Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Your weekly dose of the most urgent cyber threats is here. Adam Pilton distilled it all into five critical stories and five things you should actually do about them. Let’s get into it.
Ingram Micro Ransomware Attack Disrupts Global IT Supply Chain
Ingram Micro, the lifeline distributor for countless MSPs, was slammed by a SafePay ransomware attack on July 3rd.
The fallout? Ordering systems, RMAs, and service portals were knocked offline. While services are limping back, thousands of partners missed critical shipment windows and hardware refreshes.
This incident is a glaring example of how one upstream hit can throw off every project you’ve got in play.
Safety Advice: Always Have a Backup Plan
Keep a secondary distributor on standby. When your main pipeline chokes, you need a Plan B.
Prestage a minimum viable stack. Think switches, firewalls, laptops, just enough to keep a rollout from derailing.
Lesson: Supplier single points of failure = business risk. Hedge now, not later.
Malicious Chrome Extensions Masquerade as Verified Add – ons
Koi Security researchers uncovered a campaign called Red Direction, involving 18 Chrome and Edge extensions. They started as innocent utilities – color pickers, emoji tools – but silently morphed into spyware.
These backdoored add-ons hijacked sessions, logged URLs, and redirected users on command. The kicker? They wore the “Verified” badge from Google like a badge of honor.
Safety Advice: Lock Down Your Extension Policy
Use allow lists via Microsoft Intune or Chrome Extension management. Only pre – approved tools should ever run in your org.
Audit immediately for those 18 known – bad extensions.
Implement a monthly review schedule. If you’re not checking regularly, you’re inviting trouble.
Adobe Drops a 60-CVE Patch Blitz. ColdFusion Is the Priority
Adobe went full sprint on July 8, releasing 13 security advisories covering 60 vulnerabilities. ColdFusion bore the brunt, with five critical RCEs and eight more letting attackers read files or escalate privileges.
Creative apps like Illustrator and After Effects also got major patches, putting your marketing and design teams squarely in the blast zone.
Safety Advice: Patch Like a Pro
Use your RMM to scan Adobe versions. Don’t assume it’s up to date – check. Force the updates over the weekend. Time it when staff aren’t clicking through infected projects.
Export a “fully patched” report before Monday hits.
Prime Day Spoof Sites Flood the Web. Don’t Take the Bait
With Amazon Prime Day running July 8–11, cyber crooks registered over 1,000 sketchy Amazon-themed domains last month. Nearly 9 out of 10 are already flagged as malicious.
Their goal? Target employees shopping from work devices with credential phish and malware-laced fake checkouts.
Safety Advice: Block Malicious Domains Before They Hit
Set up a temporary DNS rule. Block any domain with “Amazon” or “Prime” in it until July 12. Add filters for risky TLDs like .top, .online, or .shop.
Educate your team “If you’re shopping, use the official app or a bookmark you made yourself.”
Pro tip: DNS filtering isn’t just for Prime Day. You should be using DNS security all year round.
Ransomware Group “Hunters International” Pivots to Pure Extortion
Hunters International, the gang that rose from the ashes of Hive, announced they’re done encrypting and are moving to straight – up extortion under the name World Leaks.
They posted free decryptors and are now threatening to publish stolen files instead. This is part of a growing trend—less system lockout, more public shaming.
Safety Advice: Treat Data Leaks Like Breaches
Update your incident response runbooks. “No encryption” doesn’t mean “no impact.” Assume your data is compromised and act accordingly:
- ask for legal advice
- unfold your PR plan
- don’t forget about customer notifications
Activate the whole kit. Even if systems stay online, the damage is real: brand trust, lawsuits, compliance fallout.
If this roundup saved you scrolling through 20 different posts, go ahead and share it. Drop a comment on what had your team the busiest this week – and tell us what you want covered next time.
Stay sharp. Stay secure.
