As the old saying goes, it never rains but it pours. And, seeing how we’re based in the UK, it would be fitting that the month this most accurately described in 2025 so far has been July.

In the past four weeks, two almighty security stories have broken, with far-reaching implications for the tech sector and beyond. First, we learned that the China-backed hacking group Salt Typhoon had critically breached the US National Guard for more than a year – and has potentially gone undetected in other US military networks.

Later in the month, Microsoft revealed a major vulnerability in on-premises Sharepoint servers, sounding the alarm for users to patch with urgency – but the days after have seen attack after successful attack carried out.

In this episode Jane welcomes back Ross Kelly, ITPro’s news and analysis editor, to explore what happened to make July such a bad month for cybersecurity.

Read more:

• ‘All US forces must now assume their networks are compromised’ after Salt Typhoon breach
• FCC orders telcos to sharpen up security after Salt Typhoon chaos
• UK cyber experts on red alert after Salt Typhoon attacks on US telcos
• Salt Typhoon hacker group recorded conversations of ‘very senior’ US political figures
• 300 days under the radar: How Volt Typhoon eluded detection in the US electric grid for nearly a year
• Microsoft’s new SharePoint vulnerability – everything you need to know
• NCSC says ‘limited number’ of UK firms affected by SharePoint attack as global impact spreads
• SharePoint flaw: Microsoft says hackers deploying ransomware