Cyber Briefing: 2025.07.31

Choicejacking targets phone data, WordPress flaw exploited, JSCEAL via fake crypto apps, Albavisión hit by GLOBAL GROUP, St. Paul cyberattack, Ingram Micro threat, ATM hack.

Jul 31, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Choicejacking Attack Steals Phone Data

A new cybersecurity threat called Choicejacking bypasses existing smartphone safeguards, tricking devices connected to public chargers into granting data access without the user's knowledge. This attack happens faster than a person can blink, reinforcing expert advice to avoid using public USB ports for charging.

2. Hackers Exploit WordPress Theme Flaw

A critical vulnerability in the "Alone" WordPress theme, tracked as CVE-2025-5394, is being actively exploited by threat actors to take over websites. The flaw allows unauthenticated attackers to upload malicious files and execute code, so users must immediately update to theme version 7.8.5 to secure their sites.

3. Hackers Spread JSCEAL via Fake Crypto Apps

A new cybersecurity campaign uses fake cryptocurrency trading apps, promoted through thousands of Facebook ads, to distribute a malware called JSCEAL. This sophisticated malware, built from compiled JavaScript, steals sensitive data like credentials and crypto wallets while giving attackers extensive control over the victim's computer.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. GLOBAL GROUP Ransomware Hits Albavisión

The newly emerged GLOBAL GROUP ransomware gang claims to have attacked the Miami-based media giant Albavisión, stealing 400 GB of data and giving the company 15 days to negotiate. This group distinguishes itself by using AI-driven chatbots for negotiations and has rapidly targeted 29 victims across various sectors since its debut in June 2025.

5. Minnesota State Capital Under Cyberattack

The city of St. Paul, Minnesota, has shut down its government networks in response to a significant cyberattack, prompting the governor to activate the National Guard to aid in recovery. This deliberate attack by a sophisticated external actor has disrupted numerous city services, though officials state 911 remains operational and their primary concern is protecting employee data.

6. SafePay Ransomware Threatens Ingram Micro

The SafePay ransomware gang is threatening to release 3.5TB of data allegedly exfiltrated from the systems of IT giant Ingram Micro. While Ingram Micro swiftly recovered from the operational outage caused by the attack, it has not officially confirmed the data breach or the identity of the attackers.

For more incidents, click here!

Click to Read

📢 Cyber News

7. Chinese Firms Tied to Silk Typhoon Patents

Chinese companies connected to the state-sponsored hacking group Silk Typhoon (Hafnium) have filed more than fifteen patents for sophisticated cyber espionage tools. This research exposes a state-contracted ecosystem where private firms develop offensive capabilities, such as encrypted data collection and remote device access, for China's Ministry of State Security.

8. FunkSec Ransomware Decryptor Released

Cybersecurity experts at Gen Digital have released a free decryptor for the FunkSec ransomware, allowing its victims to recover their files. The ransomware is now considered defunct, having shown no activity since March 2025, after claiming 172 victims primarily in the technology, government, and education sectors.

9. UNC2891 Hackers Breach ATMs

A financially motivated threat group, UNC2891, breached a bank's ATM network by physically attaching a Raspberry Pi with a 4G modem to an internal switch, creating a persistent backdoor. They used sophisticated evasion tactics, including Linux bind mounts to hide their processes, and aimed to install a rootkit for fraudulent cash withdrawals before being detected through advanced forensic analysis.

For more news, click here!

Check Events

📈Cyber Stocks

On Thursday, July 31, 2025, cybersecurity stocks saw notable divergence as markets reacted sharply to earnings releases, valuation shifts, and continued speculation around AI capabilities.

Zscaler (ZS) slipped 0.77% to $287.73, as investors weighed strong enterprise adoption against concerns over its elevated valuation and resistance at technical chart levels.
Check Point Software Technologies (CHKP) plunged 14.39% to $186.67, after its Q2 results revealed weaker-than-expected billings growth despite solid revenue and EPS, triggering a sharp market sell-off.
Rapid7 (RPD) dropped 4.12% to $21.67, pressured by renewed valuation worries as the stock approached a 52-week low, prompting caution from institutional investors.
SentinelOne (S) edged up 0.64% to $18.80, buoyed by investor interest amid ongoing acquisition speculation and growing confidence in its AI-powered Singularity platform.
Fortinet (FTNT) declined 2.90% to $101.71, as technical breakdowns and profit-taking overshadowed steady fundamentals, with investors rotating away from cybersecurity hardware stocks.

💡 Cyber Tip

Avoid Public USB Charging Ports to Block Choicejacking Attacks

Cybersecurity researchers have identified a new attack called Choicejacking, which allows malicious public chargers to trick smartphones into granting data access without the user's consent. Unlike older juice jacking methods, this attack fakes user input to bypass security prompts in under 133 milliseconds. Once access is granted, attackers can steal data, view messages, and install malware..

✅ What you should do:

Avoid using public USB charging stations at airports, hotels, cafés, or malls
Carry your own charger and plug into a power outlet, not a public USB port
Use a USB data blocker (USB condom) to prevent data transfer while charging
Disable USB debugging mode and ensure device lock screens are secure
Keep your OS and firmware up to date to patch known vulnerabilities

🔒 Why this matters:

Choicejacking bypasses the very safeguards users rely on to control data access. It turns public charging ports into silent attack vectors that exploit trust and speed. Protecting your phone means taking control of how and where you charge.