Cyber Briefing: 2025.06.17
Water Curse spreads malware via GitHub repos, XDSpy abuses Windows LNK flaw, and Apple zero-click bug exploited. Asefa, Zoomcar, Colombia Justice hacked. Google AI fights scams, WhatsApp adds ads.
👉 What's happening in cybersecurity today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. Water Curse Group Hits Developers Via GitHub
A threat actor group known as Water Curse has weaponized at least 76 GitHub accounts to distribute malicious repositories containing multi-stage malware, creating a significant supply chain risk. The campaign targets cybersecurity professionals and developers by embedding hidden payloads like Sakura-RAT within legitimate-appearing penetration testing tools, exploiting the trust placed in open-source platforms. The infection chain begins when a user compiles a downloaded project, triggering an obfuscated VBScript and PowerShell process that downloads the final malware components. This financially motivated operation uses advanced persistence via scheduled tasks and demonstrates a growing trend of attackers abusing trusted developer platforms to conduct their campaigns.
2. XDSpy Exploits Windows LNK Zero Day
A sophisticated cyber espionage campaign attributed to the XDSpy threat actor is exploiting a new zero-day vulnerability in Windows shortcut (LNK) files to target government entities. The flaw, ZDI-CAN-25373, allows attackers to hide command line arguments from the user interface with whitespace, tricking victims in Eastern Europe and Russia into running malicious code when they open the shortcut. This initiates a multi-stage infection chain that deploys a first-stage malware called ETDownloader, which then fetches a second-stage Go-based implant named XDigo from a command-and-control server. The final XDigo payload is a sophisticated espionage tool capable of scanning for documents, capturing screenshots, monitoring clipboard content, and executing further commands on the compromised system.
3. CISA Warns Of Apple Zero Click Exploit
CISA has added a critical zero-click vulnerability, CVE-2025-43200, affecting Apple products like iOS and macOS to its Known Exploited Vulnerabilities catalog, warning it is being actively exploited. The flaw allows attackers to achieve remote code execution without any user interaction by sending a maliciously crafted photo or video via iCloud Links or iMessage. Researchers at Citizen Lab confirmed the vulnerability was used by the Graphite mercenary spyware to target journalists in Europe, linking the attacks to infrastructure used by developer Paragon Solutions. Apple has since addressed the issue in iOS 18.3.1, and CISA has mandated that U.S. federal agencies apply the security update by July 7, 2025, to mitigate the threat.
For more alerts, click here!
💥 Cyber Incidents
4. Qilin Gang Leaks Asefa FC Barcelona Data
European insurer Asefa, the Madrid-based subsidiary of France's SMABTP, has confirmed a cyber incident after the Qilin ransomware gang listed it on their dark web leak portal. The hackers claim to have stolen over 200 gigabytes of sensitive data, including internal documents, passports, and notably, insurance details related to FC Barcelona’s Camp Nou stadium redevelopment. Asefa has since taken its website offline for security reviews and is working with external cybersecurity experts, while stating its core insurance operations remain unaffected by the breach. This high-profile attack highlights the growing threat ransomware groups like Qilin pose to the European insurance sector, particularly targeting firms with valuable industry-specific data.
5. Zoomcar Data Breach Hits 8.4 Million Users
Indian car-sharing marketplace Zoomcar has disclosed a data breach affecting 8.4 million users after its employees were contacted directly by a threat actor on June 9th, alleging unauthorized system access. The company's investigation confirmed an unauthorized party accessed a limited dataset containing names, phone numbers, home addresses, car registration numbers, and email addresses. In an SEC filing, Zoomcar stated there is no evidence that financial information or plaintext passwords were compromised and that its business operations have not been materially disrupted. This incident marks the second major data breach for the company, following a 2018 hack that exposed the personal information of more than 3.5 million customers.
6. Gunra Claims 45TB Hack On Colombia Justice
Colombia's Military and Police Criminal Justice system announced it was the victim of a cyberattack that compromised sensitive data and forced the suspension of legal proceedings under the Military Penal Code. The entity confirmed a data breach involving network configurations and administrative information, and is now handling legal filings in person while it works with technology partners to restore services securely. A hacking group known as Gunra has since claimed responsibility for the attack, alleging on its leak site that it stole a massive 45 terabytes of data, including internal personnel records. This incident underscores Colombia's significant cybersecurity challenges, as a recent Sophos report ranked the nation as having the third-highest cybercrime index in the world.
For more incidents, click here!
📢 Cyber News
7. Google Launches AI To Fight Scams In India
Google has unveiled a new Safety Charter and is launching a security engineering center in India, its largest market outside the U.S., to combat a surge in digital fraud. The initiative will leverage AI and local partnerships with entities like the Indian Cyber Crime Coordination Centre (I4C) to address online scams, enterprise security, and responsible AI development. This expands on Google's existing efforts, such as its AI-powered Scam Detection in Messages and a Play Protect pilot in India that blocked nearly 60 million high-risk app installations. Google executives noted that while attackers use AI to enhance scams, the company is focused on using its own AI models and security frameworks to better protect users from these evolving threats.
8. UK Romance Scams Net Fraudsters $144 Million
New figures from the City of London Police reveal that victims in the UK lost £106 million ($144m) to romance fraud in 2024, with the number of reports rising 9% annually to 9,449. While men were slightly more likely to fall victim, women often lost larger sums of money after being manipulated for longer periods, frequently as part of "pig butchering" crypto investment scams. The 50-59 age group experienced the highest financial losses at £22.1m, and police emphasize that these sophisticated crimes leave lasting emotional scars on victims, who can be of any gender or background. As part of a new awareness campaign, authorities are urging the public to be suspicious of any requests for money, verify identities, and speak to family and friends for advice.
9. WhatsApp Status Ads Arrive With Privacy Vow
Meta announced on Monday it is finally bringing advertisements to WhatsApp, which will be displayed within the "Updates" tab's Stories-like Status feature. The company stressed the ads are "built with privacy in mind," reassuring users that their personal messages, calls, and statuses will remain end-to-end encrypted and will not be used for targeting. Instead, Meta will use limited information like country, language, and followed Channels to show relevant ads, though preferences from linked Facebook or Instagram accounts can also be used. This move to monetize the platform comes as Meta has also added a new privacy warning to its AI chatbot after users were found to be accidentally sharing sensitive chats publicly.
For more news, click here!
📈Cyber Stocks
As U.S. markets open on Tuesday, June 17, 2025, these five pure-play cybersecurity stocks show varied movements driven by sector trends and company-specific momentum:
Okta (OKTA): Trading at $99.28, up 1.85%, as analyst upgrades (target range $125 -$140) reflect optimism on its identity-access platform and steady Q1 revenue beat .
Zscaler (ZS): Trading at $305.02, up 1.07%, reflecting sustained demand for cloud security and Zero Trust offerings, with strong analyst sentiment supporting the upward trend.
Fortinet (FTNT): Trading at $101.95, up 1.13%, supported by steady financial results and confidence in its firewall and network security refresh cycle.
CrowdStrike (CRWD): Trading at $479.39, down 0.25%, consolidating near recent highs with analysts maintaining optimistic long-term ratings despite mixed short‑term guidance.
Palo Alto Networks (PANW): Trading at $198.11, up 0.92%, buoyed by robust AI-focused security innovations and recent acquisitions enhancing its platform capabilities.
💡 Cyber Tip
Update your Apple devices now
CISA and Citizen Lab have confirmed that a critical Apple flaw (CVE-2025-43200) is being used to install spyware on iPhones and Macs through zero-click attacks. This means attackers can compromise your device simply by sending you a photo or video through iMessage or iCloud, with no action required from you.
✅ What you should do:
Update your iPhone, iPad, Mac, Apple Watch, or Vision Pro to the latest software version (iOS 18.3.1 or equivalent).
Turn on automatic updates in device settings to stay protected from future threats.
If you receive a security alert from Apple about spyware, take it seriously and seek expert help.
Avoid opening suspicious media links, even from known contacts, until your system is fully patched.
Organizations should apply CISA’s update mandate by July 7, 2025, if they manage federal or sensitive systems.
🔒 Why this matters:
This is an active, real-world attack that requires no clicks or actions from you to take over your device. Updating now is the best way to protect your privacy and security.
📚 Cyber Review
Join us for a special edition of Cyber Review - featuring Dr. Dennis Kengo Oka, a globally recognized authority on automotive cybersecurity and co-author of the influential book Building Secure Automotive IoT Applications: Developing Robust IoT Solutions for Next-Gen Automotive Software, alongside Sharanukumar Nadahalli, Jeff Yost, and Ram Prasad Bojanki. In this in-depth session, we explore the cutting-edge challenges and solutions in connected vehicle security, ranging from threat modeling and engineering principles to real-world risk mitigation. Dr. Oka shares the inspiration behind his work, key insights from his extensive experience in the field, and valuable advice for engineers, cybersecurity professionals, and aspiring students.
Tune in as we navigate the future of mobility and system resilience, and don’t miss the exclusive giveaway announcements. Be sure to like, comment, and subscribe for more expert-led discussions on cybersecurity.
That concludes today’s briefing . You can check the top headlines here!
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.