Top 5 Cybersecurity Headlines to Know this Month

BARR Advisory Senior Consultant Teddy VanGalen has picked out five security and compliance headlines from the past month that you need to know. Take a look to find out what our consulting team has been reading this July—plus, scroll to see Teddy’s CISO Pick of the Month for his top new resource for security and compliance professionals this month.

WordPress Plugin Injected with Malware

Two malicious versions of a WordPress plugin called Gravity Forms were briefly available on the official download page after hackers injected the plugin with malware. The backdoored downloads allowed remote code execution and admin access to affected WordPress sites. A patched version (2.9.13) is now available, and users are urged to update immediately.

➡️ Read more

eSIM Vulnerability Puts Billions of Devices at Risk

Researchers uncovered a vulnerability in Kigen’s eSIM technology that could let attackers install malicious applets, extract identity certificates, and spy on mobile network activity. Though exploitation requires physical access and specific keys, the flaw affects over 2 billion devices and highlights serious architectural risks in eSIM security.

➡️ Read more

Hacked Termius App Targets macOS Devices

A new ZuRu malware variant is targeting macOS users through a trojanized Termius installer, using advanced obfuscation and a custom Khepri C2 beacon to evade detection. The malware preserves normal app behavior while quietly enabling remote access and command execution. Devices without strong endpoint protection remain vulnerable.

➡️ Read more

Why 15+ Characters is the New Password Standard

A new Specops analysis shared by Cybernews shows that 98.5% of breached passwords were so weak they could be cracked in minutes. Most fall under 15 characters and lack complexity, making them easy prey for modern brute-force tools. Experts now recommend complex passwords of 15+ characters to stand a chance against today’s attack methods.

➡️ Read more

Europol Disrupts Pro-Russian Cybercrime Network

Europol led a major international operation disrupting the pro-Russian cybercrime group NoName057(16), responsible for a wave of denial-of-service attacks targeting Ukraine, NATO allies, and major events like Eurovision. The coordinated effort across 13 countries took down over 100 compromised systems and seized critical infrastructure. Authorities arrested key suspects and warned supporters of their legal liability. The group, driven by ideology and rewarded with cryptocurrency, used automated tools and gamified tactics to recruit participants. This crackdown highlights ongoing efforts to counter politically motivated cyberattacks linked to the Russia–Ukraine conflict.

➡️ Read more

Teddy VanGalen
Senior, Cybersecurity Consulting

CISO Pick of the Month:

Map Out Your Compliance Journey with BARR’s New Tool

Compliance isn’t always a clear path—it’s a journey unique to your organization. Whether you’re charting your first course or navigating new terrain, knowing where you stand is the key to moving forward with confidence.

 Our team at BARR has identified a series of questions that pinpoint your current location on the compliance map and help you chart the best course ahead. Take the two-minute assessment to get started. 🧭

Get The Scoop

Want to get these insights straight to your inbox? Subscribe to Take5, our monthly newsletter featuring top security and compliance headlines, events, and resources—brought to you by CISOs from BARR’s cybersecurity consulting team.