Cyber Briefing: 2025.06.16

PyPI malware targets AWS/dev creds, DNS hides images for stealth exfiltration, IBM flaw risks access. Hacks hit VirtualMacOSX, WestJet, WaPo. Kali Linux, vishing AI, and Denmark go open-source.

Jun 16, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. PyPI Malware Steals AWS, CI/CD, macOS Data

Cybersecurity researchers have uncovered a new malicious package on PyPI, chimera-sandbox-extensions, designed to steal sensitive developer credentials and data from corporate and macOS systems. This sophisticated, multi-stage malware highlights a growing trend of advanced threats within the open-source software supply chain.

2. Image Hiding in DNS TXT Records

A clever new method has emerged for embedding images within DNS TXT records, leveraging their ability to store arbitrary data. While demonstrating the versatility of DNS, this technique has practical limitations due to record size constraints and is also being eyed as a potential data exfiltration vector.

3. IBM Backup Service Flaw Allows Elevated Access

A critical vulnerability in IBM's Backup, Recovery, and Media Services for IBM i allows hackers to gain elevated system access due to a flaw in how the software handles library calls. IBM has released patches for affected versions 7.4 and 7.5, which administrators should apply immediately to mitigate this high-severity risk.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Hackers Leak 10K VirtualMacOSX Customer Data

VirtualMacOSX has allegedly suffered a data breach, with the sensitive information of 10,000 customers leaked on a clear web forum known for cybercrime. This exposed data, including personal, financial, and password details, poses significant risks to those affected.

5. Canada WestJet Airline Contains Cyberattack

Canada's WestJet airline is investigating a cyberattack that impacted internal systems and its app, though flight operations remain safe and unaffected. The company is focused on mitigating the incident, protecting sensitive data, and collaborating with authorities.

6. Washington Post Investigates Cyberattack on Emails

The Washington Post is investigating a cyberattack on some journalists' email accounts, leading to a company-wide password reset. The breach, potentially by a foreign government, targeted reporters covering national security and economic policy, including China, raising concerns about journalistic integrity and national security.

For more incidents, click here!

Click to Read

📢 Cyber News

7. Danish Agency Ditches Microsoft for Digital Independence

Denmark's Ministry of Digitalization and other European entities are transitioning from Microsoft to open-source software like LibreOffice to reduce reliance on U.S. tech firms and achieve greater digital independence. This shift is driven by cost concerns, a desire for market diversity, and the pursuit of digital sovereignty amidst geopolitical considerations.

8. Arsen Launches AI Vishing Sim for Large-Scale Voice Phishing

Nnew AI-powered Vishing Simulation module offers a cutting-edge solution for organizations to train employees against voice phishing. The module's realistic, scalable, and customizable simulations help prepare every employee to confidently respond to evolving social engineering threats.

9. Kali Linux 2025.2 Released with New Tools

Kali Linux 2025.2 delivers a substantial update with a redesigned Kali Menu aligned to MITRE ATT&CK, upgraded GNOME 48 and KDE Plasma 6.3 desktop environments, and 13 new security tools. Groundbreaking advancements in Kali NetHunter include smartwatch Wi-Fi injection and a comprehensive car hacking toolset, while ARM support is enhanced for Raspberry Pi and USB Armory MKII.

For more news, click here!

Check Events

📈Cyber Stocks

As U.S. markets open on Monday, June 16, 2025, cybersecurity sector heavyweights are seeing mild pullbacks amid broader tech softness and mixed investor sentiment:

Zscaler (ZS): Trading at $301.95, up 0.17%, supported by ongoing cloud-security demand and recent bullish analysts like JPMorgan raising targets to $348 .
Varonis (VRNS): Trading at $49.02, down 0.57%, yet data-focused cybersecurity continues to draw steady investor interest.
Palo Alto Networks (PANW): Trading at $196.27, down 0.70%, with its AI-enhanced security products helping maintain confidence despite sector-wide weakness.
CrowdStrike (CRWD): Trading at $480.62, down 0.21%, holding firm near highs despite mixed Q2 guidance; most analysts continue to rate it a strong buy .
Fortinet (FTNT): Trading at $100.83, down 0.81%, consolidating after last week’s rally, with revenue growth and a $1B buyback still supporting sentiment.
Qualys (QLYS): Trading at $138.78, down 1.32%, easing after recent gains. Strong Q1 earnings and improving technical ratings continue to support investor interest.

💡 Cyber Tip

Be cautious when installing Python packages

Researchers have discovered a malicious PyPI package, chimera-sandbox-extensions, that was designed to steal sensitive credentials from developers. It targeted cloud services like AWS, macOS management tools like Jamf, and CI/CD pipeline secrets.

✅ What you should do:

Only install packages from trusted authors and verified sources. Double-check package names before using pip install.
Review any new packages for unusual behavior or obscure scripts before running them in production.
Monitor your development environment for unexpected traffic or access to sensitive credentials.
Rotate exposed tokens or credentials immediately if you suspect an infected package was installed.
Use isolated virtual environments and package scanning tools to reduce risk.

🔒 Why this matters:

A single malicious Python package can quietly steal your cloud credentials, CI/CD secrets, or device management data, putting entire corporate systems at risk.