Cybersecurity Threats and Trends - 07/31/2025

In partnership with

Want to get the most out of ChatGPT?

ChatGPT is a superpower if you know how to use it correctly.

Discover how HubSpot's guide to AI can elevate both your productivity and creativity to get more things done.

Learn to automate tasks, enhance decision-making, and foster innovation with the power of AI.

Download the free guide

While you were busy debating whether your password manager is worth the monthly subscription fee, threat actors were busy turning enterprise SharePoint servers into their personal command centers. Welcome to this week's cybersecurity nightmare fuel – where zero-days are the appetizer and ransomware is the main course.

3. Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Primary Threat: A critical vulnerability affecting both Safari and Chrome browsers has been exploited in zero-day attacks before patches were available.

Risk: HIGH

Apple has released security updates addressing a high-severity vulnerability that was previously exploited in zero-day attacks targeting Google Chrome users and has now been found to affect Safari as well. This cross-platform vulnerability demonstrates the interconnected nature of modern browser security, where flaws in underlying rendering engines or shared components can impact multiple browser families simultaneously. The fact that this vulnerability was actively exploited as a zero-day before patches were available indicates sophisticated threat actors with advanced capabilities were likely behind the attacks. The cross-platform nature of this vulnerability significantly expands the potential attack surface, affecting users across different operating systems and browser preferences.

Detection and Remediation Tips:

• Update Safari immediately to the latest version released by Apple

• Ensure Google Chrome is updated to the most recent version if not already patched

• Consider implementing browser isolation technologies for high-risk users

• Review browser security policies and ensure automatic updates are enabled across your organization

4. Hackers Exploit SAP NetWeaver Bug to Deploy Linux Auto-Color Malware

Primary Threat: Attackers are exploiting a critical SAP NetWeaver vulnerability to deploy specialized Linux malware in targeted attacks against enterprise systems.

Risk: HIGH

Cybersecurity researchers have identified active exploitation of CVE-2025-31324, a critical vulnerability in SAP NetWeaver, being used to deploy Auto-Color Linux malware in attacks targeting enterprise environments. The attack was discovered during an incident response engagement at a U.S.-based chemicals company, highlighting how threat actors are increasingly targeting critical enterprise software platforms to gain initial access to corporate networks. SAP NetWeaver serves as the foundation for many enterprise SAP applications, making successful exploitation particularly dangerous as it can provide attackers with access to core business systems and sensitive data. The Auto-Color malware appears to be specifically designed for Linux environments, suggesting attackers are adapting their toolsets to target the growing number of Linux-based enterprise systems and cloud infrastructure.

Detection and Remediation Tips:

• Immediately apply SAP security patches for CVE-2025-31324 if not already implemented

• Conduct thorough security assessments of all SAP NetWeaver installations

• Implement network segmentation to limit the potential impact of SAP system compromises

• Monitor SAP systems for unusual process execution and network connections

• Review access controls and authentication mechanisms for all SAP environments

5. Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

Primary Threat: Chinese companies affiliated with the state-sponsored Silk Typhoon hacking group have filed multiple technology patents revealing advanced cyber espionage capabilities.

Risk: HIGH

Security researchers at SentinelOne have revealed that Chinese companies linked to the state-sponsored hacking group Silk Typhoon (also known as Hafnium) have filed over a dozen technology patents covering sophisticated forensics and intrusion tools. These patents detail capabilities for encrypted endpoint data collection, Apple device forensics, and remote access to routers and smart home devices, providing unprecedented insight into the technical capabilities and operational focus of state-sponsored cyber operations. The patent filings represent a significant intelligence disclosure, as they reveal not only the specific technical approaches being developed but also the companies and individuals behind these capabilities. This research demonstrates the importance of tracking not just campaign activities but also the corporate infrastructure and intellectual property development that supports advanced persistent threat operations.

Detection and Remediation Tips:

• Review and strengthen endpoint detection and response capabilities, particularly for encrypted data collection attempts

• Implement additional monitoring for Apple device management and forensics activities

• Assess security controls for network infrastructure devices including routers and IoT devices

• Consider the implications of these disclosed capabilities when conducting threat modeling exercises

6. Critical Dahua Camera Flaws Enable Remote Hijack via ONVIF and File Upload Exploits

Primary Threat: Critical vulnerabilities in Dahua smart cameras allow unauthenticated attackers to completely take over surveillance devices through remote exploitation.

Risk: HIGH

Bitdefender researchers have disclosed critical security flaws in Dahua smart camera firmware that enable unauthenticated remote code execution and complete device takeover. The vulnerabilities, tracked as CVE-2025-31700 and CVE-2025-31701 with CVSS scores of 8.1, affect the device's ONVIF protocol and file upload handlers across multiple Dahua camera series including IPC-1XXX, IPC-2XXX, IPC-WX, IPC-ECXX, and various SD series models. These flaws allow attackers to execute arbitrary commands remotely without any authentication, effectively providing complete control over affected surveillance systems. The vulnerabilities impact devices with firmware built before April 16, 2025, and users can check their device's build time through the web interface under Settings > System Information > Version. The compromise of surveillance cameras presents unique security risks as these devices often have privileged network access and can be used for reconnaissance, lateral movement, or as persistent footholds in target environments.

Detection and Remediation Tips:

• Immediately update Dahua camera firmware to versions with build timestamps after April 16, 2025

• Implement network segmentation to isolate surveillance cameras from critical business systems

• Change default credentials on all Dahua devices and implement strong authentication

• Monitor network traffic from surveillance devices for unusual communication patterns

• Consider implementing additional access controls and monitoring for all IoT devices in your environment

IN SUMMARY:

The SharePoint zero-day represents a particularly concerning development, with over 75 company servers already compromised and the vulnerability enabling pre-authentication code execution.

The targeting of supply chain companies like Ingram Micro shows how attackers are focusing on high-value targets that can provide access to multiple downstream organizations.

Meanwhile, the disclosure of Chinese state-sponsored capabilities through patent filings provides rare insight into the technical sophistication of nation-state operations.

Cross-platform vulnerabilities affecting both Safari and Chrome highlight the interconnected nature of modern software security, while the exploitation of SAP NetWeaver and IoT devices like Dahua cameras shows that attackers continue to target the full spectrum of enterprise technology infrastructure.

🚨 Key Takeaways:
✔️ Zero-day vulnerabilities in enterprise software like SharePoint can provide attackers with immediate, large-scale access to corporate networks before patches are available.
✔️ Cross-platform vulnerabilities demonstrate that security flaws can impact users regardless of their choice of browser or operating system.
✔️ Supply chain attacks targeting IT distributors like Ingram Micro can have cascading effects across multiple organizations and industries.
✔️ Nation-state actors are developing increasingly sophisticated capabilities, as evidenced by the technical patents filed by Chinese companies linked to Silk Typhoon.
✔️ Critical enterprise software platforms including SAP NetWeaver remain high-value targets for attackers seeking to compromise business-critical systems.
✔️ IoT devices such as surveillance cameras continue to present significant security risks when not properly secured and updated.

🔎 Immediate Actions:
✔️ Conduct an immediate audit of all Microsoft SharePoint Server installations and apply emergency mitigations including AMSI configuration and Defender deployment.
✔️ Review and strengthen third-party risk management procedures, particularly for critical suppliers and service providers like IT distributors.
✔️ Ensure all browsers across your organization are updated to the latest versions and consider implementing browser isolation for high-risk users.
✔️ Prioritize patching of SAP NetWeaver systems and implement additional monitoring for unusual activity in enterprise application environments.
✔️ Assess the security posture of all IoT devices including surveillance cameras and implement network segmentation to limit potential impact.
✔️ Develop incident response procedures specifically for zero-day vulnerabilities that include machine key rotation and cryptographic secret management

💡 Stay vigilant out there. The threat actors certainly aren't taking any breaks, and neither should your security posture. Until next time, keep your patches current and your incident response plans handy – you're going to need them. 💡

J.W.

(P.S. Check out our partners! It goes a long way to support this newsletter!)