Cyber Briefing: 2025.09.19

APT28’s new campaign, crypto phishing with AMOS, SEO poisoning, Tiffany & NY Blood Center breaches, Polish hospitals hit, Netskope IPO.

Sep 19, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Steganography Cloud C2 In Modular Chain

APT28, also known as Fancy Bear, launched the Phantom Net Voxel campaign, a technically advanced operation using steganography, social engineering, and legitimate cloud services. The campaign was a continuation of previous CERT-UA findings but included new, previously undocumented techniques.

2. Fake Empire Targets Crypto With AMOS

Cybersecurity researchers recently uncovered a phishing campaign where attackers impersonate a popular Web3 podcast to trick crypto developers and influencers into downloading malware. The criminals lure victims with fake interview requests and direct them to malicious websites disguised as legitimate platforms to distribute AMOS Stealer, a macOS malware.

3. SEO Poisoning Hits Chinese Users

Security researchers have discovered an SEO poisoning attack targeting Chinese-speaking Microsoft Windows users. The attackers manipulated search results to direct victims to fraudulent websites that distributed malware disguised as legitimate applications.

For more alerts, click here!

💥 Cyber Incidents

4. Tiffany Data Breach Hits Thousands

Luxury jeweler Tiffany & Co. is notifying customers in the U.S. and Canada that their personal information, including names, addresses, and gift card data, was stolen in a May 2025 data breach. The breach, which impacted over 2,500 people, is currently not linked to a wider cyberattack campaign against its parent company LVMH, though investigations are ongoing.

5. Russian Hackers Hit Polish Hospitals

Poland is increasing its cybersecurity budget to a record €1bn this year due to Russian cyberattacks targeting critical infrastructure. These attacks have successfully disrupted hospitals and made an unsuccessful attempt to shut down the water supply in a major city, leading to broader efforts to secure public infrastructure.

6. New York Blood Center Data Breach

New York Blood Center Enterprises confirmed a data breach in January 2025 that affected nearly 194,000 people, exposing sensitive information like names, Social Security numbers, and health data. While the organization hasn't identified the attackers or revealed how the breach occurred, it is offering victims free credit and identity monitoring.

For more incidents, click here!

Click to Report

📢 Cyber News

7. UK Police Arrest Two Scattered Spider Teens

U.K. police have arrested two teenagers from the Scattered Spider hacking group in connection with the August 2024 cyberattack on Transport for London (TfL), the city's main transport authority. The two suspects, 19-year-old Thalha Jubair and 18-year-old Owen Flowers, were charged with conspiring to commit unauthorized acts against TfL under the Computer Misuse Act.

8. Gold Salem Warlock Joins Ransomware

Counter Threat Unit™ (CTU) researchers are tracking a group that calls itself the Warlock Group, which has been deploying its Warlock ransomware since March 2025. While Microsoft links the group, which CTU™ researchers track as GOLD SALEM, to China, CTU researchers have not found sufficient evidence to support this claim.

9. Netskope Raises Over 908 Million

Cybersecurity firm Netskope recently raised over $908 million in its initial public offering on the Nasdaq, with shares jumping 18% on their first day of trading. The IPO valued the company at roughly $7.3 billion, a figure that grew to around $8.6 billion after its successful market debut.

For more news, click here!

Check Events

📈Cyber Stocks

On Friday, September 19, 2025, cybersecurity stocks traded higher as investor sentiment improved following strong company earnings, favorable analyst revisions, and continued optimism around demand for identity management and AI driven security platforms. Broader markets also reflected relief over stabilizing economic data, which supported gains across the technology sector.

Cloudflare (NET) closed at $223.57, rising 4.53 percent after reporting stronger than expected revenue per user and offering guidance that reinforced confidence in its growth across content delivery and Zero Trust solutions.
Rapid7 (RPD) finished at $20.18, gaining 3.44 percent as investors responded positively to signs of improving margins, solid demand for its threat detection services, and a favorable analyst upgrade.
Netskope (NTSK) ended its third day of public trading at around $22.49, up more than 18 percent from its $19 IPO price, as investors showed strong appetite for its cloud security and secure access service edge platform following its successful Nasdaq debut.
SentinelOne (S) settled at $18.72, up 1.93 percent as enthusiasm for its AI powered XDR roadmap and new customer acquisitions outweighed ongoing concerns about profitability and competitive pressure.
Okta (OKTA) closed at $93.60, advancing 3.96 percent following the announcement of major enterprise contracts and growing confidence that regulatory drivers will strengthen long term demand for identity management solutions.

💡 Cyber Tip

🎙️ Fake Empire Podcast Drops AMOS Stealer on Crypto Targets

A phishing campaign is impersonating the popular Web3 podcast Empire to trick crypto developers and influencers. Attackers send fake interview invites through social media, directing victims to counterfeit platforms like “Streamyard” or “Huddle.” Instead of joining an interview, victims download a malicious DMG file that installs AMOS (Atomic macOS) Stealer, exposing logins, cookies, and sensitive account data.

✅ What you should do

Be cautious of unsolicited interview requests on social media
Verify invitations directly with the real podcast or host
Never download “clients” from unverified or redirected links
Use macOS security features like Gatekeeper and XProtect
Monitor accounts and reset passwords if you suspect compromise

🔒 Why this matters

AMOS Stealer has repeatedly disguised itself as trusted apps, but this campaign shows how attackers exploit community trust to breach crypto and Web3 networks, stealing credentials and draining accounts.

Visit Book Club

📚 Cyber Review

Join us for Cyber Review with Bob Chaput , cybersecurity leader and author of Stop the Cyber Bleeding.

In this session, Chaput and healthcare experts discuss rising cyber threats to hospitals, patient safety, and connected health systems. He shares what inspired the book, real-world risks, and practical strategies for building strong Enterprise Cyber Risk Management (ECRM) programs.

This conversation offers key takeaways for healthcare leaders, CISOs, and policymakers seeking to protect patients and strengthen organizational resilience.