XStore Documentation

July 02, 2025 – Cyber Briefing

👉 What’s trending in cybersecurity today?

Forminator flaw threatens 600,000 sites with file deletion attacks, while Snake Keylogger uses Java tools in Russian oil-themed phishing. Kimsuky’s new ClickFix trick turns users into attackers, and Qantas suffers a data breach linked to aviation-focused cybercrime groups. Brazil’s C&M Software breach forces the Central Bank to sever ties, Hero España halts food production after a targeted attack, and the US Treasury sanctions Aeza Group for hosting cybercriminals. Cyber director nominee faces scrutiny over lack of experience, while LevelBlue acquires Trustwave to lead global managed security services.

 

🚨 Cyber Alerts

1. Forminator Plugin Flaw Risks 600,000 Sites

A critical arbitrary file deletion vulnerability has been found in the Forminator WordPress plugin, affecting over 600,000 websites. The flaw allows an unauthenticated attacker to craft a form submission that can delete any file on the server when that submission is removed. By deleting critical files like wp-config.php, an attacker can force the site into setup mode and take complete control. The plugin’s developer has released a patch, and all users are strongly urged to update to version 1.44.3 immediately.

2. Oil-Themed Phishing Spreads Snake Keylogger

A Russian-origin malware campaign is distributing Snake Keylogger by using spear-phishing emails themed around the oil industry. The campaign uses a novel technique, exploiting a legitimate Java debugging tool to bypass security via DLL sideloading. Once installed, the keylogger is a formidable data thief capable of harvesting credentials from dozens of browsers and applications. The operation capitalizes on geopolitical tensions in the Middle East to make its petroleum-themed phishing lures more believable.

3. Kimsuky Tricks Users Into Self Hacking

The North Korean threat group Kimsuky is using a new social engineering tactic called “ClickFix” to compromise its targets. The method uses fake browser error messages to trick victims into manually pasting and running malicious code themselves in PowerShell. This approach bypasses traditional security measures by exploiting human behavior instead of technical software or system vulnerabilities. The attackers use advanced obfuscation techniques like reversed strings to hide the malicious commands from the user and security tools.

💥 Cyber Incidents

4. Hacker Attack on Australian Airline Qantas

Australian airline Qantas has disclosed a cyberattack after a third-party platform used by one of its contact centers was breached. A significant amount of data was likely stolen, including names, birth dates, and frequent flyer numbers for up to six million customers. The airline has assured customers that no financial information, passwords, or PINs were compromised in the incident. This attack shares similarities with recent breaches by the “Scattered Spider” group, which has been targeting the aviation industry.

5. Cyberattack on Brazil’s C&M Software Vendor

A cyberattack on C&M Software, a technology provider for financial institutions in Brazil, has been confirmed by the country’s Central Bank. In response, the Central Bank ordered the immediate disconnection of institutions from C&M’s compromised infrastructure to prevent further damage. While officials have not disclosed the value of the losses, media reports suggest the damage could be as high as one billion Brazilian reais. The incident highlights the significant systemic risk posed by cyberattacks on third-party vendors within the financial sector.

6. Cyberattack Halts Hero España Production

The Spanish food company Hero España suffered an external cyberattack that temporarily impacted its production facility in Alcantarilla, Murcia. As an immediate response, the company performed a controlled deactivation of its IT systems to prevent the attack from spreading. The incident has temporarily restricted local production and logistics operations, but the company has implemented contingency plans to mitigate the impact. This cybersecurity event was limited to Hero’s operations in Spain and did not affect the company’s other global divisions.

📢 Cyber News

7. US Treasury Sanctions Russian Tech Firm Aeza

The United States Department of the Treasury has sanctioned the Russian company Aeza Group for acting as a “bulletproof hosting” service for cybercriminals. The company allegedly provided services to ransomware gangs like BianLian, darknet drug markets, and pro-Russian disinformation campaigns. The sanctions also target four of the company’s leaders, including its CEO, who was arrested in Russia in April. This action is part of a broader U.S. strategy to dismantle the cybercrime ecosystem by targeting critical infrastructure providers.

8. Trump’s Cyber Director Nominee Advances

The nomination of Sean Cairncross for national cyber director has advanced out of a key Senate committee for a full vote. His nomination has faced controversy due to his lack of a technical cybersecurity background, which was a focus of his hearing. Cairncross cited his extensive management experience and his perspective from dealing with cyberattacks as a “user” as his qualifications. Despite the concerns, he received some Democratic support and is now one step closer to a final Senate confirmation.

9. LevelBlue to Acquire Trustwave for MSSP Lead

The cybersecurity company LevelBlue has announced its acquisition of the managed detection and response firm Trustwave. This move, combined with its planned purchase of Aon’s cyber business, aims to make LevelBlue the largest pure-play managed security services provider. The deal marks a homecoming for LevelBlue’s CEO Bob McCullen, who was the chairman and CEO of Trustwave until 2015. The acquisition will combine LevelBlue’s managed security expertise w

For more news click here

Get Shield 360

 

💡 Cyber Tip

Unpatched Forminator Flaw Could Lead to Full WordPress Site Compromise

A critical vulnerability in the Forminator WordPress plugin allows attackers to delete any file on a server by submitting and then deleting a crafted form entry. With over 600,000 websites affected, this flaw can be exploited without authentication. By deleting key files like wp-config.php, attackers can force a site into setup mode and take full control. A fix is available in version 1.44.3, and immediate updates are strongly recommended.

✅ What you should do:

  • Update the Forminator plugin to version 1.44.3 or later without delay.
  • Monitor your site logs for suspicious form activity or unexpected file deletions.
  • Ensure proper file permissions are set to limit the damage from file deletion vulnerabilities.
  • Use a WordPress security plugin to detect and alert on plugin-related exploits.
  • Back up your site regularly, including database and config files, to prepare for recovery.

🔒 Why this matters:

This flaw allows unauthenticated attackers to delete vital files and hijack WordPress sites. Without an update, affected websites are exposed to complete takeover. Prompt patching is critical to avoid serious compromise.


📚 Cyber Book

Firewalls Don’t Stop Dragons: A Step-by-Step Guide to Computer Security and Privacy for Non-Techies by Carey Parker



Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.

Get Help

Online Scam Prevention & Recovery

Add to cart

Schedule a free consultation

 A free 15-min cybersecurity consultation

Schedule