Cyber Briefing: 2025.07.29

macOS flaw exposes sensitive data, F1 fans hit by phishing, Xred malware in gaming software, Aeroflot hacked, GitHub outage, Cathay breach, UP arrests, Internet Archive named US depository

Jul 29, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. macOS Flaw Bypasses TCC, Exposes Data

Microsoft Threat Intelligence researchers uncovered a significant vulnerability in macOS, tracked as CVE-2025-31199, that allowed attackers to bypass the Transparency, Consent, and Control (TCC) framework. This security feature is designed to protect user privacy by requiring apps to get permission before accessing sensitive data. The flaw exploited macOS's Spotlight search tool, enabling a malicious plugin to read files from protected areas like the Downloads folder and Photos library without user consent.

2. Phishing Targets Belgian Grand Prix Fans

Following the 2025 Belgian Grand Prix, sophisticated threat actors have exploited the event's popularity to target both Formula 1 teams and their global fanbase. These cyberattacks range from corporate espionage targeting valuable team telemetry data to widespread phishing, social media scams, and malware-laden streaming sites designed to steal fans' personal and financial information.

3. Gaming Mouse Software Spreads Xred Malware

Gaming peripheral company Endgame Gear has announced a security breach where malware was embedded in the OP1w 4k v2 mouse configuration tool, distributed via their website between June 26 and July 9, 2025. The company has since removed the compromised file, confirmed the breach was isolated to that specific download, and implemented enhanced security measures.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Pro‑Ukraine Hackers Hit Aeroflot Servers

Russian airline Aeroflot experienced a major operational disruption, canceling over 50 flights after two pro-Ukraine hacking groups claimed responsibility for a crippling cyberattack. The Kremlin expressed alarm and launched a criminal investigation, with lawmakers describing the event as a wake-up call and part of a broader digital war against Russia.

5. GitHub Outage Disrupts Global Core Services

On July 28, 2025, GitHub experienced a significant outage affecting core services like API requests and pull requests, disrupting workflows for millions of developers globally. The issue, attributed to networking problems, lasted approximately three and a half hours before GitHub's engineering team successfully deployed a fix and restored all services.

6. Cathay Apologizes Over Asia Miles Breach

Cathay Pacific's Asia Miles loyalty program suffered a cyber attack where criminals stole miles and compromised the personal data of approximately 1,000 members by exploiting a security flaw. The airline has since apologized, rectified the vulnerability, and is working with authorities while restoring affected accounts and advising all members to heighten their security practices.

For more incidents, click here!

Click to Read

📢 Cyber News

7. Internet Archive Becomes US Federal Depository

The Internet Archive has been officially designated as a U.S. federal depository library by Senator Alex Padilla, granting it the authority to provide public online access to a wide range of government documents. This move aims to enhance the digitization and accessibility of federal publications, though it comes as the organization recovers from several significant cybersecurity breaches last year.

8. UP STF Busts Digital Arrest Gang in Thane

The UP Special Task Force arrested two brothers, Mohammad Iqbal Balasaheb and Shine Iqbal Balasaheb, for operating a sophisticated cybercrime racket from Thane, Maharashtra. Posing as law enforcement officials, the duo used deepfake technology and forged documents to conduct fake "digital arrests" and extort large sums of money from their victims.

9. Linux 6.16 Brings Performance and Networking Boosts

Linus Torvalds has announced the release of Linux kernel version 6.16, which is the result of a calm development cycle focused on stability and incremental improvements. The new version delivers numerous driver fixes and platform enhancements, while the development schedule for the next kernel, 6.17, may be adjusted due to Torvalds' upcoming travel plans.

For more news, click here!

Check Events

📈Cyber Stocks

Cybersecurity stocks were mixed on Tuesday, July 29, 2025, as the sector responded to earnings anticipation, valuation pressure, and new threat intelligence reports.

Zscaler (ZS) rose 0.98% to $289.04, lifted by strong investor interest following its ThreatLabz report highlighting a 146% surge in blocked ransomware attacks.
Rapid7 (RPD) dipped 0.26% to $22.65, as cautious sentiment persisted due to valuation concerns and a below-peer price-to-sales ratio.
Check Point Software Technologies (CHKP) declined 0.91% to $218.29, pressured by profit-taking ahead of its Q2 earnings despite continued institutional accumulation.
SentinelOne (S) edged up 0.26% to $19.60, supported by recognition in Gartner Peer Insights and renewed demand following exposure from a Microsoft server exploit.
Fortinet (FTNT) was nearly flat at $104.88, held steady by institutional inflows and ongoing investor confidence in its AI-driven cybersecurity platform.

💡 Cyber Tip

Update macOS to Block ‘Sploitlight’ Data Theft Exploit

Microsoft researchers have discovered a serious vulnerability in macOS, that allowed malicious actors to bypass Apple’s Transparency, Consent, and Control framework. The flaw, dubbed "Sploitlight," leverages the Spotlight search tool to load unsigned plugins that can access files in protected locations like the Downloads folder, Photos library, and Apple Intelligence cache without user consent. Attackers could steal photo metadata, GPS coordinates, facial recognition data, and more. Since some of this data syncs across devices via iCloud, the privacy risk extends to all linked Apple devices.

✅ What you should do:

Update your Mac to macOS Sequoia 15.4 or later to patch this vulnerability
Review and restrict third-party Spotlight plugins and avoid installing unsigned system extensions
Monitor file system access and suspicious activity in directories
Regularly audit and limit app permissions
Consider disabling Spotlight indexing on sensitive folders

✅ Why this matters:

The Sploitlight exploit turns a trusted system feature into a privacy backdoor by allowing unauthorized access to highly sensitive data. With syncing via iCloud, attackers could map your behavior across devices, making this a serious privacy and surveillance threat. Regular updates and permission hygiene are essential to staying protected.