Cyber Briefing: 2025.08.06

Bing delivers Bumblebee malware, PXA Stealer hits 62 countries, Chollima targets job seekers, Pandora breached, Bitcoin theft exposed, SNAP hacked, hacker extradited, MS bug bounty, FinCEN kiosk alert

Aug 06, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Bing Search Delivers Bumblebee Malware

A sophisticated SEO poisoning campaign leveraged Bing search results to distribute Bumblebee malware, ultimately leading to Akira ransomware attacks. Threat actors specifically targeted users searching for legitimate IT management software, redirecting them to malicious sites that hosted trojanized installers, thereby gaining initial access to enterprise networks.

2. Vietnamese Hackers Use PXA Stealer

Cybersecurity researchers have identified a new wave of attacks distributing a Python-based information stealer called PXA Stealer, which has infected thousands of unique IP addresses across 62 countries. The malicious activity is attributed to Vietnamese-speaking cybercriminals who use a subscription-based underground ecosystem to monetize stolen data like passwords, credit card records, and browser cookies.

3. Chollima Hackers Target Job Seekers

The Famous Chollima APT group, linked to North Korea, has been targeting job seekers since December 2022 with a sophisticated multi-stage attack. The group deceives victims through fake online interviews, tricking them into downloading malicious NPM packages from GitHub that deploy the InvisibleFerret backdoor for remote access and credential theft.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Pandora Confirms Data Breach

Jewelry company Pandora has announced a data breach after customer information was stolen from its Salesforce database as part of a series of ongoing attacks by the ShinyHunters threat group. The exposed data includes customers' names, birthdates, and email addresses, but not passwords or financial information.

5. Arkham Reports LuBian Bitcoin Theft

A blockchain analytics firm, Arkham, has uncovered evidence of a five-year-old crypto heist where 127,426 BTC was allegedly stolen from the Chinese mining pool LuBian. The stolen funds, now valued at $14.5 billion, have remained largely dormant, and the victimized pool appears to have sent on-chain messages pleading for their return.

6. Georgia SNAP Call Center Cyberattack

Hackers recently attacked the call center for Georgia's SNAP benefits, run by a third-party contractor, attempting to access EBT account information. The Georgia Department of Human Services is urging SNAP recipients to change their PINs and use the ConnectEBT app for security while the investigation is ongoing.

For more incidents, click here!

Click to Read

📢 Cyber News

7. Nigerian Man Extradited for Hacking

Chukwuemeka Victor Amachukwu was extradited from France to the U.S. to face charges for his role in a large-scale hacking, fraud, and identity theft scheme. He and his co-conspirators allegedly stole personal information from thousands of people to file fraudulent tax returns and fraudulently obtain millions of dollars.

8. Microsoft Zero Day Quest Returns

Microsoft is launching the Zero Day Quest 2026 hacking contest, offering up to $5 million for security researchers who discover critical vulnerabilities in its cloud and AI systems. Submissions are open from August to October 2025, and top researchers will be invited to a live hacking event in spring 2026.

9. FinCEN Warns on Virtual Currency Kiosks

The U.S. Treasury's FinCEN is urging financial institutions to be alert for suspicious activity related to convertible virtual currency (CVC) kiosks, as these machines are being exploited by criminals for illicit purposes such as scams. FinCEN's notice provides financial institutions with red flag indicators and reminds them of their Bank Secrecy Act obligations to help combat fraud and other illicit activities facilitated by these kiosks.

For more news, click here!

Check Events

📈Cyber Stocks

On Wednesday, August 6, 2025, cybersecurity stocks broadly declined amid renewed tariff concerns, mixed earnings takeaways, and rising scrutiny on AI valuation narratives.

Fortinet (FTNT) fell 2.36% to $96.21, as technical breakdowns and a broader rotation out of cybersecurity hardware stocks overshadowed its solid margins and recent analyst reaffirmations.
SentinelOne (S) dropped 6.62% to $17.22, amid profit-taking following a steep rebound spurred by its acquisition of Prompt Security and growing concerns over stretched valuation metrics.
Check Point Software Technologies (CHKP) declined 1.97% to $188.90, as investors reacted to modest billings growth despite earnings beats, further weighed down by widespread rotation in high-multiple software stocks and institutional selling
Rapid7 (RPD) fell 2.70% to $20.17, pressured by fresh 52-week lows and lingering valuation concerns ahead of its Q2 earnings report on August 7, 2025.
Zscaler (ZS) slipped 1.36% to $281.96, as investors became cautious over its premium valuation despite continued momentum from its cloud-native security platform and Red Canary integration

💡 Cyber Tip

Avoid Bing Search Traps Spreading Bumblebee Malware and Akira Ransomware

A targeted SEO poisoning campaign exploited Bing search results for ManageEngine OpManager, tricking users into downloading a trojanized installer that secretly deployed Bumblebee malware. This malware served as an entry point for Akira ransomware, which encrypts enterprise data and demands ransom payments.

✅ What you should do:

Always download software from the official vendor website, not through search engine ads or unfamiliar links
Validate download URLs and check file hashes and digital signatures before installation
Monitor systems for unusual DLL side-loading behavior, especially via consent.exe
Use DNS filtering and endpoint protection to block known Bumblebee C2 IPs
Restrict admin privileges and separate domain management accounts from everyday usage
Educate IT teams about SEO poisoning and how to spot malicious lookalike domains

🔒 Why this matters:

This campaign bypassed traditional defenses by impersonating a trusted IT tool and targeting admin users directly. The use of Bumblebee malware to deliver Akira ransomware shows how search engine results can be weaponized to breach enterprise networks and deploy high-impact payloads.