🔐 From AI-fueled deepfake threats to prompt injection vulnerabilities in cutting-edge tools, the cybersecurity battlefield keeps getting messier.

Ransomware crews, phishing scams, and espionage actors all made headlines this week.

Click through for a concise digest of what’s hot (and hacked) in cyber. 💥

Malware & Vulnerabilities

From AI-generated threats to prompt injection and phishing tricks, attackers are exploiting everything from popular dev tools to critical infrastructure.

• 🧪 AI-generated malicious npm package drained Solana wallets from over 1,500 users before takedown (Published on 8/1/2025, The Hacker News). Read More

• ⚠️ Google patches Gemini CLI tool after prompt injection flaw allowed silent command execution (Published on 7/29/2025, CSO Online). Read More

• 🧵 Browser extensions can exploit ChatGPT, Gemini in 'Man in the Prompt' attacks to steal data (Published on 7/31/2025, Hackread). Read More

• 📧 PyPI warns of phishing campaign using fake email verification and lookalike domains (Published on 7/29/2025, The Hacker News). Read More

• 🕳️ Lovense app flaw exposes user email addresses via simple username lookup (Published on 7/28/2025, BleepingComputer). Read More

• 🔌 Pi-hole discloses data breach caused by GiveWP WordPress plugin flaw (Published on 8/1/2025, BleepingComputer). Read More

Major Cyberattacks & Incidents

Ransomware gangs and financially motivated groups continue targeting corporations and infrastructure with increasingly sophisticated tactics.

• 🧨 SafePay ransomware gang threatens to leak 3.5TB of Ingram Micro data (Published on 7/30/2025, BleepingComputer). Read More

• 🐍 Scattered Spider launching ransomware on hijacked VMware systems via Active Directory exploits (Published on 7/28/2025, Hackread). Read More

• 🔻 Scattered Spider activity drops after arrests, but copycat attacks rise (Published on 7/30/2025, SecurityWeek). Read More

• 🏧 UNC2891 breaches ATM network using 4G Raspberry Pi, attempts CAKETAP rootkit attack (Published on 7/31/2025, The Hacker News). Read More

Espionage & Data Extraction

From embassy targeting to SS7 manipulation, surveillance and state-aligned cyber operations show no signs of slowing.

• 🕵️ Russian cyberspies target foreign embassies in Moscow using AitM attacks (Published on 8/1/2025, SecurityWeek). Read More

• 📡 Researchers link new SS7 encoding attack to surveillance vendor activity (Published on 7/31/2025, HackRead). Read More

• 🧬 Chinese firms linked to Silk Typhoon filed 15+ patents for espionage tools (Published on 7/30/2025, The Hacker News). Read More

AI & Policy

As generative AI tools evolve, so too do the attacks and ethical dilemmas surrounding their use and governance.

• 🤖 Creating realistic deepfakes is easier than ever—defending against them requires more AI (Published on 7/28/2025, SecurityWeek). Read More

• 🕳️ Google won’t say if UK secretly demanded a backdoor to user data (Published on 7/29/2025, TechCrunch). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!