Cyber Briefing: 2025.09.12

Chinese fake jobs target ex-feds, CHILLYHELL & ZynorRAT malware found, Apple spyware alerts, Hello Gym leak, LNER & Panama breaches, DOJ seizes BTC, SwissBorg theft, Geordie AI security.

Sep 12, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Former Feds Targeted By Chinese Jobs

In 2021, a network of fraudulent, China-linked websites, likely run by a suspected Chinese intelligence operation, began trying to recruit former federal employees and policy experts. The websites, which posed as legitimate international affairs and policy research firms, posted fake job openings with high salaries to attract targets, but the content on them was often poorly written and featured stolen stock photos.

2. CHILLYHELL And ZynorRAT Threaten Systems

Cybersecurity researchers have uncovered two new malware families: CHILLYHELL, a modular backdoor targeting Apple's macOS, and ZynorRAT, a multi-platform remote access trojan (RAT) for Windows and Linux. The findings, detailed by Jamf Threat Labs and other security firms, highlight the sophisticated tactics of these threats, including advanced persistence methods and command-and-control (C2) communication.

3. Apple Warns Users As CERT-FR Confirms

Apple has issued warnings to customers about a recent spyware campaign, which France’s national cyber agency, CERT-FR, confirmed may have compromised iCloud-linked devices. The notifications, which Apple has sent out since early 2025, target high-risk individuals, including journalists, lawyers, and politicians.

For more alerts, click here!

Search Jobs

💥 Cyber Incidents

4. Hello Gym Leak Exposes Member Audio

Hello Gym, a company providing technology to the fitness industry, has exposed over 1.6 million audio recordings of gym members. This data leak, which includes personally identifiable information (PII), leaves customers vulnerable to deepfakes, spear-phishing, and identity theft.

5. LNER Warns Customers Of Data Breach

An East Coast Main Line train operator, LNER (London North Eastern Railway), has confirmed a data breach. The incident exposed some customer contact details and past travel information.

6. Panama Economy Ministry Reports Breach

Panama's Ministry of Economy and Finance (MEF) announced that it detected a cyberattack that may have compromised one of its computers. Although the government claims the incident was contained and did not affect core systems, the ransomware group INC Ransom has claimed responsibility for the attack, stating they stole over 1.5 TB of data.

For more incidents, click here!

Click to Report

📢 Cyber News

7. Feds Aim To Seize $5M In Stolen Bitcoin

The US Department of Justice is using civil forfeiture to seize $5 million in Bitcoin that was stolen from five victims through SIM swapping attacks. These funds were tracked as they were laundered through various cryptocurrency wallets and an online casino.

8. SwissBorg To Repay Users After Theft

SwissBorg, a Switzerland-based financial platform, recently disclosed that a cyberattack on one of its partners, Kiln, led to the theft of approximately $41 million in cryptocurrency. This incident, which occurred on a decentralized finance wallet held by Kiln, involved the unauthorized removal of 192,600 Solana coins. While the company confirmed reports of the breach, it stressed that its own platform's security was not compromised. This is a crucial distinction, as it places the vulnerability on a third-party service provider rather than on SwissBorg's core systems. The stolen funds represent 2% of SwissBorg's total assets and impacted only 1% of its users.

9. Geordie Launches AI Security Platform

Geordie has come out of stealth with $6.5 million in funding for its new platform, which helps businesses manage the security risks associated with using agentic AI. The company's platform provides real-time visibility into AI agent activity, alerting companies to unexpected behavior and helping them securely adopt this technology.

For more news, click here!

Check Events

📈Cyber Stocks

On Friday, September 12, 2025, cybersecurity stocks traded with mixed momentum as U.S. inflation rose to 2.9 percent year over year in August, core inflation held at 3.1 percent, and jobless claims came in higher than expected. These signals fueled concerns about stagflation and created uncertainty over how the Federal Reserve will approach rate cuts at its upcoming meeting.

Cloudflare (NET) closed at $224.64, moving slightly higher as strong revenue growth and rising demand for Zero Trust solutions supported institutional buying despite ongoing valuation concerns.
Rapid7 (RPD) finished at $20.08, recording a modest gain driven by better than expected second quarter results, although investor caution over longer deal cycles and tighter IT spending limited further upside.
Tenable (TENB) closed at $30.54, under pressure after recent shares fell from their highs, as its Q2 revenue growth (~12% YoY) driven by the Tenable One platform is viewed positively but valuation concerns and the company’s negative net income continue to weigh.
SentinelOne (S) settled at $18.46, posting a small increase as enthusiasm for its AI driven XDR platform outweighed profitability challenges and competitive pressures in the endpoint security segment.
Okta (OKTA) closed at $91.96, advancing after issuing improved guidance for fiscal 2026 and showing momentum in identity security that reassured investors about its ability to expand market share.

💡 Cyber Tip

📱 Apple Confirms Spyware Alerts as CERT-FR Verifies Targeted Attacks

Apple has warned users about a series of sophisticated spyware campaigns, confirmed by France’s CERT-FR, which tracked four threat notifications issued since early 2025. These alerts indicate that at least one iCloud-linked device may have been targeted or compromised, with victims including journalists, lawyers, politicians, and other high-risk individuals. The spyware relies on zero-day and zero-click exploits, making it especially dangerous because it requires no action from the victim.

✅ What you should do:

If you receive a notification, do not alter your device and save the email as evidence
Contact CERT-FR or your national CERT for support and investigation
Enable automatic updates on all Apple devices
Use Isolation Mode on iOS or Advanced Protection on Android if you’re at high risk
Follow strong digital hygiene: avoid suspicious links, use strong passcodes, enable 2FA, and separate work and personal devices
Restart your device daily to help disrupt spyware persistence

🔒 Why this matters

Commercial spyware like Pegasus, Predator, Graphite, and Triangulation continues to be deployed against high-risk individuals worldwide. Apple’s alerts, confirmed by CERT-FR, highlight the need for users to stay updated, vigilant, and proactive against advanced surveillance threats.