Skip to content
Get A Quote
All posts

The Threat Landscape Is Shifting: Here’s What You Need to Know in July 2025

Picture of Jason Miller By  Jason Miller  ·  2 minute read

If there’s one thing we’ve learned in cybersecurity this summer, it’s that attackers aren’t slowing down and neither should we. July has already seen multiple high-impact vulnerabilities, from flaws in Microsoft 365 to supply chain compromises and even critical weaknesses in the systems that power U.S. freight rail.

In our latest Threat Breakdown live stream, we unpacked the most urgent threats making headlines right now and what they mean for organizations trying to keep pace. Here’s a look at what’s happening and why it matters.

Microsoft 365: A Flurry of Fixes, But Are You Caught Up?

This month’s Patch Tuesday release from Microsoft included updates for dozens of vulnerabilities across Office and SharePoint. Among them was a quietly patched flaw in PDF export features, first reported by @fridaysecurity on July 9. This local file inclusion (LFI) issue allowed attackers to potentially abuse PDF exports to access files on a victim’s machine.

Microsoft addressed the issue in cumulative updates (KB5002616 and KB5002730), but without assigning a public CVE or issuing a detailed advisory. While there are no confirmed cases of exploitation, organizations lagging on updates could still be exposed.

At the same time, attention has turned to AI-powered tools like Microsoft Copilot. The recently disclosed “EchoLeak” vulnerability (CVE-2025-32711) highlighted how zero-click flaws in AI systems can put sensitive data at risk. Although this was patched in June, the issue underscores a growing reality: AI tools, while powerful, open up new attack surfaces that require constant vigilance.

If you’re using Copilot or similar tools, now is the time to audit how they interact with your data and ensure updates are in place.

Critical Infrastructure in the Crosshairs

While Microsoft patches draw headlines, attackers are also taking aim at less obvious, but equally vital targets.

Take the end-of-train (EoT) telemetry systems used across U.S. freight rail networks. A critical vulnerability (CVE-2025-1727) allows threat actors with specialized radios to send spoofed brake commands, potentially disrupting rail operations or worse. This flaw has been known in niche circles for years, but it wasn’t until last week that the Association of American Railroads acknowledged the issue publicly. With remediation plans stretching into 2027, these systems remain a tempting target for anyone looking to create chaos.

These attacks aren’t limited to industrial controls. Developers, too, are facing risks in their software pipelines. A North Korean campaign recently seeded the npm package registry with 67 malicious packages, downloaded over 17,000 times before being pulled. These packages spread XORIndex malware, part of a broader push to compromise software supply chains from within.

Why This Matters Now

These incidents share a common thread: they expose how attackers are constantly probing not just for technical flaws, but for weak points in how we use and trust technology. From AI tools to third-party dependencies and even decades-old industrial equipment, no layer is immune.

This is why staying informed isn’t optional anymore. Understanding how these threats emerge—and how to respond before they hit your environment—can make the difference between resilience and disruption.

Key Takeaways for Security Leaders

  1. Revisit the fundamentals. Don’t let simple missteps like password reuse undermine your defenses.
  2. Treat AI as both a helper and a threat. Monitor AI-powered tools like Copilot as rigorously as any other critical system.
  3. Avoid default configurations. They rarely align with your business’s specific needs and often leave you exposed.
  4. Weigh the risks of free software. Free isn’t free when your team has to shoulder the burden of support and security.

Cybersecurity isn’t about achieving perfect protection, it’s about constantly adapting to a landscape where attackers are creative, persistent, and increasingly well-equipped.

Watch the Full Threat Breakdown

In our latest Threat Breakdown live stream, we unpacked these stories in more detail:

  • Why Microsoft’s July patches aren’t the whole story.
  • What “EchoLeak” reveals about the risks of AI in the enterprise.
  • How supply chain and critical infrastructure attacks are evolving—and what you can do to prepare.

🎥 [Watch the full episode here] for a deeper dive and practical advice you can start using today.

The threat landscape will only get noisier from here. Staying ahead means understanding not just what’s happening, but why and how you can take action before attackers do.