CyberWatch Weekly: Top 3 Cybersecurity News from July 4th Week

This week, cybersecurity threats have escalated across platforms and devices, revealing how vulnerable both individual users and global organizations remain to targeted digital attacks. From fake Chrome updates weaponized with ransomware to a botnet infecting millions of Android devices, threat actors are increasingly exploiting trust in familiar software. Meanwhile, critical infrastructure is once again under siege, as Microsoft uncovers attacks on SharePoint by China-linked hackers. As these stories unfold, they reflect a troubling shift in cybercrime tactics, one that demands sharper vigilance. Here’s a closer look at this week’s top headlines shaking up the digital world.

Ransomware Alert: FBI Warns Windows Users About Malicious Chrome Updates

The FBI and CISA have issued a new warning about fake Chrome updates being used to deploy Interlock ransomware. This threat has emerged because attackers exploit Chrome’s widespread use on Windows PCs, making it a prime target for initial access. These fake updates often arrive via phishing emails or misleading popups and install remote access trojans (RATs) that embed into the Windows Startup folder, allowing persistent control over the system. The attacks occur when users unknowingly download Chrome updates from unofficial sources. Once installed, malicious scripts grant attackers access to sensitive data or company networks. This is especially dangerous if the compromised PC is connected to a corporate system, putting entire organizations at risk.

To stay protected, users should only download Chrome updates directly from Google, ignore popups instructing command-line actions, and never trust links sent through email or messages. Organizations must also train employees on social engineering risks and strengthen endpoint protections. Cyber hygiene and awareness remain the strongest defense.

Source: Forbes

SharePoint Under Attack: Microsoft Blames Three China-Linked Hacking Groups

Microsoft has identified China-linked hacking groups exploiting two critical vulnerabilities in its on-premises SharePoint platform. The flaws, CVE-2025-49706 and CVE-2025-49704, enable attackers to impersonate legitimate users and remotely install malicious code. Despite an earlier patch, hackers quickly devised workarounds, prompting Microsoft to release an updated fix this week. The groups involved, Linen Typhoon, Violet Typhoon, and Storm-2603, are known for targeting sectors like defense, government, and critical infrastructure. Their attacks follow a multistep workflow: deploying scripts for remote access, downloading additional malware to evade detection, and stealing sensitive data, including cryptographic keys. These keys allow attackers to maintain access even after patches are applied. Dozens of organizations, including at least two U.S. federal agencies, are believed to be compromised. In response, Microsoft urges customers to patch systems and rotate cryptographic keys. The U.S. Cybersecurity and Infrastructure Security Agency has also issued mitigation guidelines.

Experts warn that the growing trend of exploiting legitimate credentials, rather than just software flaws, highlights the need for tighter access controls and privilege management within enterprise platforms like SharePoint.

Source: SiliconANGLE Media 

Google Lawsuit Targets ‘BadBox 2.0’ Malware Infecting 10 Million Android Devices

Google has urged over 10 million Android users to immediately shut down their devices following the discovery of “BadBox,” a powerful malware strain embedded in 24 apps on the Google Play Store. Security firm MalwareBytes identified the malware, which targets uncertified Android devices, typically those running the open-source version of the operating system without Google’s built-in protections. The malware often comes preinstalled on low-cost devices or is downloaded during initial setup. Once active, it forms part of the BadBox 2.0 botnet, enabling cybercriminals to conduct large-scale ad fraud, steal data, and infiltrate home networks via compromised IoT devices like TV boxes and projectors. Google has filed a lawsuit in New York federal court against the perpetrators to dismantle the botnet and prevent further crimes. The FBI has also issued warnings about the expanding threat.

To mitigate risk, users should turn off affected devices, avoid uncertified products, and rely on tools like Google Play Protect, which scans apps for harmful behavior and removes malicious software. Certified devices with official Google support are strongly recommended to avoid such threats.

Source: BirminghamLive

Conclusion

This week’s cybersecurity alerts highlight a common thread: attackers now prioritize user deception, credential abuse, and persistence over brute-force tactics. Whether it’s Android devices, enterprise software, or browser updates, awareness and proactive defense remain crucial. Organizations and users alike must adopt smarter security habits in response to this evolving threat landscape.

Stay vigilant and informed, tune in next week for more updates in InfosecTrain’s CyberWatch Weekly!