Why it matters: This week brought Microsoft’s largest Patch Tuesday of 2025 with 137 vulnerabilities, critical flaws threatening enterprise infrastructure, and major data breaches exposing millions of records. The discovery of wormable vulnerabilities with CVSS scores of 9.8, alongside active exploitation of enterprise tools, signals an escalation in both threat sophistication and patch urgency for organizations worldwide.
The bottom line: IT teams face immediate pressure to deploy critical patches while managing newly disclosed vulnerabilities in widely-used platforms including SQL Server, ServiceNow, and Wing FTP Server that could enable complete system compromise.
What’s ahead: Ten essential security developments that demand immediate attention, from emergency patching requirements to sophisticated attack techniques targeting enterprise infrastructure.
1. Microsoft’s Massive July Patch Tuesday: 137 Vulnerabilities Including Wormable Flaw
Microsoft released its largest Patch Tuesday update of 2025, addressing 137 vulnerabilities across Windows, Office, and other products. The crown jewel is CVE-2025-47981, a critical SPNEGO vulnerability with a CVSS score of 9.8 that enables wormable remote code execution on Windows 10 version 1607 and above. Microsoft rates this vulnerability as “more likely” to be exploited within 30 days.
Impact: Critical – Wormable vulnerability could enable self-propagating attacks across Windows networks.
Action Steps: Deploy patches immediately, prioritizing CVE-2025-47981. Test critical systems first, then mass-deploy across the organization. Monitor for exploitation attempts targeting SPNEGO authentication. Disable the “Allow PKU2U authentication requests” GPO if patching is delayed.
2. ServiceNow Platform Exposes Sensitive Data Through Count(er) Strike Vulnerability
A high-severity flaw (CVE-2025-3648, CVSS 8.2) in ServiceNow’s platform allows unauthorized data inference through conditional access control list rules. Dubbed “Count(er) Strike,” the vulnerability enables both authenticated and unauthenticated attackers to extract sensitive information using range query requests, potentially exposing customer data, internal documents, and system configurations.
Impact: High – ServiceNow’s widespread enterprise adoption makes this vulnerability particularly dangerous.
Action Steps: Update ServiceNow instances to the latest patched versions immediately. Review and audit conditional ACL configurations. Monitor for suspicious query patterns in ServiceNow logs. Implement additional access controls while patches are deployed.
3. Wing FTP Server Critical Flaw Under Active Exploitation
A maximum-severity vulnerability (CVE-2025-47812, CVSS 10.0) in Wing FTP Server is being actively exploited in the wild. The flaw involves improper handling of null bytes in the web interface, allowing remote code execution with root or SYSTEM privileges. Attackers can exploit this through anonymous FTP accounts, making it extremely dangerous for internet-facing installations.
Impact: Critical – Complete system compromise possible through anonymous access.
Action Steps: Update Wing FTP Server to version 7.4.4 immediately. Disable anonymous FTP access until patching is complete. Implement network segmentation around FTP servers. Monitor for suspicious web interface activity and unauthorized code execution.
4. Pierce County Library System Ransomware Exposes 336,000 Records
The Pierce County Library System disclosed a ransomware attack by the Inc group that occurred in April 2025, affecting 336,826 individuals. The attackers posted images of stolen driver’s licenses, passports, and internal documents online. The breach exposed names, dates of birth, and other personal information collected through library services.
Impact: High – Large-scale exposure of citizen data from trusted public institution.
Action Steps: Review security protocols for public sector organizations. Implement enhanced backup and recovery procedures for library systems. Establish incident response procedures specific to public data exposure. Train staff on recognizing ransomware attack indicators.
5. AMD Reveals New Side-Channel Vulnerabilities in CPUs
AMD disclosed four new side-channel vulnerabilities collectively termed “Transient Scheduler Attacks” (TSA) affecting a broad range of its CPUs. The vulnerabilities could lead to information disclosure through microarchitectural side channels, potentially exposing sensitive data from concurrent processes running on affected systems.
Impact: Medium – Information disclosure vulnerability affecting enterprise and consumer AMD processors.
Action Steps: Apply AMD microcode updates when available. Review applications handling sensitive data on AMD systems. Implement application-level protections against side-channel attacks. Monitor for unusual CPU usage patterns that might indicate exploitation attempts.
6. Critical Anthropic MCP Remote Vulnerability Enables System Compromise
A critical vulnerability (CVE-2025-6514, CVSS 9.6) in the open-source mcp-remote project allows arbitrary OS command execution when connecting to untrusted Model Context Protocol servers. The flaw poses significant risks to users of AI development tools and could result in full system compromise through malicious server connections.
Impact: High – Complete system compromise possible in AI development environments.
Action Steps: Update mcp-remote to the latest patched version immediately. Audit all MCP server connections for trustworthiness. Implement network segmentation for AI development environments. Establish verification procedures for external MCP servers.
7. Bitcoin Depot Data Breach Affects 27,000 Cryptocurrency Users
Bitcoin Depot disclosed a data breach affecting nearly 27,000 customers, exposing sensitive personal information typically collected during Know-Your-Customer (KYC) verification processes. The breach included names, addresses, phone numbers, government-issued ID information, and other data required for cryptocurrency transactions.
Impact: Medium – Financial and identity information exposed from cryptocurrency platform.
Action Steps: Review KYC data storage and encryption practices for financial platforms. Implement enhanced monitoring for cryptocurrency user accounts. Establish breach notification procedures for financial services. Audit third-party data processing arrangements.
8. Nippon Steel Solutions Hit by Zero-Day Network Equipment Attack
Nippon Steel Solutions disclosed a data breach resulting from a zero-day attack on its network equipment. The breach led to unauthorized access and potential leakage of personal data belonging to customers, partners, and employees. The attack highlights vulnerabilities in industrial network infrastructure that haven’t been previously disclosed.
Impact: High – Zero-day exploitation of enterprise network equipment affects industrial sector.
Action Steps: Conduct immediate security assessments of all network equipment. Implement enhanced monitoring for zero-day exploitation attempts. Review vendor security practices for network infrastructure. Establish incident response procedures for supply chain vulnerabilities.
9. Qantas Data Breach Compromises 5.7 Million Customer Records
Australian airline Qantas confirmed a data breach affecting 5.7 million customers, exposing names, addresses, email addresses, phone numbers, and other personal information. The breach occurred through compromised systems and has prompted regulatory investigation and enhanced security measures across the aviation industry.
Impact: High – Large-scale exposure of passenger data from major international airline.
Action Steps: Review aviation industry cybersecurity standards and compliance. Implement enhanced data protection for passenger information systems. Establish cross-border incident response procedures for international carriers. Audit customer data access controls and monitoring.
10. UK Authorities Arrest Four in Major Retail Cyber Attack Operation
The UK’s National Crime Agency arrested three teenagers and one woman in connection with cyberattacks on major retailers including Marks & Spencer, Co-op, and Harrods. The arrests represent a significant breakthrough in investigating the retail sector attacks that have plagued the UK throughout 2025, disrupting operations and exposing customer data.
Impact: Strategic – Law enforcement progress against retail-focused cybercrime operations.
Action Steps: Review retail cybersecurity frameworks and incident response procedures. Strengthen collaboration with law enforcement for threat intelligence sharing. Implement enhanced monitoring for retail-specific attack patterns. Establish information sharing networks within the retail industry.
Key Takeaways for IT Leaders
This week’s developments emphasize several critical trends:
- Patch urgency has reached critical levels with wormable vulnerabilities and active exploitation requiring immediate response
- Supply chain risks continue expanding across AI tools, network equipment, and enterprise platforms
- Critical infrastructure targeting is intensifying with attacks on libraries, airlines, and industrial systems
- Law enforcement momentum is building with successful arrests disrupting major cybercrime operations
Organizations must prioritize emergency patching cycles, implement comprehensive vulnerability management programs, and strengthen incident response capabilities while celebrating law enforcement victories that are disrupting traditional attack patterns.
Stay informed on the latest cybersecurity developments by following ITBriefcase.net for daily updates and in-depth analysis.
