Cyber Briefing: 2025.07.02

Forminator flaw risks WordPress sites, Snake and ClickFix malware rise, Qantas and C&M attacked, Hero España disrupted, US sanctions Aeza Group, Cairncross advances as cyber director.

Jul 02, 2025

👉 What's trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Forminator Plugin Flaw Risks 600,000 Sites

A critical arbitrary file deletion vulnerability has been found in the Forminator WordPress plugin, affecting over 600,000 websites. The flaw allows an unauthenticated attacker to craft a form submission that can delete any file on the server when that submission is removed. By deleting critical files like wp-config.php, an attacker can force the site into setup mode and take complete control. The plugin's developer has released a patch, and all users are strongly urged to update to version 1.44.3 immediately.

2. Oil-Themed Phishing Spreads Snake Keylogger

A Russian-origin malware campaign is distributing Snake Keylogger by using spear-phishing emails themed around the oil industry. The campaign uses a novel technique, exploiting a legitimate Java debugging tool to bypass security via DLL sideloading. Once installed, the keylogger is a formidable data thief capable of harvesting credentials from dozens of browsers and applications. The operation capitalizes on geopolitical tensions in the Middle East to make its petroleum-themed phishing lures more believable.

3. Kimsuky Tricks Users Into Self Hacking

The North Korean threat group Kimsuky is using a new social engineering tactic called "ClickFix" to compromise its targets. The method uses fake browser error messages to trick victims into manually pasting and running malicious code themselves in PowerShell. This approach bypasses traditional security measures by exploiting human behavior instead of technical software or system vulnerabilities. The attackers use advanced obfuscation techniques like reversed strings to hide the malicious commands from the user and security tools.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Hacker Attack on Australian Airline Qantas

Australian airline Qantas has disclosed a cyberattack after a third-party platform used by one of its contact centers was breached. A significant amount of data was likely stolen, including names, birth dates, and frequent flyer numbers for up to six million customers. The airline has assured customers that no financial information, passwords, or PINs were compromised in the incident. This attack shares similarities with recent breaches by the "Scattered Spider" group, which has been targeting the aviation industry.

5. Cyberattack on Brazil's C&M Software Vendor

A cyberattack on C&M Software, a technology provider for financial institutions in Brazil, has been confirmed by the country's Central Bank. In response, the Central Bank ordered the immediate disconnection of institutions from C&M's compromised infrastructure to prevent further damage. While officials have not disclosed the value of the losses, media reports suggest the damage could be as high as one billion Brazilian reais. The incident highlights the significant systemic risk posed by cyberattacks on third-party vendors within the financial sector.

6. Cyberattack Halts Hero España Production

The Spanish food company Hero España suffered an external cyberattack that temporarily impacted its production facility in Alcantarilla, Murcia. As an immediate response, the company performed a controlled deactivation of its IT systems to prevent the attack from spreading. The incident has temporarily restricted local production and logistics operations, but the company has implemented contingency plans to mitigate the impact. This cybersecurity event was limited to Hero's operations in Spain and did not affect the company's other global divisions.

For more incidents, click here!

Click to Read

📢 Cyber News

7. US Treasury Sanctions Russian Tech Firm Aeza

The United States Department of the Treasury has sanctioned the Russian company Aeza Group for acting as a "bulletproof hosting" service for cybercriminals. The company allegedly provided services to ransomware gangs like BianLian, darknet drug markets, and pro-Russian disinformation campaigns. The sanctions also target four of the company's leaders, including its CEO, who was arrested in Russia in April. This action is part of a broader U.S. strategy to dismantle the cybercrime ecosystem by targeting critical infrastructure providers.

8. Trump's Cyber Director Nominee Advances

The nomination of Sean Cairncross for national cyber director has advanced out of a key Senate committee for a full vote. His nomination has faced controversy due to his lack of a technical cybersecurity background, which was a focus of his hearing. Cairncross cited his extensive management experience and his perspective from dealing with cyberattacks as a "user" as his qualifications. Despite the concerns, he received some Democratic support and is now one step closer to a final Senate confirmation.

9. LevelBlue to Acquire Trustwave for MSSP Lead

The cybersecurity company LevelBlue has announced its acquisition of the managed detection and response firm Trustwave. This move, combined with its planned purchase of Aon's cyber business, aims to make LevelBlue the largest pure-play managed security services provider. The deal marks a homecoming for LevelBlue's CEO Bob McCullen, who was the chairman and CEO of Trustwave until 2015. The acquisition will combine LevelBlue's managed security expertise with Trustwave's MDR services and its strong international presence.

For more news, click here!

Check Events

📈Cyber Stocks

Cybersecurity stocks reflected mixed sentiment on Wednesday, July 2, 2025:

Okta (OKTA) closed at $98.55, down 1.45%, as investors took profits following recent analyst upgrades and a slight dip in its Relative Strength Rating despite continued earnings growth.
Varonis (VRNS) ended at $50.03, down 1.44%, as enthusiasm over its new strategic partnership with Microsoft faded amid broader weakness in the tech sector.
CrowdStrike (CRWD) fell to $492.07, a decline of 3.38%, due to valuation concerns in high-growth tech and cautious investor positioning ahead of its upcoming earnings.
Palo Alto Networks (PANW) dropped to $197.58, down 3.43%, after recent gains from AI-driven momentum were tempered by investor profit-taking and sector-wide consolidation.
Qualys (QLYS) rose to $144.47, gaining 1.05%, supported by strong demand for cloud-native security solutions and recognition at the SC Awards Europe.

💡 Cyber Tip

Stay Alert as Bluetooth Flaw Lets Hackers Spy on Your Calls and Data

Security researchers have uncovered serious vulnerabilities in Airoha Bluetooth chipsets used in popular headphones and speakers from brands like Sony, Bose, and Marshall. These flaws allow attackers within Bluetooth range to bypass authentication, access device memory, steal contacts and call history, and even activate microphones to eavesdrop, all without user interaction. Although the chipmaker has issued a fix, many audio device manufacturers have not yet released firmware updates to users.

✅ What you should do:

Check your device manufacturer’s website for the latest firmware updates and apply them as soon as they’re available.
Avoid using Bluetooth audio devices in sensitive environments until updates are confirmed.
Unpair unused or unfamiliar Bluetooth devices from your phone or computer.
Keep your phone’s Bluetooth turned off when not in use to reduce exposure.
Use headphones with wired connections when privacy is a concern.

🔒 Why this matters:

These vulnerabilities turn everyday audio devices into potential surveillance tools. Even though attacks require close range and a high level of skill, the threat is real, especially for high-value targets. Staying updated and limiting Bluetooth exposure is essential for protecting your privacy.