August 01, 2025 – Cyber Briefing

First time seeing this? Join us on Substack!

🚨 Cyber Alerts

1. NOVABLIGHT Steals Logins and Crypto

A new Malware-as-a-Service (MaaS) infostealer named NOVABLIGHT is being sold by the French-speaking Sordeal Group under the guise of an “educational tool.” Built on the Electron framework, this sophisticated malware uses advanced obfuscation and anti-analysis techniques to steal credentials, browser data, and cryptocurrency from its victims.

2. PyPI Warns of Email Phishing Attack

The Python Package Index (PyPI) is alerting users to an active phishing campaign involving emails from the fraudulent address noreply@pypj[.]org. These messages, titled “[PyPI] Email verification,” redirect recipients to a fake website designed to steal their login credentials.

3. Dahua Camera Flaws Enable Remote Hacking

Cybersecurity researchers found critical flaws in Dahua smart cameras that allow unauthenticated remote code execution, giving hackers full control. Patches have been released, and users are urged to update their firmware immediately to protect their devices.

💥 Cyber Incidents

4. Cyberattack Hits French Natural History Museum

The French National Museum of Natural History suffered a major cyberattack on Thursday, July 31, forcing the shutdown of its vast research databases. The disruption, which impacts hundreds of researchers in biology and archaeology, is expected to last for several weeks.

5. Russia Faces Second Major Cyberattack

A massive cyberattack, attributed to a pro-Ukrainian group, has shut down hundreds of Russian pharmacies, including nearly 900 Stolichki locations. This breach followed a major hack that crippled Aeroflot, Russia’s largest airline, signaling a significant escalation in cyber warfare targeting the nation’s critical infrastructure.

6. Everest Ransomware Hits Mailchimp

The Everest ransomware group claims to have breached marketing platform Mailchimp, leaking a database of nearly one million lines of business contact information on its dark web site. This incident, while the data appears to be from a marketing export rather than internal systems, contributes to a significant surge in global ransomware attacks during July 2025.

📢 Cyber News

7. CISA Releases Thorium for Malware Analysis

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in partnership with Sandia National Laboratories, has launched Thorium, a new open-source platform for malware and forensic analysis. Designed for high-volume operations, the tool integrates various commercial and custom utilities to help public and private sector analysts automate workflows, analyze complex threats, and manage large-scale data efficiently.

8. Canadian Cybercriminal Sentenced for NFT Theft

A Canadian man was sentenced to a year in prison for a sophisticated scheme that used hacked X accounts of digital artists to steal NFTs and cryptocurrency. He and his co-conspirators defrauded over 200 victims, netting more than $794,000 by luring them to fraudulent websites.

9. Russia Blocks US‑Made Speedtest Over Security

Russia has blocked the popular internet testing tool Speedtest, with its communications watchdog citing national security risks and the potential for the service’s data collection to be used in cyberattacks. This move is part of a broader government strategy to replace foreign technology with domestic alternatives and tighten control over its national internet segment, the Runet.

For more news click here

Get Shield 360

💡 Cyber Tip

Delete Fake PyPI Verification Emails to Avoid Credential Theft

The Python Package Index (PyPI) has issued a warning about a phishing campaign targeting users with emails from noreply@pypj[.]org, designed to mimic official PyPI communications. These fake emails prompt users to “verify” their email address, linking to a spoofed PyPI login page that steals credentials. The goal is to hijack user accounts and potentially push malicious packages.

✅ What you should do:

• Do not click links in emails claiming to be from PyPI unless you’re sure they are legitimate
• Double-check sender domains. pypj.org is fake, pypi.org is the real one
• If you entered credentials on a fake site, change your PyPI password immediately
• Check your PyPI Security History for unusual logins or activity
• Enable 2FA on your PyPI account to add another layer of protection

🐍 Why this matters:

This phishing campaign targets developers and maintainers, aiming to compromise packages and poison the software supply chain. Staying alert to spoofed domains and enabling strong account protections is essential for securing open-source ecosystems.

📚 Cyber Book

Cyber Daters Beware (2014) by Noah Pranksky

Get Book ➤https://amzn.to/46CfQKk

Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.