July 17, 2025 – Cyber Briefing

First time seeing this? Join us on Substack!

🚨 Cyber Alerts

1. Malicious Telegram APK Campaign Uncovered

A widespread malware campaign is using 607 malicious domains, often with typosquatting, to distribute fake Telegram APKs that enable remote command execution on Android devices. This sophisticated operation, identified by Bfore.AI, targets users through deceptive phishing websites and exploits the Janus vulnerability to bypass security measures.

2. Stealthy JavaScript Attacks via SVG Files

Threat actors are transforming seemingly harmless SVG files into potent malware, bypassing email security to execute malicious JavaScript upon preview and redirecting victims to credential-stealing sites. This sophisticated technique leverages native browser rendering of SVGs, making traditional security controls that focus on executables or scripts ineffective.

3. SonicWall Zero-Day RCE Exploited

Google’s Threat Intelligence Group (GTIG) has uncovered a sophisticated cyberattack campaign by UNC6148 targeting end-of-life SonicWall SMA 100 series appliances, exploiting stolen credentials and a new rootkit called OVERSTEP to maintain persistent access even on patched systems. This financially motivated group, potentially linked to ransomware operations, is using the OVERSTEP malware to intercept system calls, steal credentials, and evade detection, posing a significant challenge for organizations.

💥 Cyber Incidents

4. Cyberattack Strikes Air Serbia

Air Serbia, Serbia’s national airline, has been battling a significant cyberattack since early July, leading to disruptions including delayed payslip distribution for staff. The ongoing security incident has prompted multiple company-wide actions, such as forced password resets, restricted internet access, and the installation of new security software.

5. Ukrainian Hack Hits Russian Drone Firm

Ukraine’s military intelligence (HUR) reportedly launched a cyberattack that “paralyzed” Gaskar Group, a major Russian drone supplier, in coordination with Ukrainian cyber volunteers. This operation allegedly gained access to and destroyed over 47 terabytes of technical drone production data, aiming to cripple the company’s operations and provide intelligence to Ukrainian defense forces.

6. Customer Data Breach at Seychelles Bank

A hacker claims to have stolen and sold personal data, including sensitive government account information, from Seychelles Commercial Bank, which has acknowledged a cybersecurity incident but stated no funds were accessed. This breach raises concerns about the Seychelles’ reputation as a tax haven and could potentially lead to a “Panama Papers”-like exposé.

📢 Cyber News

7. Chinese Firms Amplify U.S. Cyberattacks

A new economic model for cyber offense has dramatically increased spying attacks by Chinese government agencies, with U.S. officials stating that these attacks have more than doubled. Despite recent indictments, Chinese hackers are expanding their targets and exhibiting greater persistence once detected, indicating a “golden age of hacking” for China.

8. Ex-US Soldier Pleads Guilty in Telecom Hacks

Cameron John Wagenius has pleaded guilty to charges related to hacking into US telecommunications companies, including fraud and identity theft. The former US Army soldier was accused of hacking into AT&T and Verizon systems and leaking presidential call logs, according to the US Department of Justice.

9. Operation Eastwood Hits Pro-Russian Hackers

A large-scale international law enforcement operation, “Operation Eastwood,” has successfully disrupted the activities of the pro-Russian hacking group NoName057(16). Coordinated by Europol and Eurojust, this effort involved authorities from numerous European countries and the United States, targeting the group’s infrastructure and apprehending key individuals.

For more news click here

Get Shield 360

💡 Cyber Tip

Watch Out for Hidden JavaScript in Malicious SVG Files

Threat actors are disguising malicious JavaScript inside SVG image files, allowing them to bypass email security filters and compromise users on preview. Once opened, these SVGs execute code in the browser that silently redirects victims to phishing pages designed to steal login credentials. Because no executable is downloaded, traditional security tools often miss the threat entirely.

✅ What you should do:

• Avoid opening image file attachments from unknown or unexpected emails.
• Configure email filters to block or quarantine unusual image file types unless absolutely necessary.
• Use advanced security tools that can scan and analyze hidden content inside files.
• Strengthen your organization’s email protection settings to block suspicious or impersonated messages.
• Educate staff on the risks of previewing attachments and how to recognize deceptive file types

🔒 Why this matters:

These SVG-based attacks exploit native browser behavior to deliver malware invisibly. By bypassing traditional defenses and leaving no file footprint, they represent a growing class of stealthy threats that require deeper inspection and more advanced email protections.

📚 Cyber Book

Managing Cyber Risk — by Ariel Evans

Get Book ➤ https://amzn.to/3KaIIL2

Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.