the cybersecurity landscape in the coming months.

Priyanka Aash: Absolutely, Denise. And to all our listeners out there, stay tuned for more insightful conversations on all things cybersecurity, right here on CISOPlatform Podcast. Until next time, stay secure!

Penetration testing, often referred to as "pen testing" or "ethical hacking," is a cybersecurity assessment technique used to evaluate the security of computer systems, networks, applications, or other digital environments. The primary purpose of penetration testing is to identify vulnerabilities and weaknesses within the target system before malicious hackers can exploit them.

Here are the most common questions CISOs and members ask before, during, and after the testing process.

Statistics indicate that over 4.5 billion records of data were compromised in 2019. With hackers increasingly adopting modern cyber tools, these figures will increase in 2020. One strategy that hackers use when attacking a system is to gather relevant information about the target. This step is called reconnaissance. According to the Lockheed-Martin Corporation, reconnaissance is the initial step in a cyber-kill chain. The Recon step involves research, identification, and selection of targets and attempts to identify the target network's vulnerabilities. 

Here Are Some Of The Top Recon Tools:

1. Google

For every penetration tester, Google should be the first tool to use for continuous cyber recon. Google and other search engines like Bing, are vital during reconnaissance because it provides vital data about individuals, companies, and data, including leaked content. The obtained information is free and can help to determine the direction a penetration tester will take. 

2. Maltego CE 

Maltego is an interactive data mining tool that presents data informed by graphs for analysis. The tool is mainly applied for online investigations to provide links between pieces of information from various sources. 

How It Helps You :

• Maltego can be used for the information gathering phase of all security-related work. It will save you time and will allow you to work more accurately and smarter.
• Maltego provides you with a much more powerful search, giving you smarter results. If access to “hidden” information determines your success, Maltego can help you discover it.
• Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.

3. FireCompass

Firecompass uses elaborate reconnaissance techniques like the nation-state actors. The platform automatically discovers an organization’s dynamic digital attack surface, including unknown exposed databases, cloud buckets, code leaks, exposed credentials, risky cloud assets and open ports & more. 

• Continuous Reconnaissance for a Dynamic Perimeter
• Discover your external attack surface, shadow risks and complete asset inventory
• Identify all possible vulnerabilities from known and unknown assets.

Learn More About FireCompass RECON Platform

FireCompass also offers a free Recon Report for organizations, you can reach out for a free " Recon Report on Hackers View Of Your Attack Surface.”

4. Recon- NG

Recon-Ng is a web-based web reconnaissance tool written in Python. This tool is mainly applied by pen testers seeking web-based information. Recon-NG is preferred due to its intuitive functionalities, making it fast and effective to gather a lot of data quickly. More details on links here and here

5. Shodan

Shodan is among the first search engines for internet-connected devices. With servers located all over the world, it provides real-time intelligence regarding attest technological trends. It also has APIs that other recon tools like Nmap, Metasploit, Maltego, and FOCA use for analysis. Click here for more details.

6. Censys

Censys provides an avenue to gather data regarding all your assets to help you prevent target attacks. This tool provides actionable insights and helps you track changes in all your assets and identify potential vulnerabilities. Click here to access the user guide.

7. nMap

nMap is among the best network recon tools used by both hackers and pen testers. nMap scans networks to determine available hosts, running services and operating systems, and whether the network uses network filters like a firewall.

8. Spiderfoot

Spiderfoot is a continuous cyber recon tool that automatically queries over 100 public data sources. This tool gathers intelligence on IP addresses, domain names, and emails, among others. During recon, you specify which modules to activate based on the information that you need. Find more details here.

9. Dataspoilt

An #OSINT Framework performs various recon techniques on Companies, People, Phone Number, Bitcoin Addresses, etc., aggregate all the raw data, and give data in multiple formats.

Datasploit is useful for collecting relevant information about a target to expand your attack and defence surface quickly. The feature list includes:

• Automated OSINT on domain/email/username/phone for relevant information from different sources.
• Useful for penetration testers, cyber investigators, defensive security professionals, etc.
• Correlates and collaborative results show them in a consolidated manner.
• Tries to find out credentials, API keys, tokens, subdomains, domain history, legacy portals, and more related to the target.
• Available as a single consolidating tool as well as standalone scripts.
• Performs Active Scans on collected data.
• Generates HTML and JSON reports along with text files.
• More details here and here

10. Aquatone

A Tool for Domain Flyovers. AQUATONE is a set of tools for performing reconnaissance on domain names. It can discover subdomains on a given domain by using open sources and the more common subdomain dictionary brute force approach.

More details here and here.

Reference 1

References 2

Reference 3

This is a Cheat Sheet for Security and Risk Management for the CISSP Exam created by Comparitech. For reference click here

This is a Cheat Sheet for Security Assessment & Testing for the CISSP Exam created by Comparitech. For reference click here

This is a Cheat Sheet for Security and Risk Management for the CISSP Exam created by Comparitech.

For reference click here

This is a Cheat Sheet for Asset Security for the CISSP Exam created by Comparitech. For reference click here

This is a Cheat Sheet for Security and Risk Management for the CISSP Exam created by Comparitech. For reference click here

This blog at CISO Platform is written on behalf of Archie Jackson, Senior Director and Head of IT & IS at Incedo Inc.

10 Best Practices for a Secure “Home WiFi” Network

1. Default Router Password: Access your home WiFi router settings by typing 192.168.1.1 into
   your web browser. Enter the username and password for the router. You may find it on the
   router label. Most of the home WiFi routers are set with default username (admin) and
   generic passwords. Once logged in, change the default password of the router.
   
2. Set a unique SSID: The SSID (or Wireless Network Name) of your Wireless Router is usually
   pre-defined as “default” or is set as the brand name of the router (e.g. Linksys). Don’t use
   your name, home address or other personal information in the SSID name.
   
3. Enable Network Encryption: Wireless networks come with multiple kinds of encryption such
   as WEP, WPA or WPA2. Ensure the encryption is enabled on the router to WPA2.
   
4. Turn off SSID Broadcasting: When using a wireless router at home, it is recommended to
   disable network name broadcasting to the general public.
   
5. Enable MAC Address Filtering: All wireless devices have a unique MAC address. Make a list
   of all your hardware devices that you want to connect to your wireless network, find their
   MAC addresses, and then add them to the MAC address filtering in your router’s
   administrative settings. (You can find the MAC address for your computers by opening
   Command Prompt and typing in “ipconfig /all”, which will show your MAC address beside
   the name “Physical Address”. You can find the MAC addresses of mobile phones and other
   portable devices under their network settings)
   
6. Disable WPS: Some Wi-Fi routers offer a feature of WPS which provided an easy way to
   connect devices to a WPA protected wireless network by pushing a button or a PIN code. It
   is important to disable WPS in the router's settings as it makes it easier for unauthorized
   devices to gain access.
   
7. Firmware Update: Keep router’s firmware up to date by updating it from the router settings
   page.
   
8. Turn Off: the router when not in use.
   
9. Disable the Remote Access of the Router: Access the web interface and search for “Remote
   access” or “Remote Administration“.
   
10. Enable Rouge WiFi Access Point detection if settings are available

As the coronavirus pandemic continues to disrupt there is another threat that is rising by the day- the risk of cyberattacks. Work from home will suddenly change the security dynamics both from defense and offense perspective and the world is not prepared for it.

Here is a sample Email from a CISO to the Board:

Hello everybody,

Rapid rise in cyber attacks in recent times

• Covid19 has caused organizations to move to work from home or go online without adequate preparation and that has caused rapid change in attack surface for which organizations are not prepared. We had been relatively well prepared with (please put in the complete list) VPN, DLP, Red teaming/Pen Test and multiple other security programs in place.

Hackers are capitalizing the fear of Covid19 for social engineering

• There is a rapid rise in social engineering attacks leveraging Covid19 related messages. We had been preparing ourselves through regular awareness campaigns. However we need to be continuously aware since all it takes is a single lapse in judgement to cause a breach.

• We had seamlessly moved to work from home with a decent level of security in place including DLP, VPN,  Bitlocker encryption, multiple awareness campaigns on secure work from home. Our BCP preparation and security preparedness came handy in this situation.

This blog is posted on behalf of Nilesh Gavali. As organizations prepare for possible impacts of Coronavirus Disease 2019 (COVID-19), many may consider alternate workplace options for their employees. Remote work options—or telework—require an enterprise virtual private network (VPN) solution to connect employees to an organization’s information technology (IT) network. As organizations elect to implement telework, the Cyber security and Infrastructure Security Agency (CISA) encourages organizations to adopt a heightened state of cyber-security.

The following are cyber-security considerations regarding telework:

• As organizations use VPNs for telework, more vulnerabilities are being found and targeted by malicious cyber actors.
  
  
• As VPNs are 24/7, organizations are less likely to keep them updated with the latest security updates and patches.
  
  
• Malicious cyber actors may increase phishing emails targeting teleworkers to steal their usernames and passwords.
  
  
• Organizations that do not use multi-factor authentication (MFA) for remote access are more susceptible to phishing attacks.
  
  
• Organizations may have a limited number of VPN connections, after which point no other employee can telework. With decreased availability, critical business operations may suffer, including IT security personnel’s ability to perform cyber-security tasks.

More reference available at 

https://www.us-cert.gov/ncas/alerts/aa20-073a - Enterprise VPN Security

https://www.cisa.gov/sites/default/files/publications/20_0306_cisa_...

https://www.us-cert.gov/ncas/tips/ST04-010 - Using caution with  mail attachment.

https://www.us-cert.gov/ncas/tips/ST04-014 - Covid-19 Phishing mail awareness.