Cyber Briefing: 2025.08.01

NOVABLIGHT steals logins and crypto, PyPI phishing alert, Dahua camera flaws, French museum hacked, Russia hit by second cyberattack, Mailchimp breach, CISA launches Thorium, NFT thief jailed.

Aug 01, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. NOVABLIGHT Steals Logins and Crypto

A new Malware-as-a-Service (MaaS) infostealer named NOVABLIGHT is being sold by the French-speaking Sordeal Group under the guise of an "educational tool." Built on the Electron framework, this sophisticated malware uses advanced obfuscation and anti-analysis techniques to steal credentials, browser data, and cryptocurrency from its victims.

2. PyPI Warns of Email Phishing Attack

The Python Package Index (PyPI) is alerting users to an active phishing campaign involving emails from the fraudulent address noreply@pypj[.]org. These messages, titled "[PyPI] Email verification," redirect recipients to a fake website designed to steal their login credentials.

3. Dahua Camera Flaws Enable Remote Hacking

Cybersecurity researchers found critical flaws in Dahua smart cameras that allow unauthenticated remote code execution, giving hackers full control. Patches have been released, and users are urged to update their firmware immediately to protect their devices.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Cyberattack Hits French Natural History Museum

The French National Museum of Natural History suffered a major cyberattack on Thursday, July 31, forcing the shutdown of its vast research databases. The disruption, which impacts hundreds of researchers in biology and archaeology, is expected to last for several weeks.

5. Russia Faces Second Major Cyberattack

A massive cyberattack, attributed to a pro-Ukrainian group, has shut down hundreds of Russian pharmacies, including nearly 900 Stolichki locations. This breach followed a major hack that crippled Aeroflot, Russia's largest airline, signaling a significant escalation in cyber warfare targeting the nation's critical infrastructure.

6. Everest Ransomware Hits Mailchimp

The Everest ransomware group claims to have breached marketing platform Mailchimp, leaking a database of nearly one million lines of business contact information on its dark web site. This incident, while the data appears to be from a marketing export rather than internal systems, contributes to a significant surge in global ransomware attacks during July 2025.

For more incidents, click here!

Click to Read

📢 Cyber News

7. CISA Releases Thorium for Malware Analysis

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in partnership with Sandia National Laboratories, has launched Thorium, a new open-source platform for malware and forensic analysis. Designed for high-volume operations, the tool integrates various commercial and custom utilities to help public and private sector analysts automate workflows, analyze complex threats, and manage large-scale data efficiently.

8. Canadian Cybercriminal Sentenced for NFT Theft

A Canadian man was sentenced to a year in prison for a sophisticated scheme that used hacked X accounts of digital artists to steal NFTs and cryptocurrency. He and his co-conspirators defrauded over 200 victims, netting more than $794,000 by luring them to fraudulent websites.

9. Russia Blocks US‑Made Speedtest Over Security

Russia has blocked the popular internet testing tool Speedtest, with its communications watchdog citing national security risks and the potential for the service's data collection to be used in cyberattacks. This move is part of a broader government strategy to replace foreign technology with domestic alternatives and tighten control over its national internet segment, the Runet.

For more news, click here!

Check Events

📈Cyber Stocks

On Monday, August 1, 2025, cybersecurity stocks pulled back amid continued earnings digestion, valuation headwinds, and tempered investor sentiment across the sector.

Zscaler (ZS) fell 0.73% to $285.56, as investors remained cautious about its high valuation despite sustained demand for its cloud-native security offerings.
Rapid7 (RPD) dropped 2.56% to $21.12, pressured by concerns over weak mid-market demand and its stock hitting new 52-week lows.
Check Point Software Technologies (CHKP) eased 0.20% to $186.20, following mixed investor reaction to Q2 results that beat on revenue and EPS but showed softer billings growth.
SentinelOne (S) declined 2.47% to $18.34, as enthusiasm faded around potential acquisition rumors and caution grew over its valuation.
Fortinet (FTNT) slid 1.78% to $99.90, as investors rotated away from cybersecurity hardware stocks despite the company’s strong operating margins and product performance.

💡 Cyber Tip

Delete Fake PyPI Verification Emails to Avoid Credential Theft

The Python Package Index (PyPI) has issued a warning about a phishing campaign targeting users with emails from noreply@pypj[.]org, designed to mimic official PyPI communications. These fake emails prompt users to "verify" their email address, linking to a spoofed PyPI login page that steals credentials. The goal is to hijack user accounts and potentially push malicious packages.

✅ What you should do:

Do not click links in emails claiming to be from PyPI unless you're sure they are legitimate
Double-check sender domains. pypj.org is fake, pypi.org is the real one
If you entered credentials on a fake site, change your PyPI password immediately
Check your PyPI Security History for unusual logins or activity
Enable 2FA on your PyPI account to add another layer of protection

🐍 Why this matters:

This phishing campaign targets developers and maintainers, aiming to compromise packages and poison the software supply chain. Staying alert to spoofed domains and enabling strong account protections is essential for securing open-source ecosystems.