Phish Tank is a B2B marketing firm focused on helping businesses navigate complex digital landscapes with clarity and strategy. Jeremy Nichols, former Director of the Global Threat Intelligence Center, brings deep expertise in emerging cyber threats. Together, they’ve launched the Byer-Nichols Threat Brief, a regular update designed to spotlight what matters most in today’s threat environment. Jeremy delivers expert insight on the evolving threat landscape, while Phish Tank sharpens the message through smart design and strategic framing, resulting in cyber threat reporting that’s clear, relevant, and easy to digest.
TL;DR
The first half of July 2025 saw significant cyber threats, with Qilin ransomware dominating attacks (16.3%), primarily targeting small businesses (80.6%) in the manufacturing (15.9%) and technology (13.5%) sectors, especially in the U.S. (49%). Trending adversaries like Gamaredon and Scattered Spider were active, while critical vulnerabilities, including CVE-2025-47812 (Wing FTP Server) and CVE-2025-6554 (Chromium V8), were widely exploited. High-profile incidents included a North Korean IT worker scheme disruption, browser-based zero-day attacks, and a €10M investment fraud takedown. Malware trends highlighted Anatsa and Gh0stRAT, underscoring persistent risks to enterprises and individuals alike.
Report Links
Download Threat Brief For July 01-15 2025
Top Ransomware
| Qilin | 16.33% |
|---|---|
| INC Ransom | 9.16% |
| SAFEPAY | 7.17% |
| PLAY | 6.77% |
| Akira | 5.58% |
Victim Sector
| manufacturing | 15.94% |
|---|---|
| technology | 13.55% |
| construction | 12.35% |
| financial-services | 11.95% |
| retail | 10.36% |
Victim Location
| USA | 49.00% |
|---|---|
| Canada | 7.57% |
| Italy | 5.18% |
| UK | 3.98% |
| Germany | 3.98% |
Victim Org Size
| Small Business (500 or less) | 80.65% |
|---|---|
| Mid-Market (501-5000) | 12.90% |
| Large Enterprise (5000+) | 6.45% |
Trending Adversaries
- Gamaredon
- Scattered
- Spider
- Silk Typhoon
- TAG-140
- UNC5174
- Void Arachne
Trending & Actively Exploited Vulnerabilities
| CVE-2014-3931 | Looking Glass | Multi-Router Looking Glass (MRLG) |
|---|---|---|
| CVE-2016-10033 | PHP | PHPMailer |
| CVE-2019-5418 | Rails | Ruby on Rails |
| CVE-2019-9621 | Synacor | Zimbra Collaboration Suite (ZCS) |
| CVE-2025-47812 | Wing FTP Server | Wing FTP Server |
| CVE-2025-48927 | TeleMessage | TM SGNL |
| CVE-2025-48928 | TeleMessage | TM SGNL |
| CVE-2025-49719 | Microsoft | SQL Server |
| CVE-2025-5777 | Citrix | NetScaler ADC and Gateway |
| CVE-2025-6554 | Chromium V8 |
Trending Malware
- Anatsa
- Atomic (AMOS)
- Batavia
- Gh0stRAT
- Interlock
- NimDoor
Top News
- Chrome Zero-Day, ‘FoxyWallet’ Firefox attacks threaten browsers
- US Department of Justice disrupts North Korean IT worker scheme across multiple US states
- Hunters International ransomware shuts down after World Leaks rebrand
- Police dismantles investment fraud ring stealing €10 million
- Chrome Store features extension poisoned with sophisticated Spyware
- Employee gets $920 for credentials used in $140 million bank heist
- North American APT uses Exchange Zero-Day to attack China