Business Technology News Roundup: Jul 18, 2025

On July 15, Microsoft released one of its largest cumulative updates, addressing a sweeping 137 security flaws across Windows, Microsoft Edge, Office, and Azure products. Among the fixes, nine were classified as critical, and at least four zero-day vulnerabilities were actively exploited in the wild. Notable patches included a remote code execution flaw in Windows Hyper-V and a privilege escalation bug affecting Windows Kernel.

Security analysts reported a coordinated exploitation of several vulnerabilities, with hacker groups leveraging social engineering and phishing campaigns to gain access to corporate networks.

Governments and critical infrastructure operators were particularly urged to update quickly, as recent months saw increases in ransomware targeting hospitals, utilities, and transportation.

Microsoft recommended urgent patching, especially for environments without network segmentation or where legacy systems remain in use.

Failure to apply these updates promptly could leave organizations susceptible to destructive attacks and regulatory penalties.

Global IT distribution giant Ingram Micro faced a sophisticated ransomware attack attributed to the SafePay group, suspected to have links to Eastern European cyber gangs. The breach occurred in the days leading up to July 4, but its effects persisted through mid-July:

Attackers encrypted backend servers, shutting down order workflows, partner portals, and e-commerce sites. Partners worldwide were unable to process purchase orders or access product catalogs, resulting in delayed shipments and financial losses.

Ingram Micro responded by resetting all internal and partner-facing passwords and rolling out multi-factor authentication mandates across its platforms.

Security teams worked round-the-clock to restore data from resilient backups and monitor sensitive data for signs of exfiltration on dark web forums.

Industry experts noted that while service restoration began within two weeks, the incident highlighted the importance of layered defenses and robust incident response.

This attack prompted many businesses to re-examine their disaster recovery and third-party risk management protocols.

AI startup Thinking Machines, spearheaded by CTO Mira Murati and CEO Ravi Singh, closed a $2 billion Series C funding round led by Andreessen Horowitz (a16z). The company specializes in developing fully autonomous, decision-making AI agents tailored for enterprise resource management, logistics, and real-time analytics.

The latest funding values Thinking Machines at $10 billion and will be used to enhance their AI’s transparency and explainability modules—a growing requirement amid evolving US and EU regulations.

The company’s innovations include context-aware AI workflows and adaptive learning models capable of dynamic re-training using real-time business data.

Analysts believe this places the company at the forefront of AI adoption for Fortune 1000 firms, with ongoing pilots in finance, healthcare, and smart manufacturing.

The investment underscores the market’s enthusiastic support for next-generation AI solutions that move beyond generic language models and deliver sector-specific autonomy.

Security researchers at NetSec Labs identified a serious supply chain incident targeting Gravity Forms, a popular WordPress plugin used by over two million websites to collect leads and process forms.

The malicious campaign exploited an update distribution server, compromising manual downloads of Gravity Forms for a 48-hour period (July 10–11). Injected backdoors gave attackers administrative privileges on affected sites.

The breach allowed threat actors to silently exfiltrate form data, create untraceable admin accounts, and in several cases, utilize those sites to stage malware for spear-phishing attacks.

Gravity Forms’ developer acted decisively, disabling affected distribution mechanisms and issuing an emergency patch along with detailed remediation guidance to users.

Web administrators were urged to audit their sites for unauthorized access logs and ensure installation of the patched plugin version.

This incident reignited industry debate around the need for stronger software supply chain security, especially for widely used open-source plugins.

Following unprecedented summer floods in Central Texas, a new Disaster Recovery Center (DRC) launched in Williamson County to provide urgent assistance:

The center, created through a partnership between FEMA and local authorities, offers direct support for flood victims, including temporary housing, small business loans, and help with uninsured losses.

IT teams onsite are deploying digital infrastructure for efficient case management: residents can register for federal aid using new kiosks, and field agents use mobile devices to process claims.

Besides immediate relief, the DRC is prioritizing resilience upgrades to local IT infrastructure, with additional federal grants for cloud-based data backup and emergency communication systems.

The recovery operation is expected to serve thousands, highlighting the critical role of tech in disaster relief and the ongoing need for resilient, modernized systems across public agencies.