Recent incidents – from VPN flaws to voice phishing and supply chain compromises – show how creative attackers have become and why businesses must remain vigilant.
In this news roundup, we cover some of the most interesting cyber events and share tips on how you can stay safe, beginning with the supply chain attack that is still making waves today.
Microsoft SharePoint Breach Raises Supply Chain Concerns
The Microsoft SharePoint breach traces back to early July 2025, when a China-linked group reportedly exploited the platform. Reports say the attackers took advantage of Microsoft’s reliance on a Chinese engineering team during development, raising concerns about how supply chain and third-party relationships can introduce risk.
By early August, Microsoft confirmed it had stopped using Chinese engineering teams for Defense Department cloud projects and said it may extend this policy to other government clients.
What's the Implication of this?
A supply chain breach doesn’t just affect one company – it can ripple out to many organizations that rely on the same vendor. Even if your own defenses are strong, a trusted partner’s compromise could still expose your data.
Here's What You Can Do
- Vet vendors and partners for strong cybersecurity practices.
- Request regular security certifications or third-party audits.
- Limit the data and system access you share with external partners.
But not every breach begins with a technical flaw. Sometimes, the weakest link is human trust.
Cisco Breach Shows the Danger of Voice Phishing
On July 24, attackers targeted Cisco with a voice phishing (vishing) call that tricked a Cisco representative into giving up login details, which gave the attacker access to internal systems.
What's the Implication of this?
This incident shows that not all cyberattacks rely on technical exploits; a convincing phone call can be just as dangerous as malicious code.
Here's What You Can Do
- Train employees to verify identities before sharing information.
- Set up a call-back rule for sensitive requests using official contact numbers.
- Use multi-factor authentication (MFA) to prevent attackers from using stolen credentials to gain access.
Let’s end with a case that could directly impact remote work security.
SonicWall Investigates Potential SSL VPN Vulnerability
First reported in mid-July 2025, SonicWall is currently investigating a possible flaw in its SSL VPN devices. If confirmed, the vulnerability could allow attackers to breach corporate networks, even on fully patched devices. Ransomware groups like Akira have been linked to recent intrusions through these VPNs, and both the FBI and CISA have issued alerts.
What's the Implication of this?
If a VPN is breached, attackers can walk straight into your network. Businesses relying on SonicWall VPNs should pay close attention to this ongoing investigation.
Here’s What You Can Do
- Apply patches immediately once SonicWall releases fixes.
- Enforce strong multi-factor authentication (MFA) for VPN access
- Disable unused VPN accounts and monitor active sessions for suspicious activity.
Taken together, these incidents highlight how attackers adapt quickly and why businesses must cover every angle.
Conclusion
This week’s breaches prove that attackers don’t need just one weak point – they’ll exploit people, technology or partners to get in.
At Cyberkach, we make cybersecurity simpler for businesses. From threat detection and cyber awareness training to help teams recognize and resist social engineering tactics, we’ve got you covered. Contact us today to find the right solution for your business.
Want more insights like this? Subscribe to the Cyberkach blog and stay ahead of the latest cybersecurity trends.