July 29, 2025 – Cyber Briefing

First time seeing this? Join us on Substack!

🚨 Cyber Alerts

1. macOS Flaw Bypasses TCC, Exposes Data

Microsoft Threat Intelligence researchers uncovered a significant vulnerability in macOS, tracked as CVE-2025–31199, that allowed attackers to bypass the Transparency, Consent, and Control (TCC) framework. This security feature is designed to protect user privacy by requiring apps to get permission before accessing sensitive data. The flaw exploited macOS’s Spotlight search tool, enabling a malicious plugin to read files from protected areas like the Downloads folder and Photos library without user consent.

2. Phishing Targets Belgian Grand Prix Fans

Following the 2025 Belgian Grand Prix, sophisticated threat actors have exploited the event’s popularity to target both Formula 1 teams and their global fanbase. These cyberattacks range from corporate espionage targeting valuable team telemetry data to widespread phishing, social media scams, and malware-laden streaming sites designed to steal fans’ personal and financial information.

3. Gaming Mouse Software Spreads Xred Malware

Gaming peripheral company Endgame Gear has announced a security breach where malware was embedded in the OP1w 4k v2 mouse configuration tool, distributed via their website between June 26 and July 9, 2025. The company has since removed the compromised file, confirmed the breach was isolated to that specific download, and implemented enhanced security measures.

💥 Cyber Incidents

4. Pro‑Ukraine Hackers Hit Aeroflot Servers

Russian airline Aeroflot experienced a major operational disruption, canceling over 50 flights after two pro-Ukraine hacking groups claimed responsibility for a crippling cyberattack. The Kremlin expressed alarm and launched a criminal investigation, with lawmakers describing the event as a wake-up call and part of a broader digital war against Russia.

5. GitHub Outage Disrupts Global Core Services

On July 28, 2025, GitHub experienced a significant outage affecting core services like API requests and pull requests, disrupting workflows for millions of developers globally. The issue, attributed to networking problems, lasted approximately three and a half hours before GitHub’s engineering team successfully deployed a fix and restored all services.

6. Cathay Apologizes Over Asia Miles Breach

Cathay Pacific’s Asia Miles loyalty program suffered a cyber attack where criminals stole miles and compromised the personal data of approximately 1,000 members by exploiting a security flaw. The airline has since apologized, rectified the vulnerability, and is working with authorities while restoring affected accounts and advising all members to heighten their security practices.

📢 Cyber News

7. Internet Archive Becomes US Federal Depository

The Internet Archive has been officially designated as a U.S. federal depository library by Senator Alex Padilla, granting it the authority to provide public online access to a wide range of government documents. This move aims to enhance the digitization and accessibility of federal publications, though it comes as the organization recovers from several significant cybersecurity breaches last year.

8. UP STF Busts Digital Arrest Gang in Thane

The UP Special Task Force arrested two brothers, Mohammad Iqbal Balasaheb and Shine Iqbal Balasaheb, for operating a sophisticated cybercrime racket from Thane, Maharashtra. Posing as law enforcement officials, the duo used deepfake technology and forged documents to conduct fake “digital arrests” and extort large sums of money from their victims.

9. Linux 6.16 Brings Performance and Networking Boosts

Linus Torvalds has announced the release of Linux kernel version 6.16, which is the result of a calm development cycle focused on stability and incremental improvements. The new version delivers numerous driver fixes and platform enhancements, while the development schedule for the next kernel, 6.17, may be adjusted due to Torvalds’ upcoming travel plans.

For more news click here

Get Shield 360

💡 Cyber Tip

Update macOS to Block ‘Sploitlight’ Data Theft Exploit

Microsoft researchers have discovered a serious vulnerability in macOS, that allowed malicious actors to bypass Apple’s Transparency, Consent, and Control framework. The flaw, dubbed “Sploitlight,” leverages the Spotlight search tool to load unsigned plugins that can access files in protected locations like the Downloads folder, Photos library, and Apple Intelligence cache without user consent. Attackers could steal photo metadata, GPS coordinates, facial recognition data, and more. Since some of this data syncs across devices via iCloud, the privacy risk extends to all linked Apple devices.

✅  What you should do:

• Update your Mac to macOS Sequoia 15.4 or later to patch this vulnerability
• Review and restrict third-party Spotlight plugins and avoid installing unsigned system extensions
• Monitor file system access and suspicious activity in directories
• Regularly audit and limit app permissions 
• Consider disabling Spotlight indexing on sensitive folders

✅  Why this matters:

The Sploitlight exploit turns a trusted system feature into a privacy backdoor by allowing unauthorized access to highly sensitive data. With syncing via iCloud, attackers could map your behavior across devices, making this a serious privacy and surveillance threat. Regular updates and permission hygiene are essential to staying protected.

📚 Cyber Book

Cybersecurity for Executives, Managers, and Leaders by Dennis Houchin

Get Book ➤https://amzn.to/3IfU1Dq

Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.