Top Tech Headlines — July 31, 2025

From Linux inside Apple to rogue Raspberry Pis at ATMs, today’s cybersecurity climate is buzzing. Plus, new 2FA tools, AI-driven data protection, and escalating threats to embassies and WordPress sites—here’s your daily tech roundup, simplified and summarized.

Kali Linux Now Runs in Apple Containers on macOS Sequoia

Security pros rejoice: Kali Linux is now officially supported in Apple's new virtual containers on macOS Sequoia. This tight integration opens the door for safer and more efficient security testing on Mac systems—no full VM or dual-boot necessary. It's a promising step for researchers blending macOS workflow with Linux firepower.

Microsoft to Disable Workbook Links to Blocked File Types

Starting October 2025, Microsoft will phase in restrictions that disable Excel's ability to open workbook links pointing to blocked file types. It's a security-focused move aimed at reducing the risk of malware payloads embedded in spreadsheet references. Admins, better update those enterprise policies now.

Up to $40K for Critical .NET Bugs

The Redmond tech giant has beefed up its bug bounty program—especially for vulnerabilities in .NET and ASP.NET Core. Ethical hackers can now earn up to $40,000 for uncovering critical flaws. It's big money for bigger protection.

CISA Goes Open Source with Thorium Security Toolkit

Meet Thorium: the U.S. Cybersecurity and Infrastructure Security Agency's powerful new open-source platform for malware and forensic analysis. Designed for both government and industry use, Thorium offers advanced functions for combating modern threats. Free and available now—it’s time to level up your security toolkit.

Russian APT Group Secret Blizzard Targets Embassies via ISP Access

Microsoft’s latest intel reveals that the Secret Blizzard group, allegedly linked to Russia’s FSB, is exploiting local Internet Service Providers for advanced AiTM (Adversary-in-the-Middle) attacks on embassies in Moscow. Their tactics include deploying ApolloShadow malware at the network level—making traditional defenses ineffective. It’s a new chapter in state-sponsored cyber-espionage.

Social Engineering Alert: The ClickFix/Clipboard Exploit

A real-world breakdown of the ClickFix attack shows how browser exploits can quickly escalate into full-blown breaches via clipboard hijacks and File Explorer takeovers. It’s a cautionary tale on how today’s malware dances straight out of your web browser. Mitigation tip: secure that browser perimeter.

80% of New CVEs Are Preceded by Spike in Malicious Activity

New research highlights a worrying trend: in 80% of cases, new Common Vulnerabilities and Exposures (CVEs) are foreshadowed by noticeable spikes in malicious network behavior. Think scanning, brute-force attempts, and targeted reconnaissance. Proactive monitoring could be your best line of defense before an exploit hits.

Proton Releases Free Cross-Platform 2FA App

Proton, known for privacy-first tools, has launched Proton Authenticator—a free, standalone two-factor authentication app. It’s available for Windows, macOS, Linux, Android, and iOS. Secure, cross-platform, and open—this is one app worth downloading.

N. Korean Hackers Go After Crypto with Job Lures and Open-Source Malware

UNC4899, a North Korean APT, used fake job offers and cloud exploits to infiltrate two companies and steal millions in cryptocurrency. They even embedded malware in open-source code. It’s a sobering reminder: always vet software sources and be cautious of too-good-to-be-true job listings.

Hackers Plant Rootkit on ATM via Raspberry Pi

Group UNC2891 pulled off a sophisticated ATM network breach using a 4G-enabled Raspberry Pi and a Linux rootkit named CAKETAP. It showcases vulnerabilities in outdated banking infrastructure that depends on insecure networking protocols. Time to patch the cash flow.

Attackers Exploit Critical WordPress Theme Bug

Criminals have started exploiting a recent flaw (CVE-2025-5394) in the popular “Alone” WordPress theme, enabling remote plugin installs and site takeovers. Security firms have already blocked over 120,000 attempts. WordPress admins: update now—before it’s your login that gets compromised.

SentinelOne’s AI-Powered Endpoint Security Takes Center Stage

Endpoint security gets an AI upgrade thanks to SentinelOne’s performance in the 2025 Gartner Magic Quadrant™ report. Reduced alert fatigue and quicker response times are making this solution a staple for large organizations combating cyber threats. Smarter tools for smarter threats.

Microsoft 365 Phishing Evolves with Multi-Layer Redirects

Attackers are using new phishing tactics that layer multiple redirects through services like Proofpoint and Intermedia. The goal? Steal Microsoft 365 credentials without raising alarms. As the tricks evolve, so must our countermeasures.

Traditional SIEM Tools Can't Keep Up

Security analysts are drowning in alerts, and legacy SIEM systems aren’t coping with the cloud's complexity. That’s leading many leagues to reevaluate their stack in favor of AI-powered or agile alternatives. It might be time to rethink your SOC strategy too.

AI and Compliance: 24/7 Monitoring in Real Time

Data protection isn’t a one-and-done—it's ongoing. New AI-driven tools now enable continuous compliance monitoring, replacing outdated checklists with automated, always-on insights. It’s how modern organizations meet evolving standards while keeping data safe.

Web Gaming Surges While Traditional Markets Stall

According to a new report, web-based gaming is booming—outpacing mobile, console, and PC gaming. The browser appears to be the preferred playground, thanks to cross-device access and smoother onboarding. Developers and marketers, take note.

SoftBank and Ericsson Partner on 5G and 4G Upgrades

Telecom giant SoftBank is rolling out major upgrades to its 4G and 5G networks in partnership with Ericsson, with AI optimizations playing a key role. It’s part of a broader move to support growing bandwidth demand and smart infrastructure in Japan.

Community-Driven Marketing Goes Mainstream at DMWF

Digital Marketing World Forum North America is highlighting community-led marketing's rising footprint. Experts believe genuine user engagement may soon eclipse vanity metrics in shaping brand growth. Authenticity, it turns out, is highly marketable.

Can Retailers Compete with Amazon in Digital Ads?

Retailers are ramping up their own in-house media networks to break Amazon’s grip on e-commerce ad spend. These platforms give brands more options to reach buyers directly on retail websites. Whether this levels the field remains to be seen—but it’s worth watching.

Want to stay ready for anything? From data recovery to bootable OS installs, our Ultimate USBs have your back. Check out our tools today.