Cyber Briefing: 2025.07.03

NimDoor hits Macs, PDFs hide scam QR codes, Sudo bug threatens Linux, medtech firm hacked, WHH ransomware, Max breach, Spain arrests hackers, and Google fined $314M over Android data use.

Jul 03, 2025

👉 What's trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Unkillable Mac Malware From North Korea

North Korean hackers are targeting cryptocurrency organizations with a new family of macOS malware known as NimDoor. The attack chain uses social engineering on platforms like Telegram to lure victims into running a fake Zoom SDK update. The malware features a novel persistence mechanism that uses signal handlers to reinstall itself if a user tries to terminate the process. Once running, the malware can steal credentials from web browsers and exfiltrate data from the Telegram desktop application.

2. PDFs Deliver QR Codes in Callback Scams

Cybersecurity researchers are highlighting a rise in sophisticated phishing campaigns that impersonate trusted brands to deceive victims. One popular method, known as callback phishing or TOAD, uses PDF attachments to convince users to call fake support numbers. Attackers are also exploiting Microsoft 365's Direct Send feature to spoof internal emails and are using malicious QR codes in their campaigns. Emerging threats now include poisoning AI chatbot responses and search engine results to direct unsuspecting users to malicious websites.

3. Critical Sudo Flaws Expose Linux Systems

Security researchers have discovered two critical elevation of privilege vulnerabilities in the widely used Sudo Linux utility. One flaw has remained hidden for over twelve years, allowing root access by exploiting Sudo's host option functionality. The second, more recent vulnerability allows local users to gain full root access by abusing the chroot function. As no workarounds exist, administrators are urged to immediately update to the patched Sudo version 1.9.17p1 or later.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Cyberattack Hits Medtech Firm Surmodics

The Minnesota-based medical device company Surmodics suffered a cyberattack on June 5, forcing it to shut down parts of its IT systems. With the help of cybersecurity experts, the company has partially recovered, but the full scope of the data theft is still under investigation. The attack comes as the company is also in the middle of a federal court case with the FTC, which is attempting to block its acquisition. Surmodics now faces multiple risks from the incident, including potential litigation, regulatory scrutiny, and changes in customer behavior.

5. Rhysida Ransomware Hits German Charity WHH

The German charity Deutsche Welthungerhilfe (WHH) has been attacked by the Rhysida ransomware gang, which stole data from its systems. The hackers are attempting to sell the stolen data, which could include donor information, on the dark web for 20 bitcoin, worth about $2.1 million. WHH has shut down affected systems, involved the police, and publicly stated it will not pay the ransom demand. Despite the attack, the charity's global aid projects, which serve millions in places like Gaza and Ukraine, are continuing without interruption.

6. Hacker Accesses Max Financial's User Data

India's Max Financial Services has disclosed that its insurance unit, Axis Max Life, was warned of a data breach by an anonymous sender. The company received a communication from the sender claiming to have gained unauthorized access to its customer data. In response, Axis Max Life has launched a detailed investigation with information security experts to assess the root cause and take remedial action. This incident is the latest in a series of high-profile security breaches that have recently hit India's financial sector.

For more incidents, click here!

Click to Read

📢 Cyber News

7. Jury Hits Google Over Android Data Use

A California jury has ordered Google to pay $314 million for collecting data from Android phones over cellular networks. The class-action lawsuit argued that this practice was equivalent to stealing a resource that users had paid for. Google's defense stated the data transfers are critical for device security and performance, and that users had given their consent. The company strongly disagrees with the verdict and has announced its intention to appeal the court's decision.

8. Germany and Israel Plan Cyber Partnership

Germany has proposed strengthening its cybersecurity collaboration with Israel following the recent military conflict between Israel and Iran. The initiative, dubbed the "Cyber Dome," includes creating a joint research center and expanding intelligence cooperation between the two nations. The plan is driven by Germany's desire to learn from Israel's expertise in thwarting cyberattacks and to bolster its own defenses. This move comes as German authorities have warned of growing cyber and espionage threats from Russia, China, and Iran.

9. Spanish Police Arrest High Profile Hackers

Spanish police have arrested two individuals in Las Palmas for their involvement in data theft from government institutions. The duo, described as a threat to national security, focused their attacks on high-ranking state officials and journalists. One suspect specialized in exfiltrating the data, while the other managed its sale and laundered the cryptocurrency payments. These arrests are the latest in a series of recent high-profile successes by Spanish police against major cybercriminals.

For more news, click here!

Check Events

📈Cyber Stocks

On Thursday, July 3, 2025, cybersecurity stocks traded with limited volatility as investors responded to a mix of profit-taking, steady market sentiment, and company-specific developments.

Okta (OKTA) closed at $98.14, down 0.45%, as investors engaged in profit-taking following news that Smith Group Asset Management had increased its stake.
Varonis (VRNS) ended at $50.05, remaining virtually flat, as market stability offset any major reaction to ongoing momentum in its data security offerings.
CrowdStrike (CRWD) rose to $496.10, gaining 0.82%, supported by easing concerns over financial impacts from recent outage-related losses.
Palo Alto Networks (PANW) closed at $196.97, down 0.29%, as early profit-taking followed its recent AI-driven breakout and strong technical performance.
Qualys (QLYS) dipped to $143.98, declining 0.28%, due to light profit-taking after a solid earnings run and ahead of anticipated corporate updates.

💡 Cyber Tip

Be Alert as Fake PDFs Spread QR Code-Based Phishing

Phishing attacks are evolving with a rise in fake brand impersonation campaigns that use PDF attachments to distribute QR codes and fake support numbers. Known tactics like callback phishing (TOAD) trick users into calling attacker-controlled phone lines, while embedded QR codes in PDFs redirect users to credential-stealing websites. These campaigns often appear to come from trusted companies like Microsoft and DocuSign, making them especially deceptive.

✅ What you should do:

Avoid scanning QR codes from unexpected or unsolicited PDF attachments.
Do not call support numbers listed in emails or attachments without verifying them on official websites.
Check the sender’s email address carefully, especially if it claims to be internal or urgent.
Train staff to recognize PDF-based phishing attempts, including fake invoices or password alerts.
Use security tools that scan email attachments and detect QR-based phishing threats.

🔒 Why this matters:

These attacks combine social engineering with trusted formats like PDFs to bypass traditional email filters and lure users into taking action. Once scanned or called, victims may unknowingly give away login credentials or install malware. Awareness and cautious behavior are key to preventing account compromise.