July 22, 2025 – Cyber Briefing

First time seeing this? Join us on Substack!

🚨 Cyber Alerts

1. 3,500 Sites Hijacked to Secretly Mine Crypto

A new, stealthy JavaScript cryptocurrency miner has compromised over 3,500 websites globally, leveraging WebSockets to discreetly mine cryptocurrency by adapting to device capabilities, reminiscent of past browser-based cryptojacking. This attack, linked to previous Magecart skimming domains, highlights a trend of attackers diversifying payloads and prioritizing covert resource siphoning.

2. 7-Zip Flaw Lets Malicious RAR5 Files Crash PCs

A critical denial-of-service vulnerability (CVE-2025–53816) has been discovered in 7-Zip’s RAR5 decoder, allowing attackers to crash systems by processing specially crafted RAR5 archive files due to a heap buffer overflow. Users are advised to immediately update to 7-Zip version 25.00 or later to mitigate this risk.

3. CrushFTP Warns of Zero-Day Exploit in the Wild

A critical zero-day exploit (CVE-2025–54309) impacting CrushFTP versions below 10.8.5 and 11.3.4_23 was recently discovered, allowing unauthenticated remote code execution via HTTP(S). This vulnerability, stemming from a previously patched bug, highlights the urgent need for users to update their systems to the latest versions to prevent compromise.

💥 Cyber Incidents

4. Dior Alerts Customers After Cyberattack Hit

Luxury fashion house Dior has announced a cybersecurity incident that exposed personal information of its clients. The breach, discovered on May 7, 2025, compromised a database containing names, contact details, addresses, and in some cases, even Social Security Numbers, though no payment information was accessed.

5. CoinDCX Says $44M Stolen from Crypto Reserves

Indian cryptocurrency exchange CoinDCX has confirmed a significant cyberattack over the weekend, resulting in the theft of over $44 million from one of its internal operational accounts. While user funds remain safe and unaffected, the company has launched an ambitious “Recovery Bounty Program” to enlist the broader Web3 community in tracing and recovering the stolen assets.

6. Poland Investigates Air Traffic Control Disruption

Poland’s internal security agency is investigating a temporary outage in the country’s air traffic control system that caused widespread delays at multiple airports on Saturday, suspecting potential sabotage. While the air navigation authority, PANSA, attributed the disruption to an unspecified technical malfunction and has restored the primary system, national security services are scrutinizing the incident for links to suspected Russian-backed sabotage.

📢 Cyber News

7. UK Sanctions APT28 for Microsoft Cloud Attack

The UK has formally accused Russian military intelligence (GRU) and its cyber threat group APT28 of deploying sophisticated new malware, “AUTHENTIC ANTICS,” to steal email credentials and tokens for espionage. This attribution comes alongside new UK sanctions against three GRU units and 18 individuals for their involvement in malicious global cyber operations.

8. The Financial Toll of Dark Web Travel Sites

Dark web travel agencies offer deeply discounted travel services using stolen credentials and exploit mainstream booking platforms, posing a significant and evolving threat to the travel and hospitality industry. These illicit operations force the industry to rapidly increase cybersecurity investments and implement advanced defenses to combat pervasive fraud and sophisticated cybercrime tactics.

9. Darktrace Buys Network Visibility Firm Mira Security

Darktrace has acquired Mira Security, a network traffic visibility startup, to enhance its ability to gain insights from and decrypt encrypted network traffic, particularly for customers in highly regulated industries. This acquisition is expected to provide more comprehensive visibility across various network environments and accelerate Darktrace’s innovation in network security.

For more news click here

Get Shield 360

💡 Cyber Tip

Dangerous RAR5 Files May Crash 7-Zip and Interrupt System Operations

A critical flaw in 7-Zip’s RAR5 decoder allows attackers to crash systems by processing specially crafted archive files. The vulnerability causes memory corruption through a buffer overflow, leading to application failure or full system crashes. Although it does not enable code execution, the impact is serious enough to disrupt operations and expose systems to denial-of-service attacks.

✅ What you should do:

• Update 7-Zip to the latest version, starting from 25.00 or newer, to apply the fix.
• Avoid opening RAR5 files from unknown or untrusted sources.
• Use antivirus or sandbox tools to scan archive files before extraction.
• Monitor systems for repeated crashes when handling compressed files.
• Apply security controls to limit the impact of user-triggered archive processing.

🔒 Why this matters:

Even without executing code, this vulnerability can reliably crash systems and disrupt workflows. Keeping your software up to date and being cautious with archive files is essential to maintain system stability and defend against targeted attacks.

📚 Cyber Book

Cyber Privacy: Who Has Your Data and Why You Should Care by April Falcon Doss

Get Book ➤https://amzn.to/3DJRMG3

Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.