Cybersecurity Week in Review: North America | July 6–11, 2025

This past week in cybersecurity proved that digital threats are growing in number and expanding in sophistication. From multi-million-record cloud leaks to the growing weaponization of AI in social engineering, North America witnessed a surge in events that spanned industries, sectors, and technologies. Here’s a comprehensive breakdown of what unfolded from July 6 to July 11, 2025.

Talenthook Data Breach: A Cloud Misstep with National Implications

Talenthook, a cloud-based job recruitment platform widely used by enterprise-level clients across the U.S. and Canada, suffered a massive data exposure incident. A misconfigured cloud server exposed over 26 million user records to the open internet, as security researchers discovered. These records included resumes, employment history, email addresses, and even personal identification files such as passports and driver’s licenses.

The breach’s scale is alarming due to the amount of sensitive data and the root cause’s non-malicious nature. There was no hacking, ransomware, or advanced persistence mechanism. Instead, the damage was done by an open and unsecured cloud storage bucket, an oversight that could have been prevented with basic configuration audits and access control policies.

This incident has reignited discussions about shared responsibility in cloud environments. As more companies outsource their hiring infrastructure to third-party platforms, even minor security lapses can lead to massive exposures.

Ingram Micro Breach: Ransomware in the Global Supply Chain

On July 6, Ingram Micro, one of the largest IT distributors in the world, confirmed that ransomware had infiltrated segments of its internal infrastructure. While the company acted swiftly to contain the breach and shut down compromised systems, the impact was substantial. Ingram Micro is a key node in the technology supply chain, providing software and hardware distribution for thousands of business clients, including managed service providers.

Both private cybersecurity firms and federal authorities are investigating the breach. Initial indicators suggest that attackers may have exploited a vulnerable third-party integration or outdated internal system, both of which are common entry points for ransomware operations.

This breach adds to a growing trend of supply chain-based ransomware targeting, where attackers don’t just hit consumer-facing businesses but go deeper into their operational ecosystems. The risk extends beyond Ingram Micro’s data to numerous clients who depend on its uninterrupted service.

Rockerbox Leak: Marketing Firm Exposes Sensitive Tax Data

This week, Rockerbox, a digital attribution and marketing intelligence platform based in New York, revealed another major cloud storage misconfiguration. Researchers discovered an unsecured database containing W-9 tax forms, internal business communications, identification documents, and over 245,000 individual records.

Rockerbox offers B2B services in the analytics and marketing space, in contrast to Talenthook’s focus on talent acquisition. Yet the nature of the leaked data, especially U.S. tax information and personally identifiable documents, has triggered significant concern, particularly among freelancers and independent contractors who use the platform.

The breach raises further questions about data retention practices in SaaS companies. Some of the files found were over seven years old, suggesting that policies for managing data lifecycles were either absent or not enforced. As regulatory frameworks like CPRA and Quebec’s Law 25 increase pressure on businesses to justify data retention, this breach could have legal as well as reputational consequences.

Bert Ransomware: A Growing Threat to Healthcare and Tech

Perhaps the most technically concerning news this week was the accelerated spread of a new ransomware variant called Bert, which has now affected healthcare facilities, cloud hosting providers, and medical technology vendors in multiple U.S. states.

The modular and polymorphic behavior of Bert distinguishes it from many traditional endpoint detection and antivirus systems. In several reported incidents, it was able to bypass multifactor authentication protocols, escalate privileges rapidly, and deploy multiple payloads across networked systems. This capability makes it particularly devastating for organizations relying on legacy infrastructure or flat network topologies.

Security teams are being urged to monitor for Indicators of Compromise (IOCs) related to Bert and prioritize network segmentation, patching, and least-privilege access policies. With the healthcare sector already under pressure, Bert represents a formidable new threat in the ransomware ecosystem.

TxDOT Breach: Infrastructure and Transportation Data Compromised

New findings surrounding the Texas Department of Transportation (TxDOT) data breach continue to raise alarm. Originally detected earlier in July, the breach is now believed to have lasted several weeks before discovery. The breach involved the exfiltration of highly sensitive information, including state infrastructure plans, internal procurement documents, and employee personal data.

This breach is notable for its potential impact on critical transportation projects. Access to blueprints for bridges, tunnels, or road expansions could pose significant risks to both physical infrastructure and public safety.

TxDOT has initiated cooperation with the Department of Homeland Security and other federal agencies. Experts warn that state-level infrastructure agencies across the U.S. must now consider themselves high-value targets, especially given the push toward smart infrastructure and connected transit systems.

Deepfake Voice Cloning and Vishing Campaigns on the Rise

Beyond traditional breaches and ransomware, this week also saw a rise in AI-driven phishing attacks. Cybercriminals are now leveraging deepfake voice technology to impersonate business leaders, often calling company staff and convincing them to execute wire transfers, approve access credentials, or share sensitive information.

Recent cases involved cloned voices of CEOs, HR managers, and IT directors in organizations ranging from midsize retailers to fintech startups. Because the impersonations occur in real time, sometimes even during active video conferences, they’re far more convincing than email-based phishing.

The technology behind these attacks uses past meeting recordings, social media videos, and voice clips from webinars or podcasts to construct voice models. Real-time attacks, often executed through burner phone numbers routed through VoIP, utilize these voice models.

Organizations are being advised to update security policies to account for this emerging risk. Multi-party authorization or verification through out-of-band channels, such as secure apps or in-person validation, should be involved in critical tasks like wire transfers or credential resets.

Additional Highlights and Security Developments

A few other developments emerged this week that also merit attention:

• Microsoft’s July Patch Tuesday addressed 130 vulnerabilities, including several affecting SQL Server and Windows Kernel, illustrating the continuing value of patch management in reducing attack surfaces.
• A new cybersecurity workforce report from ISC² shows that, despite a surge in training programs, over 3 million cybersecurity roles in North America remain unfilled, suggesting a growing skills gap as threats escalate.
• Law enforcement in Canada and the U.S. has launched a joint task force to trace ransomware proceeds being funneled through cryptocurrency platforms, a move that signals increased pressure on the financial underpinnings of cybercrime.

Comparative Summary : Weekly Cybersecurity Recap

Incident	Type	Sector	Data Exposure or Risk	Disclosed
Talenthook	Cloud Misconfiguration	HR Tech	26M resumes and personal IDs	July 7, 2025
Ingram Micro	Ransomware	IT Supply Chain	Internal systems disrupted	July 6, 2025
Rockerbox	Cloud Misconfiguration	Marketing/Analytics	245K+ tax and ID documents	July 8, 2025
Bert Ransomware	Malware Campaign	Healthcare & Tech	Operational shutdown, data encryption	Ongoing
TxDOT	Network Breach	Government/Transport	Infrastructure plans, PII	July 9, 2025
Voice Cloning Deepfakes	AI-Powered Social Engineering	All Sectors	Credential theft, financial fraud risk	July 10, 2025

Closing Thoughts: What July’s Second Week Taught Us

This week’s events show that no sector is safe, from public infrastructure to cloud-based recruitment platforms. Better cloud security policies could have prevented some incidents, but others, such as Bert and deepfake vishing, demonstrate the adaptability of attackers using advanced technologies.

Not only should companies reinforce traditional cybersecurity postures, but they also need to reconsider how they establish trust within the organization. In an era where attackers can fake voices and forge credentials in seconds, organizations must adopt multi-layered defense, cross-team awareness, and security-by-design principles, which are no longer optional; they’re essential.