Analyst Insight
This week in cyber, third-party exposure and endpoint threats have been a focus. Qantas confirmed an extortion attempt following a data breach affecting six million customers via a third-party call center system. The incident highlights ongoing risks in outsourced environments. Researchers also revealed malicious Chrome extensions with over 17 million installs, capable of stealing credentials and injecting harmful scripts, underscoring the dangers of unvetted browser add-ons. Microsoft’s July Patch Tuesday addressed 137 flaws, including a zero-day in SQL Server and critical vulnerabilities in SharePoint and Office. Lastly, Citrix urged immediate patching of NetScaler systems due to active exploitation of a session hijacking vulnerability known as CitrixBleed 2. Read more in this week in cyber.
Qantas Faces Extortion Threat After 6 Million Customer Records Stolen
Australia airline, Qantas, is now the target of an extortion attempt following a recent cyber‑attack that exposed data belonging to around six million customers. Hackers accessed a third‑party call center system, stealing names, email addresses, phone numbers, birthdates and frequent‑flyer numbers but no credit cards, passports or passwords. The airline confirmed on July 7 that a “potential cyber criminal has made contact” and is working with the Australian Federal Police to validate the threat. Security experts suggest the stolen information fits the pattern of extortion groups like Scattered Spider, which often attempt to ransom personal data. Qantas reassures customers that its core systems remain secure, and no login credentials were compromised.
Malicious Chrome Extensions with 17M Installs Exposed
Researchers have uncovered a series of malicious Chrome extensions that amassed over 17 million installs from the Chrome Web Store. These extensions, such as Color Picker, Emoji keyboard online, Free Weather Forecast, Video Speed Controller, Unlock Discord VPN, Dark Theme, Volume Max, Unblock TikTok, and Unlock YouTube VPN, were designed to steal sensitive data. Once installed, they secretly tracked browsing activity, captured login credentials, and injected malicious scripts into websites. Although these extensions have been removed, the attack highlights the growing risks of third-party add-ons. Experts urge users to regularly audit installed extensions and avoid granting excessive permissions to minimize the risk of data theft.
July Patch Tuesday: Microsoft Releases Fixes for 137 Flaws
Microsoft’s July 2025 Patch Tuesday resolves 137 flaws, including a publicly disclosed zero-day in Microsoft SQL Server. The key vulnerability, CVE-2025-49719, allows remote, unauthenticated attackers to access sensitive data from uninitialized memory. This flaw is exploitable through improper input validation in SQL Server. Additionally, CVE-2025-49704, a critical remote code execution flaw in Microsoft SharePoint, allows attackers with an account to escalate privileges and gain SYSTEM-level control via crafted requests. Microsoft also addressed multiple critical remote code execution vulnerabilities in Microsoft Office, which can be exploited by opening malicious documents. However, updates for Microsoft Office LTSC for Mac 2021 and 2024 are not yet available. For further details, visit Microsoft’s Security Response Center (MSRC).
CitrixBleed 2 Exposes NetScaler Token Vulnerability
Citrix has confirmed a severe memory overread vulnerability (CVE‑2025‑5777), now dubbed CitrixBleed 2, in NetScaler ADC and Gateway systems. This bug allows unauthenticated attackers to steal session tokens, potentially hijacking active sessions and bypassing MFA protection. Although Citrix released a patch on June 17th, 2025, more than 1,200 internet‑exposed NetScaler devices remain unpatched, and cybersecurity firm ReliaQuest reports that the flaw is already being exploited in real‑world attacks. NetScaler administrators are advised to upgrade immediately and terminate all active ICA and PCoIP sessions to invalidate any stolen tokens.
Go Back
