Another wild week in cybersecurity! From hackers giving Elmo a social media crisis and ransomware taking a shot at Russian vodka, to DDoS attacks making 2024 look like a warm-up act—there’s plenty to keep security pros and IT teams busy (and probably a little stressed).

We’ve got everything:
• Stealthy new hacking tools targeting Azure, Okta, and more
• Major malware campaigns sneaking through npm and even Microsoft Teams
• Supply chain risks with firmware bugs and Linux cryptominers that just won’t quit
• Ransomware hitting both companies and their liquor cabinets
• Long-standing vulnerabilities (turns out, some train hacks just need a couple of decades to get noticed)
• Cloudflare blocking a tidal wave of DDoS—and accidentally blocking itself, but hey, no hackers there
• And for good measure, a dose of AI panic...with experts saying we can keep our robot uprising memes on standby (for now)

No matter what your flavor—threat research, cyber defense, or just appreciating Elmo’s comeback—this week’s stories offer a little something for everyone. Stay curious, stay vigilant, and maybe keep your vodka bottles on standby, just in case.

Check out all the latest stories, trends, and security surprises in this week’s Friday Wrap Up newsletter below!

Cybersecurity Tools & Techniques
New developments in tools and frameworks are shaping both offense and defense in the cybersecurity landscape.

• 🛠️ TREVORspray is a fast, stealthy credential spray toolkit for Azure, Okta, and OWA login portals. (Published on 7/14/2025, Darknet). Read More

• 🛡️ MITRE introduces AADAPT framework to defend financial systems and crypto assets. (Published on 7/15/2025, Dark Reading). Read More

Major Cyberattacks & Incidents
A series of notable breaches and attacks highlight the continued threat from sophisticated actors and criminal groups.

• 🧸 Elmo’s X account hacked, publishing racist and antisemitic content before being locked. (Published on 7/14/2025, TechCrunch). Read More

• 🥃 Russian vodka giant Novabev Group hit by ransomware, disrupting operations and stores. (Published on 7/18/2025, Malware Analysis). Read More

Malware & Vulnerabilities
Ongoing discoveries of malware campaigns and software vulnerabilities keep defenders on alert.

• 🪤 North Korean malware XORIndex found in 67 npm packages to target developers. (Published on 7/15/2025, BleepingComputer). Read More

• 💬 Matanbuchus 3.0 malware spreads via Microsoft Teams, evading detection and delivering payloads. (Published on 7/16/2025, The Hacker News). Read More

• 🪙 Hackers exploit Apache HTTP Server flaw to mine cryptocurrency on Linux servers. (Published on 7/17/2025, The Hacker News). Read More

• 🐧 Years-long Linux cryptominer campaign hides malware using legit sites and known bugs. (Published on 7/18/2025, Hackread). Read More

• 💻 Gigabyte motherboard firmware flaws expose supply chains to persistent attack risks. (Published on 7/18/2025, Dark Reading). Read More

• 📢 TeleMessage SGNL flaw exploited by hackers; CISA urges urgent patching by July 22. (Published on 7/17/2025, Hackread). Read More

DDoS, Outages & Infrastructure
Organizations face relentless DDoS attacks and infrastructure disruptions—some natural, some not.

• 🌐 Cloudflare blocked more DDoS attacks in 2025 so far than in all of 2024. (Published on 7/15/2025, SecurityWeek). Read More

• ⚡ Cloudflare clarifies 1.1.1.1 outage was due to internal misconfiguration, not an attack. (Published on 7/16/2025, BleepingComputer). Read More

Espionage & Data Extraction
New threats emerge as authorities and adversaries alike develop advanced methods for extracting sensitive data.

• 📱 Chinese authorities use new malware to extract sensitive data from seized phones. (Published on 7/16/2025, Slashdot). Read More

Vulnerability Research & Industry Analysis
Decades-old and newly uncovered vulnerabilities show the lasting impact of software flaws.

• 🚂 Train systems vulnerable for 20 years could let hackers remotely force trains to brake. (Published on 7/14/2025, SecurityWeek). Read More

AI & Policy
The potential threat from generative AI remains a hot topic, but experts see more hype than reality.

• 🤖 UK expert says generative AI’s terrorist potential remains mostly theoretical for now. (Published on 7/17/2025, ComputerWeekly.com). Read More

Images created using RSS data from the past 7 days from 12 cybersecurity focused feeds and may not be indicative of actual cybersecurity threat levels. Visit FWU News for full details.

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!