Cyber Briefing: 2025.07.22

Over 3,500 sites hijacked for cryptojacking, 7-Zip and CrushFTP zero-days exploited, Dior data breach,CoinDCX loses $44M, Poland air traffic disruption, UK sanctions APT28, and Darktrace acquires Mira

Jul 22, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. 3,500 Sites Hijacked to Secretly Mine Crypto

A new, stealthy JavaScript cryptocurrency miner has compromised over 3,500 websites globally, leveraging WebSockets to discreetly mine cryptocurrency by adapting to device capabilities, reminiscent of past browser-based cryptojacking. This attack, linked to previous Magecart skimming domains, highlights a trend of attackers diversifying payloads and prioritizing covert resource siphoning.

2. 7-Zip Flaw Lets Malicious RAR5 Files Crash PCs

A critical denial-of-service vulnerability (CVE-2025-53816) has been discovered in 7-Zip's RAR5 decoder, allowing attackers to crash systems by processing specially crafted RAR5 archive files due to a heap buffer overflow. Users are advised to immediately update to 7-Zip version 25.00 or later to mitigate this risk.

3. CrushFTP Warns of Zero-Day Exploit in the Wild

A critical zero-day exploit (CVE-2025-54309) impacting CrushFTP versions below 10.8.5 and 11.3.4_23 was recently discovered, allowing unauthenticated remote code execution via HTTP(S). This vulnerability, stemming from a previously patched bug, highlights the urgent need for users to update their systems to the latest versions to prevent compromise.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Dior Alerts Customers After Cyberattack Hit

Luxury fashion house Dior has announced a cybersecurity incident that exposed personal information of its clients. The breach, discovered on May 7, 2025, compromised a database containing names, contact details, addresses, and in some cases, even Social Security Numbers, though no payment information was accessed.

5. CoinDCX Says $44M Stolen from Crypto Reserves

Indian cryptocurrency exchange CoinDCX has confirmed a significant cyberattack over the weekend, resulting in the theft of over $44 million from one of its internal operational accounts. While user funds remain safe and unaffected, the company has launched an ambitious "Recovery Bounty Program" to enlist the broader Web3 community in tracing and recovering the stolen assets.

6. Poland Investigates Air Traffic Control Disruption

Poland's internal security agency is investigating a temporary outage in the country's air traffic control system that caused widespread delays at multiple airports on Saturday, suspecting potential sabotage. While the air navigation authority, PANSA, attributed the disruption to an unspecified technical malfunction and has restored the primary system, national security services are scrutinizing the incident for links to suspected Russian-backed sabotage.

For more incidents, click here!

Click to Read

📢 Cyber News

7. UK Sanctions APT28 for Microsoft Cloud Attack

The UK has formally accused Russian military intelligence (GRU) and its cyber threat group APT28 of deploying sophisticated new malware, "AUTHENTIC ANTICS," to steal email credentials and tokens for espionage. This attribution comes alongside new UK sanctions against three GRU units and 18 individuals for their involvement in malicious global cyber operations.

8. The Financial Toll of Dark Web Travel Sites

Dark web travel agencies offer deeply discounted travel services using stolen credentials and exploit mainstream booking platforms, posing a significant and evolving threat to the travel and hospitality industry. These illicit operations force the industry to rapidly increase cybersecurity investments and implement advanced defenses to combat pervasive fraud and sophisticated cybercrime tactics.

9. Darktrace Buys Network Visibility Firm Mira Security

Darktrace has acquired Mira Security, a network traffic visibility startup, to enhance its ability to gain insights from and decrypt encrypted network traffic, particularly for customers in highly regulated industries. This acquisition is expected to provide more comprehensive visibility across various network environments and accelerate Darktrace's innovation in network security.

For more news, click here!

Check Events

📈Cyber Stocks

Cybersecurity stocks inched higher on Tuesday, July 22, 2025, driven by themes such as AI tailwinds, institutional interest, and rising cyberthreats.

Okta (OKTA) rose 0.37% to $95.86, supported by renewed analyst attention after being featured in a Zacks list of promising AI-focused software stocks.
Radware (RDWR) climbed 2.09% to $29.79, extending its rally on the back of strong analyst ratings and increased visibility ahead of its Q2 earnings release.
CrowdStrike (CRWD) advanced 1.14% to $481.58, as investors favored its AI-enhanced, tariff-resilient platform amid rising concerns over global cybersecurity threats.
Palo Alto Networks (PANW) gained 2.13% to $199.88, driven by bullish analyst sentiment highlighting its strong AI security pipeline and leadership in the cybersecurity market.
Fortinet (FTNT) increased 1.47% to $106.94, benefiting from its expanding role in AI-powered security and its stable, recurring revenue model.

💡 Cyber Tip

Dangerous RAR5 Files May Crash 7-Zip and Interrupt System Operations

A critical flaw in 7-Zip's RAR5 decoder allows attackers to crash systems by processing specially crafted archive files. The vulnerability causes memory corruption through a buffer overflow, leading to application failure or full system crashes. Although it does not enable code execution, the impact is serious enough to disrupt operations and expose systems to denial-of-service attacks.

✅ What you should do:

Update 7-Zip to the latest version, starting from 25.00 or newer, to apply the fix.
Avoid opening RAR5 files from unknown or untrusted sources.
Use antivirus or sandbox tools to scan archive files before extraction.
Monitor systems for repeated crashes when handling compressed files.
Apply security controls to limit the impact of user-triggered archive processing.

🔒 Why this matters:

Even without executing code, this vulnerability can reliably crash systems and disrupt workflows. Keeping your software up to date and being cautious with archive files is essential to maintain system stability and defend against targeted attacks.