Cybersecurity Decrypted #43: SharePoint Exploited, Cyberattacks Up 21%, And Lumma Stealer Is Back

Last updated on Jul 30, 2025 1 Minute To Read
Joel Witts Written by Joel Witts
Laura Iannini Technical Review by Laura Iannini

📰 Headlines

Microsoft SharePoint Vulnerabilities Lead To Widespread Exploits

Over 400 organizations globally have been impacted by a vulnerability in on-premises Microsoft SharePoint accounts, reports Axios. Two vulnerabilities are actively being exploited by threat actors: CVE-2025-49706, a spoofing vulnerability, and CVE-2025-49704, a remote code execution vulnerability. Chinese nation-state actors are behind several of the attacks, Microsoft said in a recent blog post. A fix is now available, and customers should immediately look to apply security updates. 

Cyberattacks Up 21% Globally

The average number of weekly cyberattacks surged by 21% in Q2 compared to the same period in 2024, according to cybersecurity researchers at Check Point. The most targeted sectors are education, government, and telecommunications. 

🎯 APTs & Vulnerabilities

“World Leaks” Breaches Dell Environment, Steals Fake Data

The newly branded World Leaks (formerly Hunters International) extortion gang beached one of Dell’s product demo platforms earlier this month. Dell says that all the data they accessed is either made up for demo purposes, or already publicly available. 

Lumma Stealer Malware Is “Back,” Says Trend Micro

Despite Microsoft and global law enforcement seizing 2,300 malicious domains and disrupting the “Lumma Stealer” infrastructure, the malware has rebounded, says Trend Micro. The malware operators restored functionality using new, obscure domains and new service providers, including some in Russia, to evade detection. 

PoisonSeed Uses Novel Technique To Bypass FIDO Keys

The crypto-hacking group has been leveraging the cross-device sign-in feature available with FIDO keys to trick users into approving authentication requests from fake, malicious login portals. 

HPE Flaw Enables Authentication Bypass And Remote Access

Hardcoded credentials have been found in HPE Networking Instant On Access Points. The vulnerability enables users to bypass normal authentication mechanisms and gain administrative access to the system. The vulnerability is tracked as CVE-2025-37103 and has been rated critical. 

FBI And CISA Issue Advisory For Interlock Group

The ransomware group is targeting critical infrastructure and businesses across North America and Europe in double extortion attacks. 

🌎 Global Headlines

New UK Legislation Bans Ransomware Payments

The UK government has proposed new legislation that would ban public sector and critical infrastructure organizations from making ransomware payments. The proposal also mandates that victims inform law enforcement of attacks. 

Singapore Accuses China Of Infrastructure Attacks

The Chinese embassy in Singapore has refuted claims that the espionage group behind the attacks was linked to China. 

UK Sanctions Russian State-Backed Hackers

The three APT groups and 18 individuals were sanctioned for their involvement in cyber espionage operations and assassination attempts against Ukraine, the EU, and NATO allies. 

🔍 From Expert Insights

CISO Leo Cunningham On Navigating Cloud Security And AI Challenges

Leo Cunningham, CISO at AI biotech firm Owkin, highlights cloud security’s growing complexity. He emphasizes experimentation, clear communication, and data-driven metrics to balance security with business agility, advocating for robust security metrics to demonstrate value. Read our Q&A here. 

Social Engineering: A New Frontier

Sandy Kronenberg, CEO and Founder of Netarx, discusses the future of social engineering and how organizations need to pivot to detect deepfakes across enterprise email, video, and voice. Listen now. 

How To Safely Enhance Productivity With AI Copilots

Sounil Yu, CTO at Knostic, discusses the how organizations can integrate copilots safely into their workflows to enhance productivity without putting their data—or users—at risk. Listen now. 

Expert Insights’ Cybersecurity Resources

Written By Written By
Joel Witts
Joel Witts Content Director

Joel is the Director of Content and a co-founder at Expert Insights; a rapidly growing media company focussed on covering cybersecurity solutions.

He’s an experienced journalist and editor with 8 years’ experience covering the cybersecurity space. He’s reviewed hundreds of cybersecurity solutions, interviewed hundreds of industry experts and produced dozens of industry reports read by thousands of CISOs and security professionals in topics like IAM, MFA, zero trust, email security, DevSecOps and more.

He also hosts the Expert Insights Podcast and co-writes the weekly newsletter, Decrypted. Joel is driven to share his team’s expertise with cybersecurity leaders to help them create more secure business foundations.

Technical Review Technical Review
Laura Iannini
Laura Iannini Cybersecurity Analyst

Laura Iannini is a Cybersecurity Analyst at Expert Insights. With deep cybersecurity knowledge and strong research skills, she leads Expert Insights’ product testing team, conducting thorough tests of product features and in-depth industry analysis to ensure that Expert Insights’ product reviews are definitive and insightful.

Laura also carries out wider analysis of vendor landscapes and industry trends to inform Expert Insights’ enterprise cybersecurity buyers’ guides, covering topics such as security awareness training, cloud backup and recovery, email security, and network monitoring. Prior to working at Expert Insights, Laura worked as a Senior Information Security Engineer at Constant Edge, where she tested cybersecurity solutions, carried out product demos, and provided high-quality ongoing technical support.

Laura holds a Bachelor’s degree in Cybersecurity from the University of West Florida.