Cyber Briefing: 2025.09.26

PyPI phishing, BRICKSTORM hack, WP backdoors, Indian bank leak, Neon app breach, RedNovember hits US defense, Microsoft halts IMOD, Kali update, Flo $59.5M.

Sep 26, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Book Consultation

🚨 Cyber Alerts

1. Fake PyPI Login Site Steals Credentials

The Python Software Foundation (PSF) is alerting developers to a new phishing campaign targeting users with fake PyPI emails that lead to a malicious login site. This site, designed to steal credentials, could allow attackers to compromise widely used software packages.

2. Google Warns of BRICKSTORM Malware

Chinese government-backed hackers have been found using sophisticated malware to infiltrate US technology companies, law firms, and SaaS providers. The cyberespionage campaign, which Google researchers have called one of the most significant supply-chain hacks in recent memory, highlights a growing trend of long-term attacks designed to steal sensitive data from both vendors and their customers.

3. Hidden WordPress Backdoors Create Admins

Malicious files disguised as legitimate WordPress components were found on a compromised website, creating a persistent backdoor for attackers. Two files, one masquerading as a plugin and another as a core WordPress file, worked together to ensure a hidden, high-privilege administrator account was always present, even if the site owner tried to delete it.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Indian Bank Transfer Records Exposed

In India, an unsecured cloud server exposed hundreds of thousands of sensitive bank transfer documents, including account numbers and contact details, in a major data spill. Researchers at the cybersecurity firm UpGuard discovered the publicly accessible server, which was left open due to a misconfiguration.

5. Neon App Shuts Down After Data Leak

A new app called Neon, which pays users for their call recordings to sell to AI companies, has quickly become a top-five free app on the iPhone. However, a security flaw was discovered that exposed user data, including phone numbers, call recordings, and transcripts, leading to the app being taken offline.

6. Chinese Cyberspies Hit US Defense Firms

A Chinese state-sponsored cyberespionage group, known as RedNovember, has been targeting a wide range of organizations across the globe, including US defense contractors. The group gains initial access by exploiting vulnerabilities in various network devices and has been observed deploying custom malware to steal sensitive information.

For more incidents, click here!

Click to Report

📢 Cyber News

7. Microsoft Halts Services to Israeli Ministry of Defense Unit

In response to a review of allegations, Microsoft has stopped providing certain services to a unit of the Israel Ministry of Defense (IMOD). The company’s decision is based on evidence that suggests a violation of its policy against mass civilian surveillance, and the review is ongoing.

8. Kali Linux 2025.3 Released With 10 Tools

Kali Linux has released version 2025.3, which includes ten new security tools and significant improvements to its Wi-Fi capabilities. The update features Nexmon support for enhanced wireless functionality and new tools like Gemini CLI and llm-tools-nmap that integrate artificial intelligence into penetration testing workflows.

9. Google Flo Health Flurry Pay 59.5M

Flo Health, Google, and Flurry have agreed to pay nearly $60 million to settle a lawsuit alleging that Flo’s fertility app shared users’ sensitive data with Google and Flurry without consent. The $59.5 million settlement, which was recently detailed in court filings, will be distributed to eligible class members who used the Flo app between November 2016 and February 2019.

For more news, click here!

Check Events

📈Cyber Stocks

As we moved toward the end of the week on Friday, September 26, 2025, cybersecurity equities delivered a mixed performance as investors weighed cautious macroeconomic sentiment against company-specific developments in AI-driven platforms and identity security. Some stocks found modest support from renewed optimism, while others continued to face pressure from profit-taking and valuation concerns.

Cloudflare (NET) closed at $218.21, up 0.29%, as steady investor interest in its AI and Zero Trust initiatives provided a small lift despite broader market caution.
CrowdStrike (CRWD) finished at $473.09, down 0.78%, as profit-taking and sensitivity to elevated valuations weighed on the stock even with strong ARR momentum.
Okta (OKTA) ended at $91.19, gaining 1.50%, supported by renewed optimism in identity security demand and encouraging analyst sentiment.
SentinelOne (S) settled at $18.15, slipping 0.25%, as slight concerns over guidance and growth sustainability offset ongoing adoption of its AI-powered endpoint solutions.
Rapid7 (RPD) closed at $19.34, down 0.57%, as enthusiasm cooled after earlier gains with investors focusing on execution risk and growth sustainability.

💡 Cyber Tip

🌐 Hidden WordPress Backdoors Create Admin Accounts

Security researchers uncovered two malicious files on a compromised WordPress site that worked together to create a hidden, high-privilege admin account. Disguised as a fake plugin and a core WordPress file, the backdoors ensured attackers always had control, even if the site owner tried to delete the account.

✅ What you should do

Regularly scan your WordPress installation with a trusted security plugin
Monitor for unknown administrator accounts and immediately remove them
Check file integrity to detect disguised or unauthorized files
Keep WordPress, themes, and plugins updated to the latest versions
Use strong credentials and enable two-factor authentication for all admin accounts

🔒 Why this matters

These backdoors show how attackers aim for persistence, not just one-time access. By hiding admin accounts and obfuscating malicious files, they can silently control a site, steal data, or inject spam. Staying vigilant with file checks and account monitoring is critical for defense.