Cyber Briefing: 2025.07.09
Shellter tool leak spreads malware, Anatsa hits 90K via fake app, BitLocker flaw bypasses encryption, 26M resumes exposed, US sanctions Aeza hosting group, Microsoft ends 25-year run in Pakistan.
๐ Cyber Briefing Referral Giveaway Is Live!
Weโre growing quickly on Substack, and now you can help spread the word and earn rewards.
Hereโs what you can win by participating:
๐น 10 referrals: Newsletter shoutout
๐น 25 referrals: One-year free subscription
๐น 50 referrals: Cybersecurity consultation
๐น Top referrer (100+ referrals; see rules): $100 gift card
This is our way of saying thank you for helping build a smarter cyber community.
๐ What's trending in cybersecurity today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
๐จ Cyber Alerts
1. Hackers Use Leaked Shellter License for Malware
Hackers are exploiting a leaked license of the legitimate red teaming tool Shellter to distribute stealer malware like Lumma Stealer, Rhadamanthys Stealer, and SectopRAT, prompting an update from Shellter's developers to address the issue. Elastic Security Labs reported on this abuse, leading to a dispute with the Shellter Project over the timing and manner of public disclosure.
2. Anatsa Android Trojan Targets 90K Users
Anatsa, an Android banking trojan, has recently affected approximately 90,000 users in North America through a malicious "PDF Update" app distributed on the Google Play Store. The malware employs deceptive overlays simulating maintenance to steal banking credentials and perform fraudulent transactions, exhibiting a cyclical pattern to evade detection.
3. Windows BitLocker Vulnerability Allows Security Bypass
Microsoft has revealed a significant BitLocker vulnerability (CVE-2025-48818) that allows attackers with physical access to bypass security protections. This flaw, a TOCTOU race condition, enables unauthorized access to encrypted data with no user interaction or special privileges required.
For more alerts, click here!
๐ฅ Cyber Incidents
4. Recruiting Software Exposed 26M Resumes
TalentHook, an applicant tracking system, exposed nearly 26 million US job seekers' resumes containing sensitive personal information due to a misconfigured cloud storage instance. This data leak significantly increases the risk of identity theft, fraud, and targeted phishing attacks for those affected.
5. Norwegian Municipalities Hit by Data Breach
Extend AS, a data service provider for Norwegian municipalities, experienced a ransomware attack, compromising data from at least four municipalities including Kristiansand, Drammen, and Ringsaker. The stolen information, which may include internal routines, contingency plans, and vulnerability analyses, is expected to be published on the dark web, and the incident will be reported to the police.
6. 190K credit reports breached, sold on Dark Web
IT vendor Ezynetic was fined $17,500 for a data breach that exposed the personal information of over 190,000 individuals, which was then sold on the Dark Web. The breach occurred because Ezynetic failed to implement adequate security measures, including a strong administrator password and regular vulnerability assessments.
For more incidents, click here!
๐ข Cyber News
7. Samsung boosts One UI 8 security
Samsung is introducing significant data security and privacy enhancements with its upcoming One UI 8, including the new Knox Enhanced Encrypted Protection (KEEP) architecture for AI data, upgrades to Knox Matrix for multi-device security, and quantum-resistant WiFi. These updates aim to safeguard user information against modern and future threats, particularly with the increasing integration of AI.
8. US Gov Cracks Down Aeza Group
The US government has sanctioned Aeza Group, a Russia-linked "bulletproof hosting" provider, and its affiliates for knowingly facilitating cybercrime, including ransomware attacks by groups like BianLian and infostealer operations. While the sanctions aim to disrupt the cybercriminal ecosystem, their direct impact on Russian attackers might be limited due to Aeza's predominantly Russian customer base.
9. Microsoft Pakistan operations officially shut down
Microsoft officially ceased its 25-year operations in Pakistan on Friday, laying off its remaining employees. This exit, amidst security concerns and an unstable environment, was attributed by a former lead to the challenging local conditions, while Microsoft stated it would continue to serve customers through partners and other offices.
For more news, click here!
๐Cyber Stocks
On Wednesday, July 9, 2025, cybersecurity stocks posted modest gains as software firms remained resilient amid ongoing tariff tensions, benefiting from favorable R&D incentives, a softer dollar, and steady enterprise demand. Hereโs a concise summary of each companyโs stock movement and the primary driver behind it:
Okta (OKTA) closed at $97.53, up 0.13%, supported by the sectorโs low exposure to tariffs and positive sentiment around R&D tax benefits and favorable currency conditions.
Varonis (VRNS) edged up to $51.18, rising 0.21%, as consistent demand for its AI-driven data protection tools helped counterbalance broader tech market caution.
CrowdStrike (CRWD) increased to $507.71, gaining 0.45%, as investors remained confident in its AI-enhanced, globally diversified platform and its insulation from trade-related disruptions.
Palo Alto Networks (PANW) climbed to $203.99, up 1.26%, driven by strong earnings momentum, robust ARR growth, and investor optimism following its acquisition of Protect AI.
Qualys (QLYS) rose to $147.78, up 0.68%, as steady demand for compliance and vulnerability management tools outweighed broader concerns around market volatility and tariffs.
๐ก Cyber Tip
New BitLocker Bug Lets Hackers Get Around Encryption
Microsoft has disclosed a critical vulnerability in BitLocker that allows attackers with physical access to bypass disk encryption and access protected data. The flaw, caused by a time-of-check time-of-use (TOCTOU) race condition, does not require special privileges or user interaction. If exploited, it could lead to a full compromise of encrypted systems, even when BitLocker is enabled.
โ What you should do:
Apply the latest Windows security updates that include the fix for CVE-2025-48818.
Ensure full-disk encryption is combined with strong physical access controls.
Consider using Secure Boot and TPM-based protection for additional hardware-level security.
Limit access to sensitive devices in high-risk environments like public areas or shared workspaces.
Monitor physical access logs to detect unauthorized attempts to access encrypted devices.
๐ Why this matters:
BitLocker is widely trusted to secure sensitive data, but this vulnerability shows even encryption tools can be bypassed under the right conditions. Patching systems and securing physical access is essential to protect critical information from theft or tampering.
๐ Cyber Book
That concludes todayโs briefing . You can check the top headlines here!
Copyright ยฉ 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.