Weekly Cybersecurity Recap - 14 July 2025

Introduction

Last week's cybersecurity developments underscore just how vulnerable modern systems - and people - remain to evolving threats. From social engineering attacks that exploit human error, to critical remote code execution vulnerabilities in widely used software and devices, the landscape remains challenging. Meanwhile, threat actors continue to weaponize legitimate tools and even leaked licenses to spread malware. Here's the full roundup of what security teams should know.

Breaches and Social Engineering

Qantas attack reveals one phone call is all it takes to crack cybersecurity’s weakest link: humans

A single phone call was enough to compromise Qantas’ security, highlighting the enduring vulnerability of the human element in cybersecurity defenses. Attackers targeted an offshore IT call center, gaining access to a third-party system that exposed personal data of up to 6 million customers. The breach is a stark reminder that even the most advanced technical safeguards can be undermined by successful social engineering.

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’

Basic security oversights on McDonald's “McHire” recruitment platform exposed tens of millions of applicants’ personal information. The site, built by AI vendor Paradox.ai, reportedly left data accessible to attackers who used astonishingly simple passwords like “123456.” This incident highlights the need for rigorous security testing and password management even for third-party services.

Critical Vulnerabilities and Exploits

Over 600 Laravel Apps Exposed to Remote Code Execution Due to Leaked APP_KEYs on GitHub

Researchers revealed a significant security issue that lets attackers use leaked Laravel APP_KEYs for remote code execution. Working with Synacktiv, the team identified over 260,000 APP_KEYs on GitHub between 2018 and May 2025, with more than 600 Laravel applications confirmed vulnerable. GitGuardian also found over 10,000 unique keys, of which 400 were validated as functional, showcasing widespread poor secrets management in open-source projects.

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

A maximum-severity vulnerability (CVSS score: 10.0) in Wing FTP Server is under active exploitation, according to Huntress. The flaw stems from improper handling of null (‘\0’) bytes in the web interface, enabling remote code execution. Admins are urged to patch immediately to version 7.4.4 to prevent compromise.

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

Security researchers discovered a critical vulnerability in the open-source mcp-remote project that allows execution of arbitrary OS commands. Tracked as CVE-2025-6514 with a CVSS score of 9.6, the bug affects a tool designed to support integration between large language model (LLM) applications and external data sources. The popularity of the framework, with over 437,000 downloads, amplifies the potential risk.

350M Cars, 1B Devices Exposed to 1-Click Bluetooth RCE

Security researchers have detailed an attack chain called “PerfektBlue” that chains four Bluetooth implementation flaws to achieve one-click remote code execution. Affected systems include vehicles from Mercedes, Skoda, and Volkswagen, as well as countless industrial, medical, mobile, and consumer devices. The scale of potential impact—350 million cars and a billion devices - highlights the urgency of patching these vulnerabilities.

Threat Actor Tactics and Tools

Hackers Use Leaked Shellter Tool License to Spread Lumma Stealer and SectopRAT Malware

Threat actors continue to exploit legitimate security tools for malicious ends. In this case, attackers repurposed a leaked license for the Shellter Elite red teaming tool to distribute Lumma Stealer and SectopRAT malware. The leak originated from a company that had purchased Shellter licenses, underscoring the importance of controlling access to penetration testing tools and quickly addressing any breaches. An update has since been released to address the issue.

Strategy and Risk Management

As Cyber-Insurance Premiums Drop, Coverage Is Key to Resilience

While cyber-insurance premiums have declined from their dramatic highs of 2020–2022, experts stress that coverage remains crucial for managing cyber risk. The market remains profitable for underwriters even as revenue from premiums declines for the third consecutive year, a shift driven by competition and changing demand. For businesses, this softening market may mean more affordable policies, but ensuring sufficient coverage limits and understanding exclusions are essential to resilience.

eSIM Hack Allows for Cloning, Spying

Research into eSIM security has revealed a method for cloning and spying on mobile devices, raising serious privacy and security concerns. eSIMs, which replace physical SIM cards in phones and IoT devices, rely on an embedded Universal Integrated Circuit Card (eUICC) to manage remote provisioning. This flexibility creates new attack surfaces that must be addressed to secure modern mobile infrastructure.