Cyber Briefing: 2025.07.30

AMOS adds backdoor access, Soco404 hides malware in error pages, Scattered Spider warning, Lovense leak, Curaçao ransomware, Orange hack, FBI food cyber risk, Poland sabotage arrests

Jul 30, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Atomic macOS Stealer Adds Backdoor

The Atomic macOS Stealer (AMOS) has evolved from a simple data-stealing tool into a sophisticated persistent threat, giving attackers long-term remote access to compromised systems. It spreads through malicious websites and targeted spear-phishing campaigns, using advanced techniques to maintain access and evade detection.

2. Fake Error Pages Spread Malware

The Soco404 cryptomining campaign exploits misconfigured cloud services like PostgreSQL to deploy malware on Linux and Windows systems. Attackers use sophisticated evasion techniques, such as hiding malicious code in fake 404 error pages and masquerading processes, to establish persistent mining operations.

3. FBI, CISA Warn on Scattered Spider

A multi-national coalition of cybersecurity and law enforcement agencies has released a joint advisory detailing the evolving and sophisticated tactics of the cybercriminal group known as "Scattered Spider."

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Lovense App Leaks User Emails

A zero-day flaw in the Lovense sex toy platform allows attackers to obtain a user's private email address simply by knowing their public username. This vulnerability, which the company has known about for months, puts its 20 million users at significant risk of doxxing and harassment.

5. Curaçao Tax Systems Hit by Ransomware

The Curaçao Tax Authority is in crisis following a debilitating ransomware attack that occurred last Saturday, July 26, 2025, forcing a complete shutdown of its systems. The government has urgently requested assistance from the Netherlands, a move that has put a spotlight on the immediate response protocols and the role of the island's own cybersecurity task force.

6. Orange, France’s Top Telecom, Hacked

Orange, the massive French telecommunications firm, announced it detected a cyberattack on an internal system, leading to service disruptions for some customers as a precautionary measure. While the company stated no customer data appears to have been stolen, the incident comes shortly after France’s national cybersecurity agency issued warnings about state-sponsored espionage targeting the country's telecom sector.

For more incidents, click here!

Click to Read

📢 Cyber News

7. FBI Food Safety Symposium in Nebraska

A recent FBI symposium in Nebraska brought together farmers and experts to address the growing cybersecurity risks facing the nation's food supply. As agriculture becomes more technologically advanced, it has created new vulnerabilities to threats like ransomware and foreign interference, making cyber hygiene a critical national security issue for the farming sector.

8. Poland Trials 32 for Pro-Russian Sabotage

Polish authorities have detained 32 people for allegedly collaborating with Russian intelligence to conduct sabotage and arson attacks aimed at destabilizing the nation. The suspects, a diverse group of foreign nationals and Poles, are accused of being part of a wider Russian hybrid warfare campaign that includes recruiting individuals via messaging apps to attack infrastructure.

9. FBI Seizes $2.4M from Ransomware Gang

The FBI has successfully seized Bitcoin, now valued at over $2.4 million, from a member of the Chaos ransomware syndicate responsible for attacks in Texas. The US government has since filed a civil complaint seeking the permanent forfeiture of the funds, alleging they are the proceeds of criminal activities like extortion and money laundering.

For more news, click here!

Check Events

📈Cyber Stocks

On Wednesday, July 30, 2025, cybersecurity stocks showed mixed movement as the market reacted to earnings reports, sector valuations, and evolving threat intelligence.

Zscaler (ZS) rose 0.39% to $290.07, supported by continued demand for its cloud-native security services after its ThreatLabz report revealed a 146% surge in blocked ransomware attacks.
Rapid7 (RPD) dipped 0.31% to $22.59, as investor sentiment remained cautious due to valuation concerns and its lower price-to-sales ratio compared to sector peers.
Check Point Software Technologies (CHKP) declined 0.13% to $218.33, following its Q2 earnings, which showed better-than-expected EPS and revenue but weaker billings growth.
SentinelOne (S) dropped 4.69% to $18.69, weighed down by profit-taking and concerns over soft revenue guidance despite long-term optimism around its AI-driven platform.
Fortinet (FTNT) was nearly flat at $104.77, held steady by investor confidence in its strong firewall and SASE offerings despite broader rotation out of cybersecurity hardware stocks.

💡 Cyber Tip

Defend Against Scattered Spider’s Social Engineering and MFA Attacks

A joint advisory by the FBI, CISA, NCSC-UK, and ACSC warns that the cybercriminal group Scattered Spider is escalating its attacks using advanced social engineering, MFA fatigue tactics, SIM swapping, and remote access tools to compromise major organizations, especially in telecom and IT. Also known as UNC3944, Octo Tempest, or Muddled Libra, the group often gains access by impersonating IT support, tricking employees into sharing credentials or approving MFA requests, and deploying ransomware once inside the network.

✅ What you should do:

Enforce phishing-resistant MFA such as FIDO2 or smartcards wherever possible
Audit your environment for unauthorized remote access tools and block unused ports and protocols
Implement strict application allowlisting to block unapproved tools and executables
Regularly train staff to recognize social engineering tactics and MFA fatigue techniques
Maintain and routinely test offline backups to ensure resilience against ransomware
Monitor for signs of SIM swapping and consider using mobile carrier account PINs

🔒 Why this matters:

Scattered Spider is a well-resourced, socially skilled threat group that can bypass traditional defenses using human manipulation. Their use of real-time social engineering, push bombing, and remote tools makes them a major threat to enterprises. Proactive hardening, employee vigilance, and phishing-resistant MFA are your best defenses.