Cyber Briefing: 2025.07.28

Scattered Spider hits ESXi servers; SarangTrap hides in dating apps; Naval Group, Allianz, and Tea app breached; BlackSuit seized; ATM fraud ring busted; NK IT fraud leads to US sentencing.

Jul 28, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Scattered Spider Hits ESXi Servers

The cybercrime group Scattered Spider is targeting VMware ESXi hypervisors in North American retail, airline, and transportation sectors using sophisticated social engineering attacks instead of software exploits. Their highly effective method involves impersonating IT staff to gain access, pivoting to virtual environments to steal data and deploy ransomware with extreme speed and stealth, bypassing traditional security measures.

2. Malware Hides in Fake Dating Apps

A large-scale malware campaign named "SarangTrap" is using over 250 fake dating and social networking apps on both Android and iOS to steal sensitive user data, primarily targeting individuals in South Korea. The operation leverages emotionally manipulative tactics and an extensive network of phishing domains to trick victims into installing spyware that exfiltrates contacts, photos, and messages.

3. Post SMTP Bug Exposes 200K Sites

A critical vulnerability, CVE-2025-24000, in the popular Post SMTP WordPress plugin affects over 200,000 websites, allowing low-privileged users to access email logs and hijack administrator accounts. Site owners must update to version 3.3.0 or later immediately to patch the security flaw and prevent potential takeovers.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Cyberattack Hits French Naval Group

A cybercriminal has claimed a major cyberattack against French defense industrialist Naval Group, alleging the theft of one terabyte of confidential data concerning submarines and frigates. The hacker has issued a 72-hour ultimatum for the company to make contact before publishing the sensitive information, while Naval Group has launched an investigation with state services but has not yet confirmed the breach.

5. Tea App Leak Exposes 13K Women Users

The Tea app, a viral platform designed as a safe space for women to discuss men, has been hacked, exposing the sensitive data of its users. This breach resulted in the leak of an estimated 13,000 user verification photos and government IDs, which the company had claimed were deleted after review.

6. Allianz Life Data Breach Hits Majority

Allianz Life confirmed that a data breach on July 16, 2025, exposed the personal information of the majority of its 1.4 million customers after a threat actor accessed a third-party CRM system. The attack, believed to have been carried out by the ShinyHunters extortion group, was executed using a social engineering technique and is now under investigation by the company and the FBI.

For more incidents, click here!

Click to Read

📢 Cyber News

7. Law Enforcement Seizes BlackSuit Ransomware

An international law enforcement operation, led by U.S. Homeland Security Investigations, has successfully seized the dark web data leak site of the BlackSuit ransomware group. Believed to be a rebrand of the notorious Royal and Conti cybercrime syndicates, BlackSuit targeted critical infrastructure sectors with high ransom demands before its site was taken down.

8. UK & Romania Crack Down on ATM Fraudsters

An international network of ATM fraudsters responsible for stealing approximately €580,000 has been dismantled through a joint operation by Romanian and UK authorities, with support from Europol and Eurojust. The criminals primarily used a "Transaction Reversal Fraud" technique, and coordinated raids resulted in two arrests and the seizure of assets including luxury cars and real estate.

9. Arizona Woman Sentenced for North Korea IT Fraud

An Arizona woman, Christina Marie Chapman, received an eight-year prison sentence for assisting North Korean IT workers in securing remote jobs at 309 U.S. firms using fraudulent identities. She facilitated the scheme by hosting a "laptop farm" and laundering millions of dollars, helping the North Korean regime generate illicit revenue.

For more news, click here!

Check Events

📈Cyber Stocks

Cybersecurity stocks posted modest gains on Monday, July 28, 2025, as investor sentiment was shaped by institutional activity, AI-driven product momentum, and elevated geopolitical threat levels.

Zscaler (ZS) rose 0.67% to $286.19, supported by strong institutional accumulation and renewed analyst optimism following price target hikes from Scotiabank and Oppenheimer.
Rapid7 (RPD) gained 0.87% to $22.71, lifted by increased investor attention after the company uncovered a sophisticated malware campaign linked to Winos 4.0.
Check Point Software Technologies (CHKP) declined 0.85% to $220.11, as cybersecurity stocks faced mild selling pressure amid valuation resets and sector rotation.
SentinelOne (S) edged up 0.46% to $19.56, benefiting from heightened visibility after its Singularity platform was spotlighted in response to a major Microsoft server exploit.
Fortinet (FTNT) inched up 0.08% to $104.82, supported by investor confidence in its AI-driven solutions and strong profitability, including record-high 34% operating margins.

💡 Cyber Tip

Fake Dating Apps Used to Spread Spyware on Mobile Devices

A widespread mobile malware campaign, known as SarangTrap, is using fake dating and social networking apps to steal personal data from unsuspecting users. Over 250 malicious apps across Android and iOS trick victims into installing spyware that silently exfiltrates contacts, photos, messages, and device details. The campaign relies on emotional manipulation and deceptive design to appear trustworthy while compromising devices in the background.

✅ What you should do:

Only download apps from official app stores and verified developers.
Avoid installing apps promoted through unsolicited links, QR codes, or exclusive invitation codes.
Check app permissions and deny access to sensitive data unless absolutely necessary.
Do not install mobile configuration profiles unless they come from a trusted source.
Use mobile security software that can detect hidden spyware and phishing behaviors.

🔒 Why this matters:

SarangTrap combines social engineering with stealthy spyware to harvest private data from mobile users. Its cross-platform design and ability to bypass standard security warnings make it especially dangerous. Staying cautious with unfamiliar apps and monitoring permissions is essential to keeping your personal information safe.