As we navigate through 2025, the cybersecurity world is buzzing with activity, and not the good kind. July has brought a wave of high-impact incidents that have shaken industries from tech to healthcare. These breaches and attacks not only expose vulnerabilities but also highlight the ever-evolving tactics of cybercriminals. In this blog post, I’ll dive into the top five critical cybersecurity incidents from July 2025, drawing from recent reports and analyses. Whether you’re a tech enthusiast, a business leader, or just someone who values their online privacy, these stories are essential reading. Let’s break them down and discuss what we can learn to bolster our defenses.
1. Microsoft SharePoint Zero-Day Vulnerability Exploited in the Wild
A critical zero-day flaw in Microsoft SharePoint (CVE-2025-53770) was discovered being actively exploited, allowing attackers to execute SQL injection attacks and gain unauthorized access to on-premises servers. This incident affected over 75 organizations, including major enterprises and government bodies, leading to the compromise of sensitive data such as user credentials and internal documents. Microsoft released an emergency patch, but the window of exploitation underscored the risks of delayed updates in widely used collaboration tools.
2. AT&T Data Breach Exposes Metadata of Millions
On July 12, 2025, AT&T disclosed a massive data breach where hackers stole call and text metadata for nearly all its wireless customers—impacting over 109 million accounts. The breach, which occurred via a third-party cloud platform (Snowflake), exposed phone numbers, timestamps, and interaction details from May 2022 to January 2023. While no content was accessed, the incident raises serious privacy concerns and increases the risk of targeted phishing attacks. AT&T has strengthened security measures and is cooperating with authorities.
3. McLaren Health Care Ransomware Attack
McLaren Health Care, a prominent U.S. healthcare provider, fell victim to a ransomware attack in early July 2025, with notifications issued mid-month. The breach compromised sensitive health data of over 743,000 patients, including medical records and personal identifiers, disrupting hospital and clinic operations. Linked to a known ransomware group, this attack delayed treatments and highlighted vulnerabilities in healthcare IT systems. McLaren is providing credit monitoring to affected individuals.
4. McDonald’s AI Chatbot Security Flaw
In a shocking security lapse, McDonald’s AI-powered job application chatbot was found to have weak authentication, accessible with a simple password like “123456.” This flaw, exposed in July 2025 by security researchers, potentially leaked personal details of over 64 million applicants worldwide, including names, contacts, resumes, and financial information. McDonald’s has secured the system, but the incident emphasizes the need for rigorous security audits in AI deployments.
5. Qantas Cyber Hack and Data Theft
Australian airline Qantas suffered a cyber hack in early July 2025, where attackers potentially stole sensitive customer data. The incident, reported on July 4, involved unauthorized access that could have compromised personal and travel information. While details are still emerging, it has prompted investigations and calls for enhanced cybersecurity in the aviation sector. Qantas is working to mitigate impacts and notify affected parties.
These July 2025 incidents paint a clear picture: cybercriminals are targeting supply chains, zero-days, and even AI tools with increasing sophistication. Key takeaways include the importance of timely patching, third-party risk management, and comprehensive employee training. As threats continue to mount, investing in proactive cybersecurity—such as AI-driven threat detection and regular audits—is crucial.