Global Cybercrime Storm: Major Hacks, Arrests, and Corporate Breaches Rock July 2025

In a week that proved how volatile and aggressive the digital battlefield has become, the cybersecurity world was rocked by a string of high-profile attacks, arrests, data leaks, and unprecedented legal actions. From luxury brands being hacked to nation-state espionage and multi-million dollar ransomware attacks, no sector appears immune. Whether it’s phishing attacks targeting tax authorities, deepfake investment frauds, or botnets spreading from China, the threat landscape continues to evolve at alarming speed.

This latest edition of the SecurityAffairs international newsletter delivers a shocking overview of the most significant cyber incidents that took place globally, underscoring the increasing sophistication of attackers and the widening scope of their targets.

🌐 Weekly Cybersecurity Recap: The Digital Frontlines Burn Hot

In a surprising turn of events, a hacker who stole cryptocurrency from the GMX exchange returned it after a staggering \$5 million bounty was paid—an unprecedented resolution in the crypto world. Luxury fashion giant Louis Vuitton was also in the spotlight for all the wrong reasons after a data breach affected customers across several countries.

Romania arrested 13 people for a phishing scam targeting the UK’s tax system, while Indian authorities took down a £390,000 UK tech support scam run from Noida. Meanwhile, a deceptive scheme involving baiting fake news sites linked to investment fraud has begun spreading across multiple platforms.

In the U.S., FBI Atlanta took down major video game piracy websites in a sweeping enforcement action. Globally, authorities dismantled the pro-Russian cybercrime network NoName057(16), which had been behind multiple DDoS and data theft operations. A ransomware group claimed it compromised sensitive data of 600,000 North Country HealthCare patients, raising alarms about vulnerabilities in healthcare cybersecurity.

Hackers have also been targeting users of a fake Signal messaging app clone, designed to steal passwords and sensitive data. Google launched a lawsuit against 25 Chinese operators linked to the BadBox 2.0 botnet, marking a rare and aggressive legal strike by the tech giant.

In malware developments, a new Interlock RAT variant has emerged via KongTuke FileFix, and Matanbuchus 3.0—now offered as Malware-as-a-Service (MaaS)—has become even more threatening. Notably, new decryptors for Phobos and 8base ransomware were released, providing some hope for affected victims.

On the exploitation front, Wing FTP Server (CVE-2025-47812) and Fortinet FortiWeb (CVE-2025-25257) are actively being exploited in the wild through remote code execution vulnerabilities. Meanwhile, a new XSS vulnerability (CVE-2025-47943) was discovered in Gogs.

China is reportedly using a new hacking tool to extract data from seized phones. At the same time, Beijing’s Salt Typhoon group allegedly hacked into the U.S. National Guard systems, while Huawei was paid \$12 million by the government to “secure” police wiretaps, raising questions about trust and control.

DDoS attacks have exploded in size and frequency, with Cloudflare’s Q2 report warning of “hyper-volumetric” threats. Cisco also flagged a critical flaw in its ISE software, capable of granting unauthenticated attackers root access. United Natural Foods estimates a \$400M revenue loss due to a June cyberattack.

In a bizarre incident, a DOGE meme community member, Marko Elez, leaked an API key for xAI, triggering alarm bells about lax insider security. Meanwhile, new government reports show how AI is being used by terrorist groups to recruit and fund operations—a terrifying trend that blurs the line between digital and physical warfare.

What Undercode Say:

This

The Louis Vuitton breach illustrates that even luxury brands

The phishing and tech support scams highlight the ongoing exploitation of trust-based systems—especially when cross-border fraud (Romania to the UK, India to the US) becomes hard to prosecute comprehensively. The arrest of 13 individuals is promising, but likely just the tip of a much larger iceberg.

The surge in fake apps (Signal clones) and clone websites (investment fraud) shows that users are the weakest link in the chain, especially when attackers exploit urgency or credibility. Meanwhile, Google’s lawsuit against Chinese operators is a significant move, but enforcement remains questionable unless backed by international cooperation.

On the malware front, the adaptability of RATs like Interlock and Matanbuchus 3.0 paints a dark future for endpoint protection. The emergence of these threats in a MaaS ecosystem lowers the entry barrier for cybercriminals globally.

Also of major concern is the increasing frequency of RCE (Remote Code Execution) vulnerabilities, now hitting critical systems like Fortinet and Wing FTP. The ongoing SonicWall and VMware exploits only emphasize the importance of timely patching—a message still not reaching many enterprises.

State-linked hacks, especially from China and Russia, show a clear strategic intent. The Salt Typhoon’s breach of the U.S. National Guard and Huawei’s wiretap involvement raise uncomfortable questions about cyber sovereignty and data governance.

AI’s weaponization by terrorist networks marks a disturbing evolution—moving beyond propaganda into actual operational and financial support. The convergence of AI, deepfakes, and botnets is no longer theoretical; it’s happening.

Finally, Cisco’s alert and Cloudflare’s report both underscore how traditional defense mechanisms are struggling to cope. With attackers leveraging scale, automation, and new tactics, the gap between threat actors and defenders continues to grow.

🔍 Fact Checker Results:

✅ Verified: GMX bounty payment led to crypto return, confirmed by transaction records.
✅ Verified: Louis Vuitton customer data breach reported in multiple countries.
✅ Verified: Google filed lawsuits in California against Chinese botnet operators linked to BadBox 2.0.

📊 Prediction:

Expect an uptick in politically motivated cyberattacks leading into major global elections, especially as ransomware groups seek publicity and influence. We’ll also likely see more tech companies take legal action directly against foreign cybercriminals, pushing boundaries on jurisdiction and digital sovereignty. As the RCE vulnerability trend continues, a zero-trust model shift in architecture will accelerate across industries—especially healthcare and finance.