The Ultimate Guide To Cybersecurity In The Real World. - Register Here
The Ultimate Guide To Cybersecurity In The Real World. - Register Here
Schedule a Consultation
Hoplon InfoSec Logo
  • Products
  • Services

Hoplon Infosec · Threat Intelligence

Cybersecurity Week in Review: North America | July 6–11, 2025

ByHoplon Infosec
Published12 Jul, 2025
Cybersecurity Week in Review: North America | July 6–11, 2025
Hoplon Infosec12 Jul, 2025

This past week in cybersecurity proved that digital threats are growing in number and expanding in sophistication. From multi-million-record cloud leaks to the growing weaponization of AI in social engineering, North America witnessed a surge in events that spanned industries, sectors, and technologies. Here’s a comprehensive breakdown of what unfolded from July 6 to July 11, 2025.

Talenthook Data Breach: A Cloud Misstep with National Implications

Talenthook, a cloud-based job recruitment platform widely used by enterprise-level clients across the U.S. and Canada, suffered a massive data exposure incident. A misconfigured cloud server exposed over 26 million user records to the open internet, as security researchers discovered. These records included resumes, employment history, email addresses, and even personal identification files such as passports and driver’s licenses.

The breach’s scale is alarming due to the amount of sensitive data and the root cause’s non-malicious nature. There was no hacking, ransomware, or advanced persistence mechanism. Instead, the damage was done by an open and unsecured cloud storage bucket, an oversight that could have been prevented with basic configuration audits and access control policies.

This incident has reignited discussions about shared responsibility in cloud environments. As more companies outsource their hiring infrastructure to third-party platforms, even minor security lapses can lead to massive exposures.

Ingram Micro Breach: Ransomware in the Global Supply Chain

On July 6, Ingram Micro, one of the largest IT distributors in the world, confirmed that ransomware had infiltrated segments of its internal infrastructure. While the company acted swiftly to contain the breach and shut down compromised systems, the impact was substantial. Ingram Micro is a key node in the technology supply chain, providing software and hardware distribution for thousands of business clients, including managed service providers.

Both private cybersecurity firms and federal authorities are investigating the breach. Initial indicators suggest that attackers may have exploited a vulnerable third-party integration or outdated internal system, both of which are common entry points for ransomware operations.

This breach adds to a growing trend of supply chain-based ransomware targeting, where attackers don’t just hit consumer-facing businesses but go deeper into their operational ecosystems. The risk extends beyond Ingram Micro’s data to numerous clients who depend on its uninterrupted service.

Rockerbox Leak: Marketing Firm Exposes Sensitive Tax Data

This week, Rockerbox, a digital attribution and marketing intelligence platform based in New York, revealed another major cloud storage misconfiguration. Researchers discovered an unsecured database containing W-9 tax forms, internal business communications, identification documents, and over 245,000 individual records.

Rockerbox offers B2B services in the analytics and marketing space, in contrast to Talenthook’s focus on talent acquisition. Yet the nature of the leaked data, especially U.S. tax information and personally identifiable documents, has triggered significant concern, particularly among freelancers and independent contractors who use the platform.

The breach raises further questions about data retention practices in SaaS companies. Some of the files found were over seven years old, suggesting that policies for managing data lifecycles were either absent or not enforced. As regulatory frameworks like CPRA and Quebec’s Law 25 increase pressure on businesses to justify data retention, this breach could have legal as well as reputational consequences.

Bert Ransomware: A Growing Threat to Healthcare and Tech

Perhaps the most technically concerning news this week was the accelerated spread of a new ransomware variant called Bert, which has now affected healthcare facilities, cloud hosting providers, and medical technology vendors in multiple U.S. states.

The modular and polymorphic behavior of Bert distinguishes it from many traditional endpoint detection and antivirus systems. In several reported incidents, it was able to bypass multifactor authentication protocols, escalate privileges rapidly, and deploy multiple payloads across networked systems. This capability makes it particularly devastating for organizations relying on legacy infrastructure or flat network topologies.

Security teams are being urged to monitor for Indicators of Compromise (IOCs) related to Bert and prioritize network segmentation, patching, and least-privilege access policies. With the healthcare sector already under pressure, Bert represents a formidable new threat in the ransomware ecosystem.

TxDOT Breach: Infrastructure and Transportation Data Compromised

New findings surrounding the Texas Department of Transportation (TxDOT) data breach continue to raise alarm. Originally detected earlier in July, the breach is now believed to have lasted several weeks before discovery. The breach involved the exfiltration of highly sensitive information, including state infrastructure plans, internal procurement documents, and employee personal data.

This breach is notable for its potential impact on critical transportation projects. Access to blueprints for bridges, tunnels, or road expansions could pose significant risks to both physical infrastructure and public safety.

TxDOT has initiated cooperation with the Department of Homeland Security and other federal agencies. Experts warn that state-level infrastructure agencies across the U.S. must now consider themselves high-value targets, especially given the push toward smart infrastructure and connected transit systems.

Deepfake Voice Cloning and Vishing Campaigns on the Rise

Beyond traditional breaches and ransomware, this week also saw a rise in AI-driven phishing attacks. Cybercriminals are now leveraging deepfake voice technology to impersonate business leaders, often calling company staff and convincing them to execute wire transfers, approve access credentials, or share sensitive information.

Recent cases involved cloned voices of CEOs, HR managers, and IT directors in organizations ranging from midsize retailers to fintech startups. Because the impersonations occur in real time, sometimes even during active video conferences, they’re far more convincing than email-based phishing.

The technology behind these attacks uses past meeting recordings, social media videos, and voice clips from webinars or podcasts to construct voice models. Real-time attacks, often executed through burner phone numbers routed through VoIP, utilize these voice models.

Organizations are being advised to update security policies to account for this emerging risk. Multi-party authorization or verification through out-of-band channels, such as secure apps or in-person validation, should be involved in critical tasks like wire transfers or credential resets.

Additional Highlights and Security Developments

A few other developments emerged this week that also merit attention:

  • Microsoft’s July Patch Tuesday addressed 130 vulnerabilities, including several affecting SQL Server and Windows Kernel, illustrating the continuing value of patch management in reducing attack surfaces.
  • A new cybersecurity workforce report from ISC² shows that, despite a surge in training programs, over 3 million cybersecurity roles in North America remain unfilled, suggesting a growing skills gap as threats escalate.
  • Law enforcement in Canada and the U.S. has launched a joint task force to trace ransomware proceeds being funneled through cryptocurrency platforms, a move that signals increased pressure on the financial underpinnings of cybercrime.
Comparative Summary : Weekly Cybersecurity Recap
IncidentTypeSectorData Exposure or RiskDisclosed
TalenthookCloud MisconfigurationHR Tech26M resumes and personal IDsJuly 7, 2025
Ingram MicroRansomwareIT Supply ChainInternal systems disruptedJuly 6, 2025
RockerboxCloud MisconfigurationMarketing/Analytics245K+ tax and ID documentsJuly 8, 2025
Bert RansomwareMalware CampaignHealthcare & TechOperational shutdown, data encryptionOngoing
TxDOTNetwork BreachGovernment/TransportInfrastructure plans, PIIJuly 9, 2025
Voice Cloning DeepfakesAI-Powered Social EngineeringAll SectorsCredential theft, financial fraud riskJuly 10, 2025

Closing Thoughts: What July’s Second Week Taught Us

This week’s events show that no sector is safe, from public infrastructure to cloud-based recruitment platforms. Better cloud security policies could have prevented some incidents, but others, such as Bert and deepfake vishing, demonstrate the adaptability of attackers using advanced technologies.

Not only should companies reinforce traditional cybersecurity postures, but they also need to reconsider how they establish trust within the organization. In an era where attackers can fake voices and forge credentials in seconds, organizations must adopt multi-layered defense, cross-team awareness, and security-by-design principles, which are no longer optional; they’re essential.

About the author

Hoplon Infosec

Hoplon Infosec

Was this useful?

React, leave a note, or share it forward.

Leave a note

Share this article

Share this :

Free · Weekly · No noise

Get the threats that matter, before they reach you.

One short email a week with the breaches, zero-days, and fixes worth your attention — written in plain English, no fear-mongering.

Hoplon InfoSec Logo
Address : 1415 West 22nd Street, Tower Floor, Oak Brook, IL 60523

Phone : +1 (773) 904-3136

Email : info@hoploninfosec.com

Services

  • Penetration Testing
  • Cyber Security Assessment
  • AI Development
  • Incident Readiness & Response Recovery

Products

  • IBM Flash Storage Solutions
  • Mobile Security
  • Endpoint Security
  • Deep and Dark Web Monitoring

Sign Up For Newsletter

Get the latest updates on new products and upcoming news

Copyright © Hoplon InfoSec, LLC and its group of companies.
About usContact usTerms & ConditionsCookie PolicyPrivacy Policy
03Latest posts

Keep reading.

SonicWall SMA1000 Zero-Day Vulnerabilities: Patch Now
15 Jul, 2026

SonicWall SMA1000 Zero-Day Vulnerabilities: Patch Now

SonicWall SMA1000 zero-day vulnerabilities are under active attack. See affected versions, CVE details, IOC checks and the patch you need right now.

Read More
Windows 11 KB5101650 Dell Issue: Causes and Full Fix Guide
15 Jul, 2026

Windows 11 KB5101650 Dell Issue: Causes and Full Fix Guide

Windows 11 KB5101650 is blocked on some Dell PCs after an Intel driver conflict triggered shutdowns and overheating. Here is what happened and what to do.

Read More
OFAC Sanctions First VPN Service Over Ransomware
14 Jul, 2026

OFAC Sanctions First VPN Service Over Ransomware

Learn why OFAC sanctioned First VPN Service and a malware cryptor seller, how 1VPNS helped ransomware groups, and how to defend against FSB router attacks.

Read More
CVE-2026-57807: Critical WordPress SSO Flaw Explained
13 Jul, 2026

CVE-2026-57807: Critical WordPress SSO Flaw Explained

CVE-2026-57807 affects miniOrange OAuth SSO through 38.5.8. Learn who is exposed, how the flaw works, plus safe mitigation and incident response steps.

Read More
Mobile App Security Guide: Risks, Fixes and Best Practices
13 Jul, 2026

Mobile App Security Guide: Risks, Fixes and Best Practices

Mobile app security explained simply, covering real risks, OWASP threats, encryption and practical steps to protect any app from hackers.

Read More
Apple OpenAI Lawsuit: Inside the Trade Secret Theft Claims
13 Jul, 2026

Apple OpenAI Lawsuit: Inside the Trade Secret Theft Claims

Apple OpenAI lawsuit explained. See what Apple accuses Tang Tan, Chang Liu and OpenAI of stealing, and what it means for hardware security.

Read More