Security Update News
Update Information
| Title | Patch, track, repeat |
|---|---|
| Update ID | TALOSBLOG:06500BB7DCD7711058E9E1644129758E |
| Type | talosblog |
| Published | 2025-07-10T18:00:09 |
| Last Updated | 2025-07-10T18:00:09 |
Security Impact
| Severity | NONE |
|---|
Update Details
Welcome to this week’s edition of the Threat Source newsletter.
We’ve made it halfway through 2025 already! It’s been a while since I last wrote about CVEs and how _free support for Windows 10 will end on October 14, 2025_, leaving you with no more security fixes.
While the CVE system remains the global standard for vulnerability reporting, _recent developments_ have sparked concerns within the community about its long-term stability. Currently, the program operates solely as a U.S. government-funded initiative. Following the last-minute funding extension, we’re now seeing competing ideas and projects emerging. Whether it’s the _CVE Foundation_ working to transition from a single funding stream to a diversified and stable model, _ENISA ‘s EUVD_, or the _Global CVE Allocation System_ (GCVE), the landscape is changing.
On one hand, a multi-source environment enhances availability and resilience. On the other, this fragmentation raises practical concerns for both researchers and practitioners. We now face questions like “Where should I report a vulnerability?” and “How do I integrate and correlate vulnerability data across multiple sources with multiple identifiers?”
Looking back at the first six months of this year, we see that the rapid pace of CVE publications in 2024 has continued into 2025, with no signs of slowing down. In fact, the current trend suggests that 2025 will surpass last year’s total of a little more than 40,000 CVEs. To illustrate: the first half of 2024 saw an average of 113 CVEs published per day, whereas the first half of 2025 is running at a rate of 131 CVEs per day.
What concerns me even more is the steep increase in Known Exploited Vulnerabilities (KEVs). It wasn’t just the spike in March — we’re seeing a generally sharper rise overall.
Vendor diversity also continues to expand, increasing from 45 vendors during the first half of last year to 61 so far this year. Additionally, the proportion of KEVs affecting network-related gear has grown from 22.5% in 2024 to 25% in 2025.
But there’s a small piece of good news: So far, I haven’t seen any CVEs from as far back as 2012 being added to the KEV catalogue like we saw _last year_. This time, the oldest additions “only” go back to 2017.
Keep in mind that the CVE year merely indicates when a vulnerability was reserved or assigned. The vulnerability itself may have existed for many years prior. For example, _the recent sudo/chroot issue_ remained undiscovered for over 12 years.
In a nutshell: Keep tracking, keep patching. Vulnerabilities certainly won’t patch themselves.
## The one big thing
Microsoft’s _July 2025 security update_ addresses 132 vulnerabilities, including 14 marked as “critical,” with several remote code execution (RCE) issues affecting Windows, Office, SharePoint and Hyper-V. Although none have been exploited in the wild yet, some vulnerabilities — like those in SharePoint and SPNEGO NEGOEX — are more likely to be targeted and could allow attackers to execute code remotely or locally.
### Why do I care?
These vulnerabilities could let attackers take control of your systems, steal information or disrupt business operations, even if you haven’t seen any attacks yet. If you’re running Windows servers, SharePoint or Microsoft Office, your environment could be at risk, especially for organizations that rely on these products daily.
### So now what?
Don’t wait. Make sure you’re applying Microsoft’s July patches as soon as possible. If you use Cisco Security Firewall or SNORT®, update your rulesets to the latest versions to maximize your protection.
## Top security headlines of the week
**Alleged Chinese hacker tied to Silk Typhoon arrested for cyberespionage**
A Chinese national was arrested in Milan, Italy for allegedly being linked to the state-sponsored Silk Typhoon hacking group, which is responsible for cyberattacks against U.S. organizations and government agencies. (_Bleeping Computer_)
**Jailbreaking AI with information overload**
Researchers say you can trick AI chatbots like ChatGPT or Gemini into teaching you how to make a bomb or hack an ATM if you make the question complicated, full of academic jargon, and cite sources that do not exist. (_404 Media_)
**SatanLock is shutting down**
The announcement that the group was closing its doors first came through its official Telegram channel and dark web leak site. Hunters International, another well-known ransomware group, also recently announced that it was shutting down its operations. (_Dark Reading_)
**Ingram Micro scrambling to restore systems after ransomware attack**
The IT distributor giant confirmed over the weekend that a ransomware attack was responsible for a widespread outage over its services, and they were forced to take certain systems offline on Friday afternoon, in response to the incident. (_SecurityWeek_)
**Malicious Chrome extensions with 1.7M installs found on Web Store**
Malicious extensions with 1.7 million downloads in Google’s Chrome Web Store pose as legitimate tools but could track users, steal browser activity, and redirect to potentially unsafe web addresses. (_Bleeping Computer_)
## Can’t get enough Talos?
**Scams, jailbreaks and poetic justice**
In this episode of the TTP, Hazel Burton sits down with Talos’ Jaeson Schultz to explore the underground world of criminal LLM abuse, from elaborate scams to role-playing jailbreak prompts designed to trick AI into ignoring its own rules.
**Vulnerability Roundup**
Cisco Talos’ Vulnerability Discovery & Research team has disclosed and coordinated patches for two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat.
**_PDFs: Portable documents, or perfect deliveries for phish?_**
A popular social engineering technique returns: callback phishing, or TOAD attacks, which leverage PDFs, VoIP anonymity and even QR code tricks.
**_Beers with Talos: Terms and conceptions may apply_**
In this episode, the crew reassembles after a totally intentional and not-at-all accidental hiatus. They cover AI-assisted IVF, a possible underground war against dairy, and the real heroes: conference dogs.
## Upcoming events where you can find Talos
* _NIRMA_ (July 28 – 30) St. Augustine, FL
* _Black Hat USA_ (Aug. 2 – 7) Las Vegas, NV
## Most prevalent malware files from Talos telemetry over the past week
**SHA 256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 **
MD5: 7bdbd180c081fa63ca94f9c22c457376
VirusTotal: _https://www.virustotal.com/gui/file/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91/details_
Typical Filename: IMG001.exe
Detection Name: Simple_Custom_Detection
**SHA 256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507**
MD5: 2915b3f8b703eb744fc54c81f4a9c67f
VirusTotal: _https://www.virustotal.com/gui/file/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507_
Typical Filename: VID001.exe
Claimed Product: N/A
Detection Name: Win.Worm.Coinminer::1201
**SHA256: 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca **
MD5: 71fea034b422e4a17ebb06022532fdde
VirusTotal: _https://www.virustotal.com/gui/file/47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca/details_
Typical Filename: VID001.exe
Claimed Product: N/A
Detection Name: Coinminer:MBT.26mw.in14.Talos