At a glance.
- CISA warns of CitrixBleed 2 exploitation.
- UK police arrest four suspects over retail cyberattacks.
- Qantas data breach affects 5.7 million customers.
- Suspected Chinese government hacker arrested in Italy.
- Patch news.
CISA says CitrixBleed 2 is under active exploitation as PoC exploits are released.
Researchers at watchTowr and Horizon3 have published proof-of-concept exploits for CVE-2025-5777, a critical flaw affecting Citrix NetScaler ADC and Gateway devices, BleepingComputer reports. The vulnerability is being referred to as "CitrixBleed 2" due to its similarity to 2023's CitrixBleed flaw (CVE-2023-4966), though Citrix stresses that the two flaws are unrelated.
An attacker can exploit the vulnerability by sending incorrect login requests, causing the NetScaler appliance to display 127 bytes of arbitrary memory. By sending repeated HTTP requests, the attacker can eventually extract legitimate user session tokens.
Citrix maintains that there's no evidence of exploitation in the wild, but the US Cybersecurity and Infrastructure Security Agency (CISA) on July 10th added the flaw to its Known Exploited Vulnerabilities (KEV) list, citing "evidence of active exploitation." Federal agencies were given a one-day deadline to apply the patches, highlighting the urgency of the issue.
UK police arrest four suspects over retail cyberattacks.
The UK's National Crime Agency (NCA) has arrested four individuals in connection with the recent cyberattacks on British retailers Marks & Spencer, Co-op, and Harrods. According to the Register, the suspects include "two young men from the West Midlands, a Brit aged 17 and a Latvian national aged 19; one 19-year-old British man from London; and a British woman aged 20 from Staffordshire." The four were apprehended on suspicion of "Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group."
The NCA stated, "All four were arrested at their home addresses and had their electronic devices seized for digital forensic analysis. They remain in custody for questioning by officers from the NCA's National Cyber Crime Unit in relation to the three attacks, which took place in April this year."
Qantas data breach affects 5.7 million customers.
Australian airline Qantas said in an update yesterday that attackers stole personal data belonging to 5.7 million customers during a cyberattack last week. All 5.7 million individuals had their names and email addresses leaked. Other breached information varied by customer, including addresses, dates of birth, phone numbers, gender, meal preferences, and Qantas Frequent Flyer numbers. Qantas says the breach did not involve financial data or login details. The company is contacting the affected individuals, but warns customers to be on the lookout for phishing attacks.
The attackers gained access via a social engineering attack against one of the airline's call centers. This tactic is frequently used by the cybercriminal gang Scattered Spider, which has recently been targeting airlines, although Qantas hasn't attributed the attack to any particular threat actor.
Suspected Chinese government hacker arrested in Italy.
Italian police arrested a 33-year-old Chinese national on a US warrant accusing the man of conducting industrial espionage on behalf of the Chinese government, Reuters reports. The suspect, Xu Zewei, was arrested at Milan's Malpensa Airport on July 3rd and is awaiting extradition to the United States. The US alleges that Xu is tied to the PRC-affiliated threat actor Silk Typhoon (also known as "Hafnium"), which targets a wide range of sectors around the world. The group made headlines in 2020 for its focus on entities conducting COVID-19-related research. More recently, the threat actor breached the US Treasury Department's Office of Foreign Assets Control (OFAC) and Committee on Foreign Investment in the United States (CFIUS).
Patch news.
Microsoft on Patch Tuesday issued fixes for 130 flaws, including ten with a severity score of "Critical." The most serious of these is an RCE vulnerability affecting the SPNEGO Extended Negotiation (NEGOEX) Security Mechanism (CVE-2025-47981). The company also fixed four critical RCE flaws affecting Office (CVE-2025-49695, CVE-2025-49696, CVE-2025-49697, CVE-2025-49702). The Register notes that this is Microsoft's first Patch Tuesday of 2025 with no actively exploited flaws.
Adobe has released patches for 58 vulnerabilities across multiple products, including three critical flaws affecting Adobe Connect, ColdFusion, and Adobe Experience Manager (AEM) Forms on JEE, SecurityWeek reports. Adobe urges users to prioritize patching the AEM Forms flaw (CVE-2025-49533), which has been assigned a CVSS score of 9.8 and can lead to arbitrary code execution.
SAP issued new or updated security notes for 31 vulnerabilities, including five critical flaws. Notably, CVE-2025-30012 was upgraded to a severity score of 10 after it was found that unauthenticated attackers could exploit the flaw to execute arbitrary commands with administrative privileges.
Fortinet has patched a critical vulnerability (CVE-2025-25257) in its FortiWeb firewall that could allow unauthenticated attackers to run SQL commands and achieve remote code execution, BeyondMachines reports. The vulnerability, which received a CVSS score of 9.6, is caused by "improper neutralization of special elements used in SQL commands within FortiWeb's Graphical User Interface (GUI) component." Users are urged to patch the flaw or implement a temporary mitigation by disabling the HTTP/HTTPS administrative interface.
