Mike Waltz Grilled on Signal App Use at UN Ambassadorship Hearing

Mike Waltz Confirmation Hearing

Mike Waltz faced scrutiny during his confirmation hearing for the U.S. ambassador to the United Nations. This hearing was pivotal as it represented the first opportunity for lawmakers to question him regarding the "Signalgate" incident, where he mistakenly included a journalist in a sensitive group chat.

During the hearing, Waltz defended his actions, stating that the use of the Signal app was recommended and authorized. He claimed, "The use of Signal was not only authorized, it's still authorized and highly recommended." The chat's content, which included military plans, was downplayed by administration officials, asserting that no classified information was shared.

Democrats on the committee pressed Waltz on the implications of sharing sensitive military information through an unclassified platform. Senator Chris Coons expressed concern, asking for Waltz's sense of regret regarding the incident.

The session highlighted the ongoing investigations into the incident, including inquiries by the Pentagon's Inspector General. Waltz reaffirmed that no classified information was disclosed, despite the scrutiny from Democratic senators.

Waltz’s nomination comes after a turbulent tenure as national security adviser, where he faced backlash over the Signal chat incident. President Donald Trump expressed his support for Waltz amidst the controversies, reinforcing his confidence in the nominee.

For more details on the hearing, you can refer to original source.

Microsoft Patch Tuesday Update

Microsoft addressed 130 vulnerabilities in its recent security update, with none having been actively exploited in the wild. Notable vulnerabilities include a high-severity defect in SQL Server, identified as CVE-2025-49719, which has a CVSS score of 7.5. This vulnerability could allow attackers to access uninitialized memory, leading to potential data exposure.

Ben McCarthy, lead cyber security engineer at Immersive, highlighted that this vulnerability enables unauthenticated remote code execution with minimal attack complexity. The most critical vulnerability this month, CVE-2025-47981, presents a significant risk due to its potential for lateral movement in enterprise networks.

Security experts recommend immediate patching of these vulnerabilities to mitigate risks. For further information on Microsoft's security updates and vulnerabilities, please visit Microsoft's Security Response Center.

Microsoft Patch Tuesday addresses 130 vulnerabilities

Image courtesy of ABC News

For a comprehensive approach to safeguarding your systems, consider exploring our services at Gopher Security, where we offer solutions to enhance your security posture. Visit our website at Gopher Security for more information.

Ransomware Attacks Target Russian Vodka and Healthcare Sectors

The Novabev Group, parent company of the Beluga vodka brand, experienced a ransomware attack on July 14, 2025, causing significant disruptions. The attack affected WineLab, the company's liquor store chain, leading to a three-day closure of over 2,000 locations in Russia. The company reported that the attack crippled its IT infrastructure, particularly point-of-sale systems and online services. Novabev Group stated, "The company maintains a principled position of rejecting any interaction with cybercriminals and refuses to fulfill their demands."

By Alan V Gutnov July 19, 2025 3 min read

Retail Sector Faces Surge in Ransomware Attacks: A 2025 Analysis

Publicly disclosed ransomware attacks on the retail sector globally surged by 58% in Q2 2025 compared to Q1, with UK-based firms being particularly targeted, according to a report by BlackFog. This spike in attacks follows high-profile breaches affecting retailers like Marks & Spencer (M&S), The Co-op, and Harrods, attributed to the threat actor known as Scattered Spider.

By Alan V Gutnov July 19, 2025 2 min read

AI-Driven Lcryx Ransomware Emerges in Cryptomining Botnet

A cryptomining botnet active since 2019 has incorporated a likely AI-generated ransomware known as Lcryx into its operations. Recent analysis by the FortiCNAPP team at FortiGuard Labs identified the first documented incident linking H2miner and Lcryx ransomware. This investigation focused on a cluster of virtual private servers (VPS) utilized for mining Monero.

By Edward Zhou July 19, 2025 3 min read

Preventing ClickFix Attacks: Safeguarding Against Human Error

ClickFix is an emerging social engineering technique utilized by threat actors to exploit human error. This technique involves misleading users into executing malicious commands under the guise of providing "quick fixes" for common computer issues. Threat actors use familiar platforms and deceptive prompts to encourage victims to paste and run harmful scripts.