July 30, 2025 – Cyber Briefing

First time seeing this? Join us on Substack!

🚨 Cyber Alerts

1. Atomic macOS Stealer Adds Backdoor

The Atomic macOS Stealer (AMOS) has evolved from a simple data-stealing tool into a sophisticated persistent threat, giving attackers long-term remote access to compromised systems. It spreads through malicious websites and targeted spear-phishing campaigns, using advanced techniques to maintain access and evade detection.

2. Fake Error Pages Spread Malware

The Soco404 cryptomining campaign exploits misconfigured cloud services like PostgreSQL to deploy malware on Linux and Windows systems. Attackers use sophisticated evasion techniques, such as hiding malicious code in fake 404 error pages and masquerading processes, to establish persistent mining operations.

3. FBI, CISA Warn on Scattered Spider

A multi-national coalition of cybersecurity and law enforcement agencies has released a joint advisory detailing the evolving and sophisticated tactics of the cybercriminal group known as “Scattered Spider.”

💥 Cyber Incidents

4. Lovense App Leaks User Emails

A zero-day flaw in the Lovense sex toy platform allows attackers to obtain a user’s private email address simply by knowing their public username. This vulnerability, which the company has known about for months, puts its 20 million users at significant risk of doxxing and harassment.

5. Curaçao Tax Systems Hit by Ransomware

The Curaçao Tax Authority is in crisis following a debilitating ransomware attack that occurred last Saturday, July 26, 2025, forcing a complete shutdown of its systems. The government has urgently requested assistance from the Netherlands, a move that has put a spotlight on the immediate response protocols and the role of the island’s own cybersecurity task force.

6. Orange, France’s Top Telecom, Hacked

Orange, the massive French telecommunications firm, announced it detected a cyberattack on an internal system, leading to service disruptions for some customers as a precautionary measure. While the company stated no customer data appears to have been stolen, the incident comes shortly after France’s national cybersecurity agency issued warnings about state-sponsored espionage targeting the country’s telecom sector.

📢 Cyber News

7. FBI Food Safety Symposium in Nebraska

A recent FBI symposium in Nebraska brought together farmers and experts to address the growing cybersecurity risks facing the nation’s food supply. As agriculture becomes more technologically advanced, it has created new vulnerabilities to threats like ransomware and foreign interference, making cyber hygiene a critical national security issue for the farming sector.

8. Poland Trials 32 for Pro-Russian Sabotage

Polish authorities have detained 32 people for allegedly collaborating with Russian intelligence to conduct sabotage and arson attacks aimed at destabilizing the nation. The suspects, a diverse group of foreign nationals and Poles, are accused of being part of a wider Russian hybrid warfare campaign that includes recruiting individuals via messaging apps to attack infrastructure.

9. FBI Seizes $2.4M from Ransomware Gang

The FBI has successfully seized Bitcoin, now valued at over $2.4 million, from a member of the Chaos ransomware syndicate responsible for attacks in Texas. The US government has since filed a civil complaint seeking the permanent forfeiture of the funds, alleging they are the proceeds of criminal activities like extortion and money laundering.

For more news click here

Get Shield 360

💡 Cyber Tip

Defend Against Scattered Spider’s Social Engineering and MFA Attacks

A joint advisory by the FBI, CISA, NCSC-UK, and ACSC warns that the cybercriminal group Scattered Spider is escalating its attacks using advanced social engineering, MFA fatigue tactics, SIM swapping, and remote access tools to compromise major organizations, especially in telecom and IT. Also known as UNC3944, Octo Tempest, or Muddled Libra, the group often gains access by impersonating IT support, tricking employees into sharing credentials or approving MFA requests, and deploying ransomware once inside the network.

✅ What you should do:

• Enforce phishing-resistant MFA such as FIDO2 or smartcards wherever possible
• Audit your environment for unauthorized remote access tools and block unused ports and protocols
• Implement strict application allowlisting to block unapproved tools and executables
• Regularly train staff to recognize social engineering tactics and MFA fatigue techniques
• Maintain and routinely test offline backups to ensure resilience against ransomware
• Monitor for signs of SIM swapping and consider using mobile carrier account PINs

🔒 Why this matters:

Scattered Spider is a well-resourced, socially skilled threat group that can bypass traditional defenses using human manipulation. Their use of real-time social engineering, push bombing, and remote tools makes them a major threat to enterprises. Proactive hardening, employee vigilance, and phishing-resistant MFA are your best defenses.

📚 Cyber Book

The 2023–2028 World Outlook for Multifactor Authentication — by Prof Philip M. Parker Ph.D.

Get Book ➤https://amzn.to/3KbYg3Z

Click to See Events

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.