In the height of Cybersecurity Awareness Month 2025, the world had changed. Google deployed its Advanced Protection to Android, and a new scam industry known as BaitTrap was born. At the same time, scary vulnerabilities started to impact everything from software to hardware to electric scooters. In mid–October 2023, the RansomedVC ransomware group reemerged. They published sensitive data from the Medusa ransomware gang. These changes point to the continued complexity of compliance for organizations and individuals trying to protect their shiny new digital assets.
Google launched its Advanced Protection beta in May 2025 to secure Android devices even further. As a part of this effort, we’re launching a new user-facing feature to give users an additional layer of protection against emerging threats. In July, Google was reeling from the parlous predicament. The company recently said it would be skipping all security patches for Android and Pixel devices that month. This interruption to a decade-long trend of regularly updating their software calls into question the company’s desire to keep their users safe.
The BaitTrap Scam Network
A network of over 17,000 websites known as BaitTrap emerged, leveraging platforms like CNN, BBC, and CNBC to push online scams. This vast network utilizes Google and Meta advertisements, social media posts, and YouTube videos to lure unsuspecting victims into fraudulent schemes. Experts warn that these tactics represent a significant threat to internet users, as they combine popular platforms with deceptive practices to maximize their reach.
The implications of the BaitTrap network’s effectiveness go beyond individual scams, leading to much more dangerous implications for safety online. “These networks exploit trust in established brands to deceive users,” said cybersecurity analyst Sarah Thompson. Tragically, more people are behind these scams every day. This urgency underscores the continued need for improved public education and safety protections.
Ransomware Resurgence and Other Threats
The RansomedVC ransomware group hit the headlines in July when they re-emerged, after a two-year long absence. Confidential internal chat transcripts from the Medusa ransomware group have been leaked. Collectively, these discussions suggest that the group’s internal dynamics may be affecting the evolving threat landscape. As ransomware attacks grow more complex, organizations have to take proactive measures to protect themselves from these ever-evolving threats.
Czechia’s cybersecurity agency recently issued a national alert warning against the dangers posed by software developed by Chinese AI firm DeepSeek. Unsurprisingly, this accompanies several new developments in the evolution of ransomware threat. The agency concluded that there were national security perils posed by the lack of data protection and possible exploitation of user data. “The primary security concerns stem from insufficient protection of data transmission and handling,” stated a representative from NÚKIB.
That was a notable legal win recently, though, when a Russian developer of Crylock ransomware was sentenced this week to seven years behind bars. This case underscores the ongoing efforts by authorities to hold cybercriminals accountable for their actions, sending a clear message that such crimes will not go unpunished.
Vulnerabilities and Exploits
July 2025 was also notable for several vulnerabilities found in Fortinet’s FortiClient software. When bad actors successfully target these vulnerabilities, they can achieve total operational command over an organization’s network. They are able to do so often with little user input. CERT/CC emphasized the severity of these vulnerabilities: “Furthermore, multiple vulnerabilities can be chained to create chained attacks that can allow the attacker to combine attacks to bypass any security controls.”
Additionally, tools such as Nuclei, Trivy and Grype have moved to front-and-center tools for monitoring third party components and vulnerabilities. Their adoption is a sign of the increased awareness on the part of organizations that the time has come to take proactive efforts to identify possible chokepoints.
In the meantime, Microsoft fixed an important vulnerability disclosed by security researcher Gianluca Baldi. The exploit was an undocumented behavior that let you convert HTML files into PDF files without any restrictions. Baldi noted, “It turned out there was an undocumented behavior that allowed converting from HTML to PDF files.” While this was an unfortunate incident, it serves as a reminder that you can never lose focus on good software development standards.