Cyber Briefing: 2025.07.01
C4 Bomb cracks Chrome security, fake Pi ads steal crypto, RATs hit Colombia banks, ICC cyberattack, Swiss gov’t breach, hospital vendor hack, US busts DPRK IT ops, $540M crypto fraud, Cato raises $359
🎉 Cyber Briefing Referral Giveaway Is Live!
We’re growing fast on substack and now you can help spread the word and earn rewards.
Here’s what you can win by participating:
🔹 10 referrals → Newsletter shoutout
🔹 25 referrals → 1-year free subscription
🔹 50 referrals → Cybersecurity consultation
🔹 Top referrer (100+ + rules) → $100 gift card
It’s our way of saying thanks for helping build a smarter cyber community.
👉 What's happening in cybersecurity today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. C4 Bomb Cracks Chrome Cookie Encryption
Cybersecurity researchers have developed a new attack called the C4 Bomb that bypasses Google Chrome's AppBound Cookie Encryption. The technique uses a cryptographic weakness known as a padding oracle attack to decrypt protected cookies without administrator rights. This development undermines Google's recent security enhancements as other infostealer malware families are also creating bypasses. The attack highlights the ongoing battle between developers and cybercriminals, with users urged to remain vigilant until stronger defenses are available.
2. Scammers Use Fake Ads to Steal Pi Wallets
Cybercriminals are exploiting Facebook's ad platform in a global campaign using fake Pi Network promotions to steal cryptocurrency. The campaign uses phishing pages to capture wallet recovery phrases and also distributes malware disguised as Pi Network mining software. This multi-stage malware is engineered to evade detection while harvesting credentials, passwords, and financial data from infected systems. The operation's success relies on exploiting users' trust in Facebook and their limited knowledge of cryptocurrency security practices.
3. Blind Eagle Uses VBS Scripts to Deploy RATs
The threat actor Blind Eagle has been linked to the Russian bulletproof hosting service Proton66 in a campaign targeting Colombian financial institutions. The operation uses phishing pages that mimic legitimate banks to steal credentials and Visual Basic Scripts to deploy malware. These initial loaders install commodity Remote Access Trojans like AsyncRAT, which are obfuscated using crypter services to evade detection. The group's persistence and ability to adapt its tactics demonstrate that it remains a significant threat to the region.
For more alerts, click here!
💥 Cyber Incidents
4. Sophisticated Attack Hits War Crimes Court
The International Criminal Court in The Hague, Netherlands, has been targeted by a sophisticated cyberattack. The incident, which occurred last week during a NATO summit, has been contained, but an impact analysis is still ongoing. This is the second major cyberattack to hit the court in recent years, with a 2023 breach still affecting its operations. The attack comes as the ICC handles politically sensitive cases, including arrest warrants for the leaders of Russia and Israel.
5. Ransomware Hits Swiss Government Vendor
The Swiss non-profit health organization Radix was hit by a ransomware attack from the Sarcoma group. The attackers stole and later published a 1.3TB archive of data on the dark web, affecting various Swiss federal offices that are clients of Radix. Switzerland's National Cyber Security Centre is now analyzing the leaked data to see which government agencies were impacted. This incident follows a similar 2023 breach where another third-party provider was attacked, exposing sensitive government documents.
6. Cyberattack Hits Austrian Hospital Vendor
The Austrian healthcare provider Humanomed Group has reported a cyberattack on its private clinics in Villach and Klagenfurt. Hackers are believed to have gained access through a third-party company that remotely maintains the hospitals' radiology software. While the company does not currently believe patient data was stolen, an investigation has been launched with external security experts. The central focus of the ongoing investigation is to determine if the attackers accessed or stole any sensitive patient information.
For more incidents, click here!
📢 Cyber News
7. U.S. Busts North Korean IT Worker Scheme
The U.S. Department of Justice has announced a major operation against a scheme involving thousands of North Korean IT workers. The operation included raiding nearly thirty "laptop farms" across the country that helped the workers use stolen identities to appear stateside. This years-long scheme fraudulently obtained employment at over one hundred U.S. companies to fund North Korea's weapons programs. U.S. authorities arrested one American facilitator and seized dozens of financial accounts, fraudulent websites, and nearly 200 computers.
8. Europol Cracks $540 Million Crypto Fraud
An international law enforcement operation has dismantled a massive cryptocurrency fraud ring that laundered $540 million from over 5,000 victims. The syndicate used "pig butchering" tactics to gain victims' trust before directing them to fake investment platforms and laundering funds through Hong Kong. This type of widespread fraud is often powered by victims of human trafficking who are forced to work in scam compounds in Southeast Asia. As a result of the investigation, called Operation Borrelli, five suspects have been arrested by authorities in Spain.
9. SASE Leader Cato Networks Gets $359M Funding
The secure access service edge (SASE) provider Cato Networks has announced a massive $359 million Series G funding round, valuing the company at over $4.8 billion. The oversubscribed round was led by new and existing investors and brings the company's total funding to more than one billion dollars. Cato Networks plans to use the new capital to advance its AI security capabilities and expand its global presence. This investment comes as the SASE market is rapidly expanding and Cato's own revenue growth is outpacing the market average.
For more news, click here!
📈Cyber Stocks
On Tuesday, July 1, 2025, Cybersecurity stocks saw modest gains and renewed investor interest:
Okta (OKTA) closed at $99.97, up 1.54%, driven by renewed investor optimism around its AI-powered identity solutions and increased enterprise focus on supply chain security.
Varonis (VRNS) ended at $50.75, rising 0.91%, as easing macro pressures and continued rollout of AI-first data protection tools bolstered confidence in its long-term growth.
CrowdStrike (CRWD) climbed to $509.31, up 1.95%, supported by geopolitical cybersecurity concerns and improving sentiment after clarifying its Q2 revenue forecast.
Palo Alto Networks (PANW) advanced to $204.64, gaining 1.99%, following positive analyst coverage after its acquisition of Protect AI and expectations of increased U.S. federal cyber spending.
Qualys (QLYS) rose to $142.87, up 1.28%, as investors responded favorably to steady demand for its vulnerability management tools amid expanding compliance requirements and regulatory enforcement.
💡 Cyber Tip
Avoid Fake Pi Promotions That Steal Wallet Credentials
Cybercriminals are using Facebook ads to launch a global campaign targeting Pi Network users. Fake promotions lead victims to phishing pages designed to steal wallet recovery phrases or to download malware disguised as mining software. Once installed, the malware harvests passwords, login credentials, and sensitive financial data. The operation is highly coordinated and leverages social media trust and poor cryptocurrency security awareness to reach users across the United States, Europe, Asia, and Australia.
✅ What you should do:
Never enter your wallet recovery phrase on any website, especially if prompted by ads or promotional offers.
Only download mining software or wallet apps from official Pi Network channels or verified app stores.
Use antivirus software to scan all downloads before installing them on your device.
Monitor your cryptocurrency wallets regularly for unauthorized access or transactions.
Report suspicious ads or phishing pages directly to Facebook and your local cybersecurity authority.
🔒 Why this matters:
This campaign shows how easily trust in familiar platforms can be exploited. Once a recovery phrase is stolen, attackers gain full control over the wallet and its contents. Knowing how to recognize and avoid fake promotions is key to protecting your digital assets.
📚 Cyber Book
Data Privacy: A runbook for engineers by Nishant Bhajaria
That concludes today’s briefing . You can check the top headlines here!
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.