Cyber Briefing: 2025.07.11

Fake news sites push crypto scams, SureForms flaw risks WP takeovers, Outlook outage raises cloud fears, GMX hacked for $40M, and fake AI firms spread AMOS malware to steal wallets.

Jul 11, 2025

👉 What's trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Fake Sites Push Investment Scams

Cybercriminals are creating over 17,000 fake CNN, BBC, and CNBC websites to promote fraudulent cryptocurrency investment schemes by featuring fabricated stories with prominent figures. These scams, spanning over 50 countries, lure victims through deceptive ads to sophisticated fake platforms, ultimately stealing money and personal data while hindering withdrawals.

2. Severe WordPress Flaw Puts 200K Sites at Risk

A critical vulnerability in the SureForms WordPress plugin allows unauthenticated attackers to delete arbitrary files, potentially leading to full site takeover for over 200,000 installations. This flaw, stemming from inadequate input validation, can be exploited by crafting malicious form submissions that, when deleted by an administrator, remove critical files like wp-config.php, paving the way for remote code execution.

3. Fake Firms Push Malware on Crypto Users

Cybercriminals are targeting cryptocurrency users with an ongoing social engineering campaign, creating fake AI, gaming, and Web3 companies to distribute malware that drains digital assets from both Windows and macOS systems. These elaborate scams leverage spoofed social media accounts and professional-looking project documentation on platforms like Notion and GitHub to trick victims into downloading malicious software.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Microsoft's Outlook Long Outage

Microsoft's Outlook service experienced a massive, 19-hour global outage, impacting millions of users and highlighting recurring issues within Microsoft 365 services. This disruption raises concerns about the resilience of hyperscale cloud platforms, especially given increasing complexity and data loads.

5. $40M+ Stolen from GMX Crypto Platform

Decentralized exchange GMX suffered an exploit resulting in over $40 million in cryptocurrency being stolen, leading to the disabling of trading on the platform. In an unusual move, GMX offered the hacker a 10% bounty for the return of 90% of the stolen funds within 48 hours,

6. Avantic Lab Affected By Ransomware

The Everest Group ransomware gang leaked 31 GB of patient data from Avantic Medical Lab on July 3rd, after an initial threat and countdown clock on June 10th. The stolen data, dating back to 2018 and including sensitive personal and medical information.

For more incidents, click here!

Click to Read

📢 Cyber News

7. Russian Pro-Player Arrested in Ransomware

Russian professional basketball player Daniil Kasatkin was arrested in France at the request of the United States, accused of acting as a negotiator for a ransomware gang. He is currently awaiting extradition to the US to face charges, with his lawyer maintaining his innocence and attributing the allegations to a second-hand computer.

8. Four Arrested in £440M Cyber Attack

The U.K. National Crime Agency (NCA) has arrested four individuals in connection with cyber attacks on Marks & Spencer, Co-op, and Harrods, believed to be orchestrated by the notorious cybercrime group Scattered Spider, also known as DragonForce. These arrests, including two 19-year-olds, a 17-year-old, and a 20-year-old woman,

9. Lovestruck Airman Leaks Secrets on App

A US Air Force employee has pleaded guilty to conspiring to transmit confidential national defense information. He shared military secrets about the Russia-Ukraine war with a woman he met on a dating app.

For more news, click here!

Check Events

📈Cyber Stocks

On Friday, July 11, 2025, cybersecurity stocks faced broad declines as investor sentiment turned risk-averse in response to newly announced tariffs, sector-wide profit-taking, and growing concerns over high valuations.

Okta (OKTA) fell 4.76% to $94.41, as software stocks came under pressure following President Trump’s announcement of expanded tariffs on Canadian goods.
Radware (RDWR) declined 4.06% to $29.31, impacted by the broader cybersecurity sell-off and limited short-term catalysts ahead of its Q2 earnings announcement.
CrowdStrike (CRWD) dropped 5.14% to $487.11, underperforming peers due to a rotation out of high-growth tech names and a CFRA downgrade citing overvaluation.
Palo Alto Networks (PANW) slipped 6.78% to $192.07, as investors took profits after recent highs and reacted to renewed geopolitical and trade-related concerns.
Fortinet (FTNT) declined 6.94% to $100.20, with traders trimming positions ahead of its August earnings and amid weakening sentiment across the cybersecurity sector.

💡 Cyber Tip

Watch Out for Fake News Sites Promoting Crypto Scam

Cybercriminals have created more than 17,000 fake news websites impersonating trusted outlets like CNN, BBC, and CNBC to promote fraudulent crypto investment platforms. These fake pages feature fabricated stories using well-known public figures to lure users into registering and depositing money on scam platforms. Victims are shown fake profits and manipulated dashboards to encourage further deposits, only to face delays and barriers when attempting to withdraw their funds.

✅ What you should do:

Always verify the URL before trusting news content or clicking investment links.
Avoid clicking on investment ads promoted through search engines or social media without independent verification.
Be suspicious of any investment platform promising guaranteed returns or featuring public figures endorsing crypto schemes.
Do not share personal documents or IDs unless you have confirmed the platform's legitimacy.
Report fake news sites or suspicious investment platforms to cybersecurity authorities or consumer protection agencies.

🔒 Why this matters:

These scams are global, professionally designed, and built to exploit trust in major brands and media outlets. Once you provide personal data or funds, recovering either can be extremely difficult. Staying skeptical and verifying sources is your best defense.