Weekly Cybersecurity Digest [July, Week 4]
Posted on July 22, 2025
Dear Valued Clients,
This week’s cybersecurity updates spotlight a sharp rise in European cyber threats—from a Microsoft SharePoint zero-day hitting EU institutions to a ransomware strain designed to wipe backups. Check Point data confirms Europe saw the steepest global attack surge in Q2. Meanwhile, ENISA’s new Blueprint mandates SBOM exchanges across borders, and telecom incident reports hint at growing resilience.
We bring you the most important updates from the past week to help your team stay ahead of evolving threats, anticipate compliance shifts, and improve operational cyber readiness.
Top Stories of the Week
i. Microsoft SharePoint Zero-Day Hits German & EU Entities
On July 21, cybersecurity researchers confirmed active exploitation of a zero-day vulnerability in Microsoft SharePoint Server (CVE-2025-35252). At least 100 organizations, including German government agencies and EU institutions, were compromised using malicious DLL files that deployed persistent backdoors. Microsoft has released a patch and urges immediate updates and forensic investigation for affected systems. [Read more via Reuters]
ii. BlackFL Ransomware Emerges with Backup-Wiping and Data Theft Capabilities
A new ransomware variant dubbed BlackFL was profiled on July 15 by multiple cybersecurity researchers. The malware targets European finance and healthcare firms, encrypts files, exfiltrates confidential data, and erases both virtual and physical backups—effectively eliminating recovery options. It’s also been linked to custom ransom demands based on internal financial data. [Read more via Broadcom]
iii. Europe Sees Sharpest Surge in Cyber Attacks — Up 22% YoY in Q2 2025
Check Point’s latest Q2 2025 Cyber Threat Report reveals a striking 21% YoY increase in global cyber attacks, with Europe experiencing the steepest growth among all regions at +22%. The education sector remains the most targeted, with over 4,300 weekly attacks per organization, followed by government and telecoms. Meanwhile, ransomware continues to dominate the threat landscape, particularly across Europe (25%) and North America (53%), with business services and industrial manufacturing topping the victim list. [Read the full report via Check Point Research]
Industry Trends & Insights
Telecom Incidents Rise in 2024, But Downtime Drops by 50%
ENISA’s newly released 2024 Telecom Security Incidents report reveals a 20.5% increase in reported incidents compared to 2023—188 incidents across 26 EU Member States and 2 EFTA countries. However, the overall impact on users has dropped significantly, with user hours lost falling by over 50% year-on-year. Analysts attribute this to improved outage response, more resilient infrastructure, and better system design. This is ENISA’s final report under Articles 40–41 of the EECC, as NIS2 now consolidates breach reporting across sectors from October 2024 onward. [Read the full ENISA report]
Regulatory & Policy Updates
ENISA Adopts EU Cyber-Crisis Blueprint with Mandatory SBOM Exchange
ENISA has formally adopted the EU Cyber-Crisis Management Blueprint, mandating cross-border exchange of Software Bill of Materials (SBOMs) during all phases of cyber incidents. This move turns SBOMs from best practices into enforceable legal tools under the Cyber Resilience Act, NIS2, and now the Blueprint, accelerating EU-wide supply chain coordination. The Blueprint outlines how machine-readable SBOMs will flow between industry, national authorities, and ENISA to support real-time response. With mandatory SBOMs becoming central to EU procurement and incident readiness by 2026–27, adoption of platforms like Cybeats SBOM Studio is expected to surge. [Read more via Newsfile]
Cyber IQ Challenge + Proactive Security Hacks
Cyber IQ Quiz: Which ransomware variant reported this week is capable of deleting cloud and local backups to increase recovery difficulty?
A) BERT
B) BlackFL
C) Maze
D) R3boot
Answer revealed below!
Smart Security Move of the Week: Audit Your Backup Isolation Strategy
BlackFL ransomware’s ability to destroy backups exposes a gap in many disaster recovery plans. Here’s how to close it:
- Enforce immutable backups—especially cloud-based—using time-locked retention policies.
- Store at least one backup offline (air-gapped or on write-once media).
- Perform weekly restoration drills to test that backups actually work under pressure.
- Use EDR/XDR platforms with backup-targeted anomaly alerts (e.g., sudden deletion attempts).
✅ Quiz Answer:
B) BlackFL
This new ransomware variant targets finance and healthcare in Europe, exfiltrates data, and deletes backups—both local and virtual—to maximise pressure.
Conclusion
Cyber threats across Europe are intensifying in both scale and sophistication. But so are the defenses—from faster outage response to cross-border coordination. With regulatory momentum and smarter tooling, the path forward is resilience by design.
Whether you’re defending critical infrastructure, managing compliance with evolving EU law, or recovering from an intrusion, Make Sense trainings and advisory programs are built to keep your team secure, proactive, and prepared.
Stay resilient,
The Make Sense SRL Team & CyberTania
