As the summer heats up, so too does cybercrime. During July, we saw a surge in sophisticated attacks targeting governments, businesses and educational institutions. From a critical Microsoft SharePoint exploit to a ransomware attack disrupting school submissions, this month shows just how diverse and disruptive cyber threats have become.
The urgency for robust cybersecurity practices has never been greater. Read our latest cybersecurity update for a breakdown of this month’s most significant incidents.
A wave of sophisticated cyberattacks exploiting critical Microsoft SharePoint vulnerabilities has impacted government agencies, infrastructure providers, and private organisations worldwide. The intrusions primarily exploit the ToolShell chain, specifically CVE-2025-49704 and CVE-2025-49706, with the threat escalating following Microsoft’s initial patch, which was incomplete. Later in July, the company disclosed a more serious flaw, CVE-2025-53770, involving the deserialization of untrusted data, alongside CVE-2025-53771, both of which are now being actively exploited.
The Department of Energy, DHS, and reportedly HHS were among the U.S. federal agencies affected, with the National Nuclear Security Administration also compromised. Microsoft has attributed the attacks to China-linked threat actors including Linen Typhoon, Violet Typhoon and ransomware group Storm-2603, which has used the flaws to steal sensitive Machine Keys and deploy ransomware. As widespread exploitation continues, experts urge immediate patching, key rotation and system hardening to mitigate the threat.
A ransomware attack affecting 11 schools in Shropshire left pupils unable to submit coursework for several weeks, according to statements made during a meeting of the West Mercia Police and Crime Panel. The cyberattack, believed to be linked to a multi-academy trust, also caused significant disruption to school infrastructure. One large secondary school reportedly had no working printers throughout the incident. It’s been suggested that system integration across sites may have contributed to the vulnerability.
This attack highlights the growing threat of cybercrime and underscores the importance of both personal responsibility and a robust law enforcement response. The force is stepping up engagement efforts through local media, leaflet drops and digital content to help communities better protect themselves from future attacks.
Four individuals have been arrested in connection with the major cyberattacks that disrupted operations at M&S and the Co-op. The National Crime Agency (NCA) detained a 20-year-old woman in Staffordshire and three males aged 17 to 19 in London and the West Midlands, on suspicion of offences including computer misuse, blackmail, money laundering, and involvement in organised crime. One of those arrested is a Latvian national, while the others are from the UK. Police also seized multiple electronic devices during coordinated early-morning raids.
The arrests mark a significant development in an ongoing investigation into a series of ransomware and data theft attacks that began in April 2025. M&S continues to face significant operational disruption, with full IT recovery not expected until autumn and an estimated £300 million loss in profits. The Co-op also suffered significant disruption, having narrowly avoided full ransomware deployment by severing internet connections in time. Harrods, while less impacted, confirmed it too was targeted. Authorities say international efforts are ongoing to track down everyone involved.
A phishing attack at the University of Hull has compromised 196 email accounts after scammers posed as university officials and requested login details under the guise of account closures. Once accessed, the compromised accounts were used to send fraudulent emails requesting that recipients transfer money.
The university’s cybersecurity team acted swiftly, blocking all affected accounts and launching an investigation with external security partners. A spokesperson confirmed that, so far, there is no evidence that personal data was accessed or exported.
“We take the security of our community very seriously and are working to investigate what happened to prevent future occurrences,” the university stated.
Customers of Paddy Power and Betfair have been urged to stay vigilant after a major data breach compromised the personal details of up to 800,000 users. Parent company Flutter Entertainment confirmed the incident, which exposed email addresses, IP addresses, and online activity data, but reassured users that no passwords, payment details, or ID documents were affected.
Though the breach has now been contained, cybersecurity experts warn the stolen data could be exploited in targeted spear phishing attacks, particularly against high-spending users. With the rise of AI-enhanced scams, attackers can craft convincing emails that reference betting habits or prompt users to re-enter sensitive information.
Flutter, which also owns Sky Bet and Tombola, has issued guidance to affected users, advising caution but stating no immediate action is necessary beyond increased awareness. Users have been advised to be sceptical of unsolicited emails, particularly those offering deals or requesting payment information.
Qantas has confirmed a cyberattack exposed personal data of up to six million customers after "unusual activity" was detected on a third-party customer service platform on 30th June.
Exposed data includes names, birth dates, emails, phone numbers, and frequent flyer numbers, although no passwords, financial information, or ID documents were affected. The breach has been contained, and Qantas is investigating the full extent.
The airline has notified authorities and apologised, assuring passengers that there is no impact on flight operations. The breach comes amid a broader surge in cyberattacks on the airline industry, with hacking group Scattered Spider suspected.
July 2025 is a sharp reminder that cybercriminals continue to evolve faster than many organisations can respond. Government agencies, long-standing firms, and even schools were caught off guard, often due to simple missteps, such as weak passwords or overlooked patches.
Arrests and investigations signal progress, but the volume of attacks highlights the importance of creating strong, proactive defences.
At Brigantia, we’re committed to helping businesses strengthen their cybersecurity strategy and stay secure against cybercrime. If you’d like to discuss our vendors and cybersecurity tools, chat with our experts.
Enjoyed this article? Explore Brigantia’s resource hub to stay informed about the latest industry news.