July 09, 2025 – Cyber Briefing

👉 What’s trending in cybersecurity today?

Hackers abuse leaked Shellter license to spread Lumma and SectopRAT malware, Anatsa trojan hits 90K Android users via fake PDF app, and Windows BitLocker flaw allows physical security bypass. TalentHook leaks 26M resumes, Norwegian municipalities suffer ransomware breach, and 190K credit reports sold on dark web. Samsung unveils quantum-resistant Wi-Fi in One UI 8, U.S. sanctions Aeza bulletproof hosting group, and Microsoft shuts down operations in Pakistan.

🚨 Cyber Alerts

1. Hackers Use Leaked Shellter License for Malware

Hackers are exploiting a leaked license of the legitimate red teaming tool Shellter to distribute stealer malware like Lumma Stealer, Rhadamanthys Stealer, and SectopRAT, prompting an update from Shellter’s developers to address the issue. Elastic Security Labs reported on this abuse, leading to a dispute with the Shellter Project over the timing and manner of public disclosure.

2. Anatsa Android Trojan Targets 90K Users

Anatsa, an Android banking trojan, has recently affected approximately 90,000 users in North America through a malicious “PDF Update” app distributed on the Google Play Store. The malware employs deceptive overlays simulating maintenance to steal banking credentials and perform fraudulent transactions, exhibiting a cyclical pattern to evade detection.

3. Windows BitLocker Vulnerability Allows Security Bypass

Microsoft has revealed a significant BitLocker vulnerability (CVE-2025–48818) that allows attackers with physical access to bypass security protections. This flaw, a TOCTOU race condition, enables unauthorized access to encrypted data with no user interaction or special privileges required.

💥 Cyber Incidents

4. Recruiting Software Exposed 26M Resumes

TalentHook, an applicant tracking system, exposed nearly 26 million US job seekers’ resumes containing sensitive personal information due to a misconfigured cloud storage instance. This data leak significantly increases the risk of identity theft, fraud, and targeted phishing attacks for those affected.

5. Norwegian Municipalities Hit by Data Breach

Extend AS, a data service provider for Norwegian municipalities, experienced a ransomware attack, compromising data from at least four municipalities including Kristiansand, Drammen, and Ringsaker. The stolen information, which may include internal routines, contingency plans, and vulnerability analyses, is expected to be published on the dark web, and the incident will be reported to the police.

6. 190K credit reports breached, sold on Dark Web

IT vendor Ezynetic was fined $17,500 for a data breach that exposed the personal information of over 190,000 individuals, which was then sold on the Dark Web. The breach occurred because Ezynetic failed to implement adequate security measures, including a strong administrator password and regular vulnerability assessments.

📢 Cyber News

7. Samsung boosts One UI 8 security

Samsung is introducing significant data security and privacy enhancements with its upcoming One UI 8, including the new Knox Enhanced Encrypted Protection (KEEP) architecture for AI data, upgrades to Knox Matrix for multi-device security, and quantum-resistant WiFi. These updates aim to safeguard user information against modern and future threats, particularly with the increasing integration of AI.

8. US Gov Cracks Down Aeza Group

The US government has sanctioned Aeza Group, a Russia-linked “bulletproof hosting” provider, and its affiliates for knowingly facilitating cybercrime, including ransomware attacks by groups like BianLian and infostealer operations. While the sanctions aim to disrupt the cybercriminal ecosystem, their direct impact on Russian attackers might be limited due to Aeza’s predominantly Russian customer base.

9. Microsoft Pakistan operations officially shut down

Microsoft officially ceased its 25-year operations in Pakistan on Friday, laying off its remaining employees. This exit, amidst security concerns and an unstable environment, was attributed by a former lead to the challenging local conditions, while Microsoft stated it would continue to serve customers through partners and other offices.

For more news click here

Get Shield 360

💡 Cyber Tip

New BitLocker Bug Lets Hackers Get Around Encryption

Microsoft has disclosed a critical vulnerability in BitLocker that allows attackers with physical access to bypass disk encryption and access protected data. The flaw, caused by a time-of-check time-of-use (TOCTOU) race condition, does not require special privileges or user interaction. If exploited, it could lead to a full compromise of encrypted systems, even when BitLocker is enabled.

✅ What you should do:

• Apply the latest Windows security updates that include the fix for CVE-2025–48818.
• Ensure full-disk encryption is combined with strong physical access controls.
• Consider using Secure Boot and TPM-based protection for additional hardware-level security.
• Limit access to sensitive devices in high-risk environments like public areas or shared workspaces.
• Monitor physical access logs to detect unauthorized attempts to access encrypted devices.

🔒 Why this matters:

BitLocker is widely trusted to secure sensitive data, but this vulnerability shows even encryption tools can be bypassed under the right conditions. Patching systems and securing physical access is essential to protect critical information from theft or tampering.

📚 Cyber Book

Simple IT by Owen Wollum

Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.