July 10, 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

Oyster malware spreads via SEO poisoning, RondoDox botnet exploits IoT flaws for DDoS, ServiceNow ACL bug leaks data, McHire exposes 64M applicants, OpenAI tightens security after IP theft fears.

🚨 Cyber Alerts

1. Hackers Revive SEO Poisoning

Cybersecurity experts have identified a malicious campaign utilizing SEO-optimized fake landing pages, impersonating popular tools like PuTTY and WinSCP, to distribute the Oyster malware loader. These deceptive sites trick users into downloading what appears to be legitimate software, but secretly installs a backdoor for further malicious activity.

2. RondoDox Botnet Exploits Router Flaws

A new botnet called RondoDox is actively exploiting vulnerabilities in TBK DVRs and Four-Faith routers to create a network of compromised devices. These devices are then used as stealth proxies for various malicious activities, including DDoS attacks, while the malware employs advanced techniques to evade detection.

3. ServiceNow Data Exposure via ACLs

A high-severity ServiceNow vulnerability (CVE-2025–3648), codenamed Count(er) Strike, could allow unauthorized data exposure and exfiltration through misconfigured conditional Access Control List (ACL) rules. This flaw, discovered by Varonis, enables users to infer sensitive instance data, including PII and credentials, by exploiting differences in how the platform responds to denied access under various ACL conditions.

💥 Cyber Incidents

4. McDonald’s AI Hiring Bot Exposes Data

A severe security flaw in McDonald’s AI hiring system, McHire.com, allowed researchers to access the personal data of millions of job applicants using the password “123456.” This breach, affecting systems run by Paradox.ai, exposed sensitive information like names, emails, and chat histories, raising significant concerns about data security in AI recruitment.

5. Nippon Steel Solutions Data Breach After Zero-Day

Nippon Steel Solutions, a subsidiary of Nippon Steel, announced a data breach after hackers exploited a zero-day vulnerability in their network equipment, potentially exposing personal information of customers, partners, and employees. The company has taken steps to contain the breach, notified authorities, and is advising affected parties.

6. Bitcoin Depot Breach Exposes Data Crypto Users

Bitcoin Depot, a major Bitcoin ATM operator, is now informing nearly 27,000 customers about a data breach that occurred in June 2024, exposing personal information like names, addresses, and driver’s license numbers. The disclosure was delayed at the request of federal law enforcement conducting a parallel investigation.

📢 Cyber News

7. US Gov Seeks Unprecedented Cut to Cyber Budget

US Gov proposed 2026 budget seeks an unprecedented $1.23 billion cut to federal cybersecurity spending, a move that experts warn could significantly weaken national defenses, hinder talent development, and reduce crucial state and local grant funding amidst rising cyber threats. This reduction marks a reversal of consistent annual increases in cyber spending by civilian agencies since 2017 and is seen by many as a lack of seriousness regarding cybersecurity risk management.

8. US Sanctions N. Korean Andariel Member

The U.S. Treasury has sanctioned Song Kum Hyok, a North Korean hacker associated with the Andariel group, for his involvement in a scheme using fraudulent IT workers to gain remote employment with U.S. companies. This action highlights the ongoing efforts by the U.S. to disrupt North Korea’s illicit revenue streams, which are used to fund its weapons programs.

9. OpenAI Boosts Security Against Chinese IP Theft

OpenAI is significantly enhancing its internal security measures, including stricter data controls and staff vetting, due to concerns about intellectual property theft, particularly from Chinese AI rivals. These heightened precautions, accelerated by an alleged data distillation incident with DeepSeek, aim to safeguard its valuable AI models and proprietary information.

For more news click here

Get Shield 360

💡 Cyber Tip

Hackers Use Search Engine Tricks and Fake Sites to Distribute Malware

Security researchers have uncovered a campaign where hackers use SEO-optimized fake websites to impersonate trusted software like PuTTY and WinSCP. These deceptive pages distribute a stealthy malware loader known as Oyster, which installs a persistent backdoor on Windows systems. Victims often believe they are downloading legitimate tools, but instead they unknowingly infect their devices with malware capable of launching further attacks.

✅ What you should do:

• Always download software directly from the official website by typing the URL manually.
• Avoid relying solely on search engine results when looking for software downloads.
• Verify the domain name carefully before downloading any tool, especially if it looks slightly off.
• Monitor your system for suspicious scheduled tasks or unexpected DLL execution.
• Use endpoint protection that can detect stealthy loaders and suspicious software behavior.

🔒 Why this matters:

This campaign targets trusted software and professionals who use it, making it harder to detect. By poisoning search results and spoofing trusted tools, hackers trick users into installing backdoors on their own systems. Being cautious with software sources is essential to prevent compromise.

📚 Cyber Book

IT Disaster Recovery Planning For Dummies — by Peter H. Gregory

Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.