Cyber Briefing: 2025.08.14

PhantomCard Android NFC trojan, WP plugin flaw CVE-2025-7384, PS1Bot malvertising, Manpower & Dutch healthcare breaches, GUR hits Filanko, DarkBit cracked, Google crypto app rules, $100M Ghana fraud.

CyberMaterial

and

Sofia

Aug 14, 2025

👉 What's trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Click to Read

🚨 Cyber Alerts

1. Android Malware Targets Banks

Cybersecurity researchers have uncovered a new Android trojan, PhantomCard, that uses NFC relay attacks to steal banking information and facilitate fraudulent transactions in Brazil. The malware tricks victims into placing their credit cards on their phones, at which point it relays the card data and PIN to an attacker-controlled server, allowing criminals to make unauthorized purchases.

2. WP Plugin Flaw Threatens 70K Sites

A recently discovered critical vulnerability in the "Database for Contact Form 7, WPforms, Elementor forms" plugin, designated as CVE-2025-7384, could allow remote attackers to execute malicious code on over 70,000 WordPress websites. This flaw, rated with a severe CVSS score of 9.8, stems from a PHP object injection issue that enables unauthenticated attackers to compromise affected sites without needing any user credentials.

3. PS1Bot Malware Spreads via Ads

A new malvertising campaign is infecting victims with a multi-stage malware framework called PS1Bot, which is designed to perform various malicious activities like information theft and keylogging. The malware uses a modular, in-memory execution approach to minimize its forensic footprint, making it difficult to detect and analyze.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Manpower Breach Hits 140K People

In January, the RansomHub ransomware group breached the systems of the staffing and recruiting firm Manpower, stealing sensitive information that belonged to approximately 140,000 individuals. The company has since notified those affected and is offering credit monitoring and identity theft protection services.

5. Dutch Cervical Study Breach Widens

A data breach at a Dutch clinical diagnostics lab is causing outrage after it was revealed the company waited a month to inform the public. Experts are calling the delay a violation of the law and a dangerous precedent for a healthcare sector that is increasingly targeted by cybercriminals.

6. GUR Hacks Russian Security Vendor

A GUR cyber corps unit successfully attacked Filanko, one of the largest private internet providers for Russian security forces, causing extensive damage to their infrastructure and data. The operation resulted in the destruction of numerous servers, virtual machines, and a significant amount of data, while also disabling thousands of pieces of networking equipment.

For more incidents, click here!

Get Help

📢 Cyber News

7. DarkBit Ransomware Encryption Cracked

Cybersecurity researchers at Profero have successfully cracked the encryption of the DarkBit ransomware, allowing victims to recover their files without paying a ransom. The company has not yet released the decryptor, but the breakthrough provides a path to free file recovery.

8. Google Sets Crypto App License Rules

Google is requiring developers of cryptocurrency exchanges and custodial wallets to obtain government licenses to publish apps in 15 jurisdictions, including the U.S. and the E.U. The policy change is intended to create a safer, more compliant ecosystem and comes as the FBI warns of sophisticated cryptocurrency scams where fraudsters pose as lawyers to further defraud victims.

9. Ghana Nationals Extradited for Fraud

Four Ghanaian nationals were charged in an indictment for their alleged roles in an international criminal organization that stole more than $100 million from victims through romance scams and business email compromises. Three of the suspects have been extradited to the U.S. and one remains at large.

For more news, click here!

Check Events

📈Cyber Stocks

On Thursday, August 14, 2025, cybersecurity stocks largely rose as markets reacted to merger optimism, strong cash flow performance, and renewed confidence in platform strategies

Palo Alto Networks (PANW) rose 0.83% to $176.86, buoyed by a Piper Sandler upgrade citing strong execution in its platform consolidation strategy and confidence that its $25 billion CyberArk acquisition will bolster long-term earnings and free cash flow.
Rapid7 (RPD) surged 5.98% to $21.32, driven by investor enthusiasm over its solid Q2 earnings beat and strong free cash flow, which appear to have helped shift sentiment despite lingering valuation concerns.
Check Point Software Technologies (CHKP) gained 3.86% to $188.12, supported by renewed optimism in its long-term billings outlook and stabilizing investor confidence after an earnings-induced sell-off.
SentinelOne (S) climbed 5.52% to $17.19, lifted by renewed speculation of a high-profile acquisition and sustained interest in its AI-powered cybersecurity platform.
Okta (OKTA) advanced 1.90% to $90.98, as investor sentiment improved with expectations of steady demand for its identity-secure solutions ahead of its upcoming earnings announcement.

💡 Cyber Tip

🌐 Update or Disable Vulnerable WordPress Plugin to Prevent RCE Attacks

A critical vulnerability (CVE-2025-7384) in the Database for Contact Form 7, WPforms, Elementor forms plugin affects over 70,000 WordPress sites and allows unauthenticated remote code execution. The flaw, caused by unsafe PHP object deserialization, can be chained with other plugins like Contact Form 7 to delete critical files such as wp-config.php and take full control of a site.

✅ What you should do:

Update the plugin immediately when a patched version is available
If no patch is released yet, disable or uninstall the plugin as a temporary safeguard
Audit your site for signs of compromise, especially suspicious file changes or deletions
Keep regular, offline backups for quick restoration after an attack
Apply a web application firewall (WAF) to block malicious requests targeting deserialization flaws

🔒 Why this matters:
This vulnerability is easy to exploit, requires no authentication, and is already public, making mass attacks likely. Acting quickly is critical to prevent your site from being hijacked or wiped.