Cyber Briefing: 2025.08.07

UAC-0099 uses court lures to deploy malware, ClickFix evades detection, Dell firmware bugs exposed, Bouygues hit, NYC firm scammed $19M, PBS data leak, AI boosts vCISO, MS Project Ire fights malware.

Aug 07, 2025

👉 What's going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. HTA Malware Uses Court Summons Lures

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a recent cyber attack by the threat actor UAC-0099, targeting various Ukrainian government and defense sectors. These attacks use phishing emails with court summons as a lure to deliver new malware families, including MATCHBOIL, MATCHWOK, and DRAGSTARE, for espionage purposes.

2. ClickFix Uses CAPTCHAs to Spread Malware

Guardio Labs' new research explains how a social engineering tactic called ClickFix has rapidly grown, surpassing older scams. The success of ClickFix is attributed to its innovative use of social engineering, diverse propagation methods, and advanced evasion techniques that make it difficult to detect.

3. Critical Bugs Found in Dell Firmware

Vulnerabilities in Dell's ControlVault3 firmware, collectively named ReVault, allow attackers with physical access to bypass Windows login and create persistent firmware implants on over 100 laptop models. Dell has released firmware updates to patch these flaws, and users are strongly advised to apply them to secure their devices.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Bouygues Telecom Hit by Cyberattack

In a recent cyberattack, Bouygues Telecom experienced unauthorized access to the personal data of 6.4 million customers. The company's technical teams swiftly resolved the issue, and all affected customers have been or will be notified via email or text message.

5. Phishing Scam Costs NYC Firm $19M

A New York City luxury property management company, Milford Entities, was allegedly scammed out of nearly $19 million after an employee fell for a single phishing email. The fraudulent email redirected a large quarterly payment intended for the Battery Park City Authority (BPCA) to a scammer's bank account, triggering an investigation by the Department of Homeland Security.

6. PBS Data Breach Leaks Employee Info

A file containing corporate contact information for nearly 4,000 PBS employees and affiliates was stolen from an internal service and is now being shared on Discord servers. Although the breach appears to have been motivated by "rebellious curiosity" rather than financial gain, the exposed data could still be misused for harassment or doxxing.

For more incidents, click here!

Click to Read

📢 Cyber News

7. AI Cuts vCISO Workloads by 68%

Cybersecurity has become a critical need for businesses of all sizes, leading to a surge in demand for vCISO services among SMBs. This has prompted a significant increase in the adoption of vCISO offerings by MSPs and MSSPs, with a notable growth of 319% in just one year.

8. Microsoft’s AI Project Targets Malware

Microsoft has developed an autonomous AI agent, codenamed Project Ire, to analyze and classify software for malware detection. This LLM-powered system automates the complex process of reverse engineering to identify threats, aiming to scale up classification efforts and reduce the manual workload on security analysts.

9. WhatsApp Removes 6.8M Scam Accounts

WhatsApp, in a collaboration with Meta and OpenAI, has removed 6.8 million accounts associated with criminal scam centers, predominantly located in Cambodia. This initiative is a proactive step to combat widespread fraud and protect users by disrupting scam operations before they can fully engage with potential victims.

For more news, click here!

Check Events

📈Cyber Stocks

On Thursday, August 7, 2025, cybersecurity stocks saw varied movements as investors navigated fresh earnings results, valuation reassessments, and M&A speculation.

Fortinet (FTNT) ticked up 0.37% to $96.58, underpinned by strong Q2 execution and confidence in its growing role in securing operational technology environments despite technical rotations.
SentinelOne (S) edged up 0.52% to $17.31, buoyed by ongoing speculation around a possible strategic acquisition that continues to underpin investor interest despite recent valuation scrutiny.
Check Point Software Technologies (CHKP) declined 0.36% to $188.21, as post-earnings softness in billings tempered bullish sentiment despite solid revenue and earnings fundamentals.
Rapid7 (RPD) dipped 0.84% to $19.99, pressured by lingering valuation concerns and investor caution ahead of its earnings release, keeping sentiment subdued.
Zscaler (ZS) rose 2.63% to $289.32, driven by renewed investor confidence in its cloud-native security capabilities and strong institutional demand following continued bullish technical setups and ThreatLabz intelligence momentum.

💡 Cyber Tip

Update Dell Firmware Now to Fix ReVault Security Flaws

Researchers have uncovered five critical vulnerabilities in Dell's ControlVault3 firmware, affecting over 100 laptop models including Pro, Latitude, and Precision series. These ReVault flaws allow attackers with physical access to bypass Windows login, steal sensitive data, and implant persistent backdoors that survive OS reinstalls. Dell has released urgent firmware updates to patch these issues.

✅ What you should do:

Update ControlVault3 firmware immediately via Windows Update or Dell's official website
If not using biometric or smart card features, disable ControlVault services via Windows Device Manager or Services
In high-risk environments, turn off fingerprint login to reduce attack surface
Enable BIOS chassis intrusion alerts to detect physical tampering
Monitor devices for unusual behavior using tools like Cisco Secure Endpoint

🔒 Why this matters:

ReVault vulnerabilities let attackers bypass Windows login and install stealthy firmware implants that persist beyond reinstallation. These flaws highlight the critical need to patch not just software, but also firmware to protect your device's core security.