July 25, 2025 – Cyber Briefing

First time seeing this? Join us on Substack!

🚨 Cyber Alerts

1. Sophos, SonicWall Patch Critical RCE Bugs

Sophos and SonicWall have announced critical security flaws in their Firewall and Secure Mobile Access (SMA) 100 series appliances, respectively. These vulnerabilities could allow attackers to execute remote code, and both companies have released patches to address the issues.

2. CastleLoader Uses Clickfix on Windows

A newly identified malware, CastleLoader, has emerged as a significant threat, using sophisticated phishing and social engineering to trick users into running malicious PowerShell scripts. Functioning as a distribution platform, it has successfully infected hundreds of high-value targets, including U.S. government entities, to deploy various information stealers and remote access trojans.

3. Koske Malware Hides in Panda Images

A new, sophisticated Linux malware named Koske, which researchers suspect was developed with AI, uses seemingly harmless JPEG images of pandas to deploy cryptocurrency miners directly into system memory. This threat establishes a stealthy foothold by executing a rootkit and a shell script from memory, profiling the system to efficiently mine over 18 different coins while hiding its presence.

💥 Cyber Incidents

4. Hackers Target Amazon’s AI Code Bot

A security breach exposed vulnerabilities in Amazon’s AI infrastructure after hackers injected malicious computer-wiping commands into its AI coding assistant, ‘Q’. The incident, executed via a simple GitHub pull request, highlights the growing threat of prompt injection attacks on AI systems and the inadequacy of traditional security measures.

5. APTs Use Fake Dalai Lama Apps to Spy

A China-nexus cyber espionage group launched two campaigns, “Operation GhostChat” and “Operation PhantomPrayers,” against the Tibetan community by using fraudulent websites themed around the Dalai Lama’s 90th birthday. These attacks lured victims into downloading trojanized applications, ultimately installing the powerful Gh0st RAT backdoor to conduct surveillance and steal information.

6. Infostealer Hidden in Steam Game

A threat actor named EncryptHub has compromised the early-access game “Chemia” on Steam, embedding info-stealing malware within its files. Unsuspecting players who download the title are infected with malware that silently harvests sensitive data, including account credentials and cryptocurrency wallet information.

📢 Cyber News

7. Jetflicks Operator Sentenced to 7 Years

The ringleader of the Jetflicks illegal streaming service, Kristopher Lee Dallmann, has been sentenced to seven years in prison for running a massive piracy operation that generated millions in profits. Operating for 12 years, the service used automated software to pirate over 183,000 TV episodes and 10,500 movies, causing an estimated $37.5 million in damages to copyright holders before its shutdown by the FBI in 2019.

8. Proton Launches Encrypted AI Assistant

Proton has introduced Lumo, a new privacy-first AI assistant designed to protect user data by not logging conversations or using them for model training. Built on open-source LLMs and encryption, the tool reflects the Swiss company’s non-profit mission, offering a transparent and secure alternative to mainstream AI services.

9. Brave Blocks Windows Recall Screenshot

Brave Software is proactively blocking Microsoft’s Windows Recall from capturing user activity within its privacy-focused browser by default. This move aims to protect users’ sensitive Browse history from being stored in what Brave considers a “persistent database” that is vulnerable to abuse.

For more news click here

Get Shield 360

💡 Cyber Tip

New Linux Malware Hides in Innocent-Looking Panda Images

Researchers have uncovered a stealthy Linux malware called Koske that uses real JPEG images of pandas to hide and deliver its payload. These images double as executable scripts that deploy a rootkit and a cryptocurrency miner directly into system memory. Once active, the malware profiles the system’s hardware to mine over 18 cryptocurrencies while concealing its presence with advanced evasion techniques.

✅ What you should do:

• Avoid running or downloading image files from untrusted or unfamiliar sources, even if they appear harmless.
• Audit public-facing systems like JupyterLab to ensure they are properly secured and not exposed online.
• Monitor for unusual CPU/GPU usage that may indicate hidden mining activity.
• Use Linux security tools that detect in-memory execution, rootkit behavior, and unauthorized cron jobs or services.
• Regularly check for suspicious scripts or binaries in temporary directories and system startup configurations.

🔒 Why this matters:

Koske uses sophisticated techniques to bypass file-based detection and execute directly in memory. Its ability to adapt, remain hidden, and use everyday file types like images highlights the need for deeper inspection and stronger controls, especially in Linux environments handling sensitive workloads.

📚 Cyber Book

All the Ghosts in the Machine: The Digital Afterlife of your Personal Data by Elaine Kasket

Get Book ➤ https://amzn.to/3HVAkRt

Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.