July Cyber Security Wrap-Up: AI Threats, SharePoint Flaws, Teams Malware & More
As cyber threats become more targeted and sophisticated, July delivered several key developments in the cyber security space that organisations need to act upon writes Marketing Co-ordinator Abbey Wright. From emergency patches and phishing attacks to AI-powered scams and new defence initiatives, here’s your essential monthly wrap-up.
Critical SharePoint Vulnerability – Patch Immediately
What happened: Microsoft issued an emergency security update for a critical vulnerability affecting on-premise SharePoint servers, which is currently being actively exploited. If left unpatched, this flaw could allow remote code execution — letting attackers take control of vulnerable servers.
More Information: https://thehackernews.com/2025/07/microsoft-releases-urgent-patch-for.html
Takeaway: Timely patching is non-negotiable. Prioritise critical infrastructure and automate patch deployment where possible.
AI vs AI: Fighting Cybercrime with Smarter Tools
Cyber criminals are increasingly leveraging AI to automate attacks, craft convincing phishing messages, and evade detection. But organisations can fight back using AI-powered security tools for behaviour analytics, threat detection, and incident response.
Read our blog to find out what you can do –
Takeaway: AI isn’t just a threat – it’s a powerful defence tool when used strategically.
Microsoft Teams Exploited to Spread Malware
Hackers are impersonating IT helpdesk staff in Microsoft Teams calls, convincing users to open Quick Assist (a remote access tool) and unknowingly install Matanbuchus malware.
The newly updated Matanbuchus 3.0 includes advanced evasion techniques, making detection harder.
Find out more here: https://www.bleepingcomputer.com/news/security/microsoft-teams-voice-calls-abused-to-push-matanbuchus-malware/
Takeaway: Even trusted collaboration tools can be hijacked for attacks. User awareness and strong internal policies are essential.
Google App Passwords Used to Bypass MFA
A new phishing campaign is targeting Google accounts by tricking users into creating and sharing App passwords, which are typically used to connect third-party apps.
What makes this attack dangerous is its low-pressure, trust-building approach – a sharp contrast to typical high-urgency phishing scams.
Takeaway: Not all phishing attacks scream urgency. Be alert for social engineering tactics that work by building trust over time.
Defence Cyber Certification (DCC) Launches
Big news for the UK defence supply chain: The Ministry of Defence (MOD) and IASME have launched the Defence Cyber Certification (DCC) to boost cyber resilience across the sector.
Find out more here: https://www.indelibledata.co.uk/defence-cyber-certification/
Why it matters: If you’re a supplier to the MOD or operate within the defence ecosystem, aligning with DCC will soon become a key requirement.
Takeaway: Prepare early. Start aligning your policies, controls, and certification plans with DCC standards.
Cyber Essentials Continues to Break Records
The popularity of Cyber Essentials is rising fast – and for good reason. In the last quarter alone, over 13,000 certificates were awarded, bringing the yearly total close to 50,000, and over 225,000 certificates issued since the scheme began.
If you’re not certified yet, now’s the time to consider it. Find out more here – https://www.indelibledata.co.uk/cyber-essentials-basic-assessment-and-certification/
Why so many businesses are getting certified:
- 92% reduction in likelihood of a cyber insurance claim
- Strong baseline of protection against common threats
- Increased trust from clients and partners
Takeaway: If your business isn’t Cyber Essentials certified yet, now’s the time to act. It’s one of the most effective and affordable ways to protect your organisation.
Final Thoughts
July was a stark reminder that threats are coming from all angles writes – outdated systems, collaboration platforms, clever phishing tactics, and even AI. But it also showed us that preparedness works, and that schemes like Cyber Essentials, AI-driven security, and proper staff training can make a real difference.