July 21, 2025 – Cyber Briefing

First time seeing this? Join us on Substack!

🚨 Cyber Alerts

1. Microsoft Patch Fixes SharePoint RCE Under Attack

Microsoft has released urgent security patches for actively exploited vulnerabilities in on-premises SharePoint Servers, including a critical remote code execution flaw (CVE-2025–53770) being actively exploited by attackers to compromise organizations. Organizations are strongly advised to immediately apply updates, rotate keys, and assume compromise if their on-premises SharePoint is internet-exposed.

2. Microsoft AppLocker Bug Enables Security Bypass

Security researchers at Varonis Threat Labs found a subtle vulnerability in Microsoft’s AppLocker feature, stemming from an incorrect MaximumFileVersion setting, which could allow malicious applications to bypass restrictions if not for accompanying digital signature checks. While not critical due to these checks, it highlights the importance of precise security configurations.

3. PoisonSeed Hackers Bypass FIDO with QR Phishing

Cybersecurity researchers have uncovered a new attack technique, dubbed PoisonSeed, that circumvents FIDO key protections by tricking users into authenticating through spoofed login portals via cross-device sign-in features. This method, which doesn’t exploit a FIDO flaw but rather abuses a legitimate feature, allows attackers to gain unauthorized access to user accounts.

💥 Cyber Incidents

4. Arcadia Finance Hit as $3.5M Stolen in WETH Heist

Arcadia Finance, a DeFi platform on the Base blockchain, was exploited for approximately $3.5 million in USDC and USDS due to a vulnerability in its Rebalancer contract. The stolen funds were converted to WETH and moved to the Ethereum mainnet, prompting Arcadia to advise users to revoke asset manager permissions.

5. ATM Jackpotting in Michigan Nets $107K for Suspects

Two Florida men, Robert R. Rosales Rivero and Geniver Antonio Pinuela Testa, allegedly stole over $100,000 from Michigan ATMs in September 2024 using a “jackpotting” scheme and were later found with cash in Minnesota, leading to federal charges for Rivero while Testa remains at large.

6. Ransomware Hits Korea’s Top Guarantee Insurer

Seoul Guarantee Insurance, South Korea’s largest guarantee insurer, is experiencing a severe disruption due to a ransomware attack that has taken its core systems offline for three days, significantly impacting services, especially in the housing market. The company is working to restore operations and has pledged full compensation for affected customers.

📢 Cyber News

7. Free Decryptor Released for Phobos and 8Base

Japanese authorities, in collaboration with Europol and the FBI, have released a free decryptor for victims of Phobos and 8Base ransomware, enabling them to recover encrypted files without paying a ransom. This release follows recent international law enforcement efforts that have targeted and disrupted the operations of these ransomware groups, including multiple arrests.

8. FBI Traces BTC to Armenian Ransomware Hacker

U.S. authorities are dismantling a major ransomware operation by tracing over 1,600 Bitcoin in ransom payments, leading to charges against global cybercriminals. This effort recently resulted in the extradition and indictment of an Armenian national in the United States for his role in the Ryuk ransomware campaign.

9. Roblox’s AI Safety Tools Spark Teen Concerns

Roblox is implementing new safety and privacy features for teenagers, including an AI-powered age estimation system and enhanced parental controls, in response to growing regulatory scrutiny and legal challenges. A key update is the requirement for users aged 13 and above to submit a video selfie for age verification to unlock “Trusted Connections,” raising privacy concerns despite Roblox’s assurances about data handling.

For more news click here

Get Shield 360

💡 Cyber Tip

Watch Out for Weak Application Control

Security researchers have identified a flaw in Microsoft AppLocker’s suggested configuration that could allow certain unauthorized applications to bypass restrictions. The issue stems from an incorrect file version value, which could let tampered apps slip through if digital signature checks are not enforced. While not critical on its own, this misconfiguration highlights how small errors in security settings can open the door to exploitation.

✅ What you should do:

• Review your AppLocker rules to ensure file version ranges are configured correctly.
• Only allow applications that are digitally signed by trusted publishers.
• Monitor for unsigned or unusually versioned executables attempting to run.
• Regularly check Microsoft’s official documentation for updates or configuration changes.
• Test configuration updates in a secure environment before deploying organization-wide.

🔒 Why this matters:

Even minor misconfigurations can create exploitable gaps that sophisticated attackers may target. By aligning your settings with current guidance and enforcing digital signatures, you reduce the risk of unauthorized software execution within your environment.

📚 Cyber Book

The Technology Tail: A Digital Footprint Story by Julia Cook

Get Book ➤ https://amzn.to/3pI77z1

Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.