Microsoft patches 137 vulnerabilities including critical SPNEGO flaw, SAP addresses record 27 security notes with maximum CVSS 10.0 vulnerability, while 2.3 million users fall victim to sophisticated browser extension hijacking campaign.
Samsung rolled out a critical Galaxy update fixing 38 flaws, including a serious chip vulnerability, while Google issued no Android patches for July. Ingram Micro recovered from a ransomware attack, and Nippon Steel Solutions disclosed a March breach involving stolen corporate data.
Nations are now waging war with code, not missiles. Chapter 3 of The Digital Siege explores how China’s cyber espionage, rising attacks on infrastructure, and ransomware campaigns mark a new era of economic warfare. Democracies scramble to respond while authoritarian regimes act at scale.
Samsung rolled out a critical Galaxy update fixing 38 flaws, including a serious chip vulnerability, while Google issued no Android patches for July. Ingram Micro recovered from a ransomware attack, and Nippon Steel Solutions disclosed a March breach involving stolen corporate data.
Cyber News Centre's cyber update for 9th July 2025: Samsung has released a major Galaxy security update fixing 38 vulnerabilities, including a critical semiconductor-level flaw, while Google issued no Android patches for July. Ingram Micro has restored operations following a SafePay ransomware attack that disrupted global systems over the holiday weekend. Nippon Steel Solutions has disclosed a zero-day breach that compromised customer and employee data dating back to March.
Samsung Electronics is a South Korean multinational electronics corporation and the world's largest smartphone manufacturer, producing Galaxy devices used by hundreds of millions of consumers globally.
Update: Samsung issued its July 2025 security update addressing one critical and 21 high-severity vulnerabilities across Galaxy smartphones, contrasting sharply with Google's empty Android security bulletin. The update includes 22 Android-specific patches plus 17 Samsung-developed fixes, including a mysterious high-severity vulnerability (CVE-2025-47202) in Samsung Semiconductor components. Samsung's proactive approach highlights the growing security gap between manufacturers, as Google announced no Android security patches for July 2025 despite Android 16's continued development.
Why it Matters: Samsung's comprehensive patching while Google remains silent exposes dangerous fragmentation in Android security. Galaxy users receive critical protection while Pixel users face extended exposure to unpatched vulnerabilities, creating an uneven security landscape across the Android ecosystem. The semiconductor-level vulnerability suggests hardware-adjacent risks that could affect device integrity beyond software layers. This disparity forces enterprise mobile device management teams to reconsider vendor selection based on security responsiveness rather than just feature sets, potentially reshaping the smartphone market's competitive dynamics.
Ingram Micro stands as one of the world's largest technology distributors, serving over 200,000 resellers across 64 countries with annual revenues exceeding $50 billion. The company provides critical supply chain services connecting technology vendors with channel partners and managed service providers globally.
Update: The technology giant has successfully contained and remediated a SafePay ransomware attack that struck during the July 4th weekend, forcing global systems offline and disrupting ordering operations worldwide. Recovery efforts have restored phone and email ordering capabilities across multiple regions including the US, Canada, UK, Germany, France, Italy, Portugal, Spain, Brazil, India, and China.
The company implemented comprehensive security measures including company-wide password resets, multi-factor authentication updates, and enhanced monitoring systems. While subscription services resumed globally, some hardware ordering limitations persist as systems are gradually brought back online. The attack forced employees to work from home and highlighted the vulnerability of critical IT supply chain infrastructure.
Why it Matters: The incident exposes the fragility of global technology distribution networks, with Ingram Micro's disruption potentially affecting thousands of downstream partners and customers. SafePay ransomware has averaged 111GB of stolen data per victim across 238 tracked attacks, with 32 confirmed by affected organizations.
The timing during a major US holiday weekend suggests deliberate targeting to maximize disruption while minimizing immediate response capabilities. Channel partners increasingly represent the primary threat vector for customer breaches, as noted by Canalys analysts, because they hold extensive customer data and financial information. The rapid recovery demonstrates improved incident response capabilities, but the attack underscores how ransomware groups continue targeting critical infrastructure providers.
Nippon Steel Solutions operates as the IT services subsidiary of Japan's largest steelmaker, providing cloud computing, cybersecurity solutions, and digital transformation services to enterprise clients. The company serves as a critical technology partner within the broader Nippon Steel ecosystem, which recently completed a controversial acquisition of US Steel.
Update: The company disclosed Tuesday that attackers exploited a zero-day vulnerability in unspecified network equipment to gain unauthorized access to internal systems on March 7, 2025. The breach compromised personal information belonging to customers, business partners, and employees, including names, company affiliations, job titles, business email addresses, and phone numbers.
While the company detected suspicious server activity immediately and isolated affected systems, the four-month delay in public disclosure raises questions about notification protocols. Investigators found no evidence of data appearing on dark web marketplaces or social media platforms, though the company warns affected parties to remain vigilant against suspicious communications.
Why it Matters: The incident occurs amid heightened scrutiny of Japanese industrial cybersecurity following Nippon Steel's acquisition of US Steel, raising concerns about critical infrastructure protection across international supply chains. Zero-day vulnerabilities in network equipment represent particularly dangerous attack vectors because they exploit unknown flaws that cannot be patched until discovered.
The breach follows a separate February incident where the BianLian ransomware group claimed to steal hundreds of gigabytes from Nippon Steel USA, though the connection between incidents remains unclear. The delayed disclosure timeline highlights ongoing challenges in balancing investigation needs with transparency requirements, particularly for companies operating across multiple regulatory jurisdictions.
Microsoft patches 137 vulnerabilities including critical SPNEGO flaw, SAP addresses record 27 security notes with maximum CVSS 10.0 vulnerability, while 2.3 million users fall victim to sophisticated browser extension hijacking campaign.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
