Top Tech Headlines for July 17, 2025

It’s a wild day in the tech world — AI-driven cyberattacks, zero-days getting patched, and major companies fighting back against botnets. Here are today’s top headlines in security, privacy, and key technology developments.

VMware Patches Critical Zero-Day Flaws Discovered at Pwn2Own

VMware has issued crucial security fixes for four zero-day vulnerabilities affecting its ESXi, Workstation, Fusion, and Tools platforms. These flaws were actively exploited during the Pwn2Own Berlin hacking event earlier this year. If you rely on VMware for virtualization, updating immediately is essential to prevent compromise.

Microsoft Teams Abuse: Hackers Push Matanbuchus Malware via Fake Voice Calls

A new twist in social engineering: attackers are impersonating IT helpdesk staff over Microsoft Teams voice calls to distribute the Matanbuchus malware loader. This technique bypasses traditional phishing filters and relies on trust in internal communication tools. The takeaway? Stay skeptical—even in familiar environments.

Google Lawsuit Tackles 10 Million-Device BadBox 2.0 Botnet

Google is going on the offensive with a lawsuit against unknown operators of the BadBox 2.0 Android malware. The botnet, which has compromised over 10 million devices globally, is accused of ad fraud on a massive scale. This signals intensifying action from tech giants to protect their user ecosystems and ad networks.

LameHug Malware Uses AI to Generate Theft Commands in Real-Time

A novel malware named LameHug uses large language models (LLMs) to dynamically create Windows commands for stealing user data. By leveraging cutting-edge AI, it's more adaptable and evasive than ever. This is yet another sign that AI is increasingly being exploited by cybercriminals.

BigONE Exchange Breach: $27 Million in Crypto Stolen

Hackers targeted cryptocurrency exchange BigONE, making off with $27 million in digital assets. While specifics on the exploit remain scarce, it's a strong reminder that digital asset exchanges remain high-profile targets. Secure wallets and vigilant transaction monitoring are more important than ever.

Salt Typhoon Hacks U.S. National Guard, Hiding for 9 Months

Chinese state-backed threat group Salt Typhoon infiltrated the U.S. Army National Guard network last year, remaining undetected for nine months. During the breach, attackers stole sensitive configuration files and admin credentials. These could potentially be leveraged to compromise other government resources, raising real national security concerns.

Cisco Issues Emergency Patch for ISE Vulnerability

A critical flaw (CVE-2025-20337) in Cisco Identity Services Engine (ISE) allows unauthenticated attackers to gain root-level access. The bug affects versions 3.3 and 3.4 and could allow file uploads and arbitrary code execution. Cisco users should patch immediately to protect vital infrastructure.

Mistral AI Upgrades Le Chat with Voice and Research Features

French AI company Mistral has supercharged its assistant, Le Chat, by adding voice recognition and advanced research tools. The update aims to make the chatbot more versatile in helping users with queries and content analysis. It’s another step in the evolution of AI as a productivity partner.

eSIM Flaw Exposes Millions of Smartphones to Remote Hijacking

Researchers discovered a major vulnerability in Kigen’s eSIM technology that could let attackers install malicious code and bypass telecom protections. Since eSIMs are embedded and difficult to modify, the risks are particularly high. Mobile users and OEMs should watch for firmware updates or OEM advisories.

Meta’s AI Arms Race: Zuckerberg Invests $15B in Superintelligence Lab

Meta is betting big on AI, reportedly spending $15 billion on its new Superintelligence lab to attract top talent and scale infrastructure. The lab’s mission includes developing open-source models and maintaining LLaMA’s competitive edge. As AI heats up, expect major breakthroughs—and more hiring battles across Silicon Valley.

Amadey Malware Hosted in Malicious GitHub Repositories

Cybercriminals are now using GitHub to host Amadey malware and various data-stealing tools. The technique helps them bypass traditional detection systems, proving the old adage: attackers go where defenders least expect. Developers and security teams should validate external dependencies and repositories rigorously.

Apache Bug Exploited to Install Cryptocurrency Miner on Linux Servers

An older vulnerability in Apache HTTP Server (CVE-2021-41773) is being used in new attacks deploying the Linuxsys crypto miner. The exploit enables adversaries to hijack servers and abuse resources for mining cryptocurrency. Patching legacy systems remains crucial even when threats seem “outdated.”

Europol Dismantles Pro-Russian DDoS Group NoName057(16)

Europol has disrupted the hacktivist group NoName057(16), which launched DDoS attacks against Ukraine and other nations. Two members were arrested, and over a thousand supporters identified. This action demonstrates growing international coordination against politically-motivated hackers.

Cybersecurity Strategy 2025: CTEM vs ASM vs Vulnerability Management

If you're in IT security, you're hearing lots about CTEM (Continuous Threat Exposure Management), ASM (Attack Surface Management), and traditional Vulnerability Management. The key is how these systems work together to offer real-time visibility and proactive defense. Choosing the right mix can dramatically enhance your organization’s resilience.

China Targets Taiwan’s Semiconductor Industry with Custom Malware

New findings reveal that Chinese attackers are focusing on Taiwan's semiconductor sector using custom backdoors and tools like Cobalt Strike. As chips power everything from smartphones to satellites, this underscores how geopolitics is tightly linked to cybersecurity. Nations and companies alike should tighten security around critical supply chains.

Want to stay ready for anything? From data recovery to bootable OS installs, our Ultimate USBs have your back. Check out our tools today.