July 01, 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

C4 Bomb attack breaks Chrome cookie encryption, Facebook ads push Pi wallet-stealing malware, and Blind Eagle uses VBS scripts to deploy RATs. ICC targeted in NATO-week cyberattack, Swiss and Austrian healthcare vendors breached via third-party access, and DOJ busts North Korean IT worker laptop farms. Europol dismantles $540M crypto fraud ring, Cato Networks secures $359M to expand AI-powered SASE platform, and global defenses tighten against rapidly evolving infostealer threats.

🚨 Cyber Alerts

1. C4 Bomb Cracks Chrome Cookie Encryption

Cybersecurity researchers have developed a new attack called the C4 Bomb that bypasses Google Chrome’s AppBound Cookie Encryption. The technique uses a cryptographic weakness known as a padding oracle attack to decrypt protected cookies without administrator rights. This development undermines Google’s recent security enhancements as other infostealer malware families are also creating bypasses. The attack highlights the ongoing battle between developers and cybercriminals, with users urged to remain vigilant until stronger defenses are available.

2. Scammers Use Fake Ads to Steal Pi Wallets

Cybercriminals are exploiting Facebook’s ad platform in a global campaign using fake Pi Network promotions to steal cryptocurrency. The campaign uses phishing pages to capture wallet recovery phrases and also distributes malware disguised as Pi Network mining software. This multi-stage malware is engineered to evade detection while harvesting credentials, passwords, and financial data from infected systems. The operation’s success relies on exploiting users’ trust in Facebook and their limited knowledge of cryptocurrency security practices.

3. Blind Eagle Uses VBS Scripts to Deploy RATs

The threat actor Blind Eagle has been linked to the Russian bulletproof hosting service Proton66 in a campaign targeting Colombian financial institutions. The operation uses phishing pages that mimic legitimate banks to steal credentials and Visual Basic Scripts to deploy malware. These initial loaders install commodity Remote Access Trojans like AsyncRAT, which are obfuscated using crypter services to evade detection. The group’s persistence and ability to adapt its tactics demonstrate that it remains a significant threat to the region.

💥 Cyber Incidents

4. Sophisticated Attack Hits War Crimes Court

The International Criminal Court in The Hague, Netherlands, has been targeted by a sophisticated cyberattack. The incident, which occurred last week during a NATO summit, has been contained, but an impact analysis is still ongoing. This is the second major cyberattack to hit the court in recent years, with a 2023 breach still affecting its operations. The attack comes as the ICC handles politically sensitive cases, including arrest warrants for the leaders of Russia and Israel.

5. Ransomware Hits Swiss Government Vendor

The Swiss non-profit health organization Radix was hit by a ransomware attack from the Sarcoma group. The attackers stole and later published a 1.3TB archive of data on the dark web, affecting various Swiss federal offices that are clients of Radix. Switzerland’s National Cyber Security Centre is now analyzing the leaked data to see which government agencies were impacted. This incident follows a similar 2023 breach where another third-party provider was attacked, exposing sensitive government documents.

6. Cyberattack Hits Austrian Hospital Vendor

The Austrian healthcare provider Humanomed Group has reported a cyberattack on its private clinics in Villach and Klagenfurt. Hackers are believed to have gained access through a third-party company that remotely maintains the hospitals’ radiology software. While the company does not currently believe patient data was stolen, an investigation has been launched with external security experts. The central focus of the ongoing investigation is to determine if the attackers accessed or stole any sensitive patient information.

📢 Cyber News

7. U.S. Busts North Korean IT Worker Scheme

The U.S. Department of Justice has announced a major operation against a scheme involving thousands of North Korean IT workers. The operation included raiding nearly thirty “laptop farms” across the country that helped the workers use stolen identities to appear stateside. This years-long scheme fraudulently obtained employment at over one hundred U.S. companies to fund North Korea’s weapons programs. U.S. authorities arrested one American facilitator and seized dozens of financial accounts, fraudulent websites, and nearly 200 computers.

8. Europol Cracks $540 Million Crypto Fraud

An international law enforcement operation has dismantled a massive cryptocurrency fraud ring that laundered $540 million from over 5,000 victims. The syndicate used “pig butchering” tactics to gain victims’ trust before directing them to fake investment platforms and laundering funds through Hong Kong. This type of widespread fraud is often powered by victims of human trafficking who are forced to work in scam compounds in Southeast Asia. As a result of the investigation, called Operation Borrelli, five suspects have been arrested by authorities in Spain.

9. SASE Leader Cato Networks Gets $359M Funding

The secure access service edge (SASE) provider Cato Networks has announced a massive $359 million Series G funding round, valuing the company at over $4.8 billion. The oversubscribed round was led by new and existing investors and brings the company’s total funding to more than one billion dollars. Cato Networks plans to use the new capital to advance its AI security capabilities and expand its global presence. This investment comes as the SASE market is rapidly expanding and Cato’s own revenue growth is outpacing the market average.

Get Shield 360

💡 Cyber Tip

Avoid Fake Pi Promotions That Steal Wallet Credentials

Cybercriminals are using Facebook ads to launch a global campaign targeting Pi Network users. Fake promotions lead victims to phishing pages designed to steal wallet recovery phrases or to download malware disguised as mining software. Once installed, the malware harvests passwords, login credentials, and sensitive financial data. The operation is highly coordinated and leverages social media trust and poor cryptocurrency security awareness to reach users across the United States, Europe, Asia, and Australia.

✅ What you should do:

Never enter your wallet recovery phrase on any website, especially if prompted by ads or promotional offers.
Only download mining software or wallet apps from official Pi Network channels or verified app stores.
Use antivirus software to scan all downloads before installing them on your device.
Monitor your cryptocurrency wallets regularly for unauthorized access or transactions.
Report suspicious ads or phishing pages directly to Facebook and your local cybersecurity authority.

🔒 Why this matters:

This campaign shows how easily trust in familiar platforms can be exploited. Once a recovery phrase is stolen, attackers gain full control over the wallet and its contents. Knowing how to recognize and avoid fake promotions is key to protecting your digital assets.

📚 Cyber Book

Data Privacy: A runbook for engineers by Nishant Bhajaria

Click to See Events

That concludes today’s briefing. You can check the top headlines here!