It's been a busy 24 hours in the cyber world with significant updates on recent breaches, new threat intelligence, a shift in vulnerability disclosure, and some big news in the M&A space. Let's dive in:
Recent Cyber Attacks and Breaches ⚠️
- The SafePay ransomware group has set an August 1st deadline to leak 3.5 TB of data allegedly stolen from Ingram Micro, suggesting the distributor did not pay the ransom despite previously stating they had contained the incident.
- Hundreds of pharmacies in Russia, including major chains Stolichki and Neofarm, were shut down by a cyberattack disrupting payments and medication reservations, with Moscow's Family Doctor clinic network also affected. No group has claimed responsibility, but the targeting of medical services has been condemned in darknet forums.
- The city of Saint Paul, Minnesota, declared a state of emergency after a "deliberate, coordinated, digital attack" on its information infrastructure, prompting the Governor to activate the National Guard; online payments and city Wi-Fi remain disrupted.
- Discount retailer Dollar Tree has denied claims by the INC ransomware gang that its systems were attacked, stating the 1.2 TB of exfiltrated data likely belongs to the defunct 99 Cents Only Stores, whose leases and intellectual property Dollar Tree acquired.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/07/30/ingram_micro_ransomware_threat/
🗞️ The Record | https://therecord.media/cyberattack-shuts-down-russian-pharmacies
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/07/30/minnesota_gov_calls_in_national/
🗞️ The Record | https://therecord.media/dollar-tree-discount-stolen-data
New Threat Research and Decryptors 🛡️
- Avast has released a free decryptor for victims of FunkSec ransomware, a short-lived operation (Dec 2024-March 2025) that reportedly used AI for about 20% of its operations, including creating tools and phishing templates.
- SentinelOne researchers have uncovered over 10 patents for offensive cybersecurity technologies filed by Shanghai Firetech, a Chinese company linked to Beijing's Silk Typhoon campaign (and Hafnium), including tools for "intelligent home appliances analysis" and remote evidence collection from Apple devices, suggesting broader surveillance capabilities.
🗞️ The Record | https://therecord.media/funksec-ransomware-decryptor-avast
🗞️ The Record | https://therecord.media/patents-silk-typhoon-company-beijing
Vulnerability Disclosure Policy Update 🔒
- Google Project Zero is changing its vulnerability disclosure policy to publicly announce bugs within one week of privately reporting them to vendors, aiming to address the "upstream patch gap" where fixes are available but not yet integrated by downstream dependents. The public notice will not include technical details or proof-of-concept code.
🗞️ The Record | https://therecord.media/google-project-zero-publicly-announce-vulnerabilities-week-after-reporting
Threat Landscape Commentary 📈
- IBM's 20th annual Cost of a Data Breach Report reveals the average cost of a breach in the US jumped 9% to a record $10.22 million, while the global average fell 9% to $4.44 million, driven by higher regulatory fines and detection costs in the US. Faster detection (241 days average) is helping reduce global costs, but healthcare remains the most impacted industry.
- The same IBM report highlights that 13% of organisations experienced security incidents involving AI models or applications, with 97% lacking proper AI access controls and 87% having no AI governance policies, indicating attackers are already exploiting this gap.
🤫 CyberScoop | https://cyberscoop.com/ibm-cost-data-breach-2025/
🗞️ The Record | https://therecord.media/ibm-data-breach-report-us-losses
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/07/30/firms_are_neglecting_ai_security/
Regulatory Issues and Changes 🏛️
- CISA has finally agreed to release its unclassified 2022 report on US telecommunications network insecurity, following sustained pressure from Senator Ron Wyden, who had blocked the nomination of Sean Plankey for CISA director until the report's release.
- CISA is facing a tight deadline to publish the final rule for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) by October, with concerns raised that the agency is unlikely to meet it due to a lack of prioritisation and public statements since January.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/07/29/cisa_wyden_us_telecoms_insecurity_report/
🤫 CyberScoop | https://cyberscoop.com/cisa-sean-plankey-circia-deadline-op-ed/
Government Staffing and Program Changes 🇺🇸
- Sean Plankey's nomination to direct CISA has advanced out of committee to the full Senate, bringing him closer to confirmation after months of delays. Concerns remain about potential personnel cuts, with contracts for over 100 staff in CISA's Joint Cyber Defense Collaborative (JCDC) reportedly allowed to expire.
🗞️ The Record | https://therecord.media/plankey-advances-cisa-nomination
Industry News: Mergers & Acquisitions 🤝
- Palo Alto Networks is set to acquire identity security firm CyberArk for approximately $25 billion in its largest acquisition to date, aiming to expand into the identity security market, particularly for managing privileged access for human and machine identities, including AI agents.
🤫 CyberScoop | https://cyberscoop.com/palo-alto-networks-to-acquire-cyberark-for-25-billion/
🗞️ The Record | https://therecord.media/palo-alto-networks-cyberark-acquisition
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2025/07/30/palo_alto_networks_inks_25b/
#CyberSecurity #ThreatIntelligence #Ransomware #DataBreach #AIsecurity #VulnerabilityDisclosure #CISA #CyberArk #PaloAltoNetworks #InfoSec #CyberAttack #IncidentResponse
