Cyber Briefing: 2025.08.15

👉 What's going on in the cyber world today?

Recent cyber incidents reveal an escalating surge of sophisticated attacks targeting both public and private sectors worldwide. From ransomware campaigns in the Middle East and Croatia to breaches of major companies like Allianz Life, attackers are leveraging advanced tools such as CrossC2, Cobalt Strike, and ToolShell, while governments respond with patches, investigations, and sanctions.

Listen to our podcast here ⏬

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe

🚨Cyber Alerts

1. Charon Ransomware Hits Middle East

A new ransomware family, Charon, has been targeting the Middle East's public sector and aviation industry with advanced persistent threat (APT)-style tactics. The malware uses sophisticated techniques like DLL side-loading, EDR evasion, and victim-specific ransom notes to encrypt files and maximize disruption.

2. Hackers Use CrossC2 to Target Linux, macOS

Japan's JPCERT/CC discovered a new attack campaign between September and December 2024 that utilized a cross-platform command-and-control framework called CrossC2 to target systems, including those in Japan. This attack, which shares some overlap with BlackSuit/Black Basta ransomware activity, involved a custom malware loader named ReadNimeLoader that was used to deliver Cobalt Strike Beacon to compromise Linux and macOS systems.

3. Zoom Patches Critical Windows Flaw

Zoom has patched a critical vulnerability (CVE-2025-49457) in its Windows client that an unauthenticated user could exploit to gain elevated privileges through an untrusted search path. This flaw posed a significant risk as it could allow an attacker to gain full control of a user's system and access sensitive data.

For more alerts click here!

💥Cyber Incidents

4. Croatian Institute Hit by Ransomware

The Ruđer Bošković Institute (RBI) in Croatia confirmed it was a victim of the global ransomware attack on Thursday, July 31, 2025, which exploited Microsoft SharePoint “ToolShell” vulnerabilities. The institute is refusing to pay the ransom and is instead working to restore its data from backups and rebuild its IT infrastructure.

5. Norway Dam Breached by Pro-Russian Hackers

Pro-Russian hackers seized control of a dam in Bremanger, Norway, in April, opening a floodgate for four hours. Norway's security service, PST, stated that the attack was a demonstrative act of "hybrid warfare" intended to cause fear and showcase their capabilities rather than cause destruction.

6. Hackers Leak Allianz Life Data

In July 2025, insurance giant Allianz Life disclosed a data breach that exposed the personal information of 2.8 million individuals, including customers and business partners. The breach, which was part of a larger campaign targeting Salesforce instances, was carried out by the hacker group ShinyHunters, which subsequently leaked the stolen data.

For more incidents click here!

📢Cyber News

7. ShinyHunters, Spider Join Forces

An ongoing data extortion campaign is targeting Salesforce customers, with evidence suggesting that threat groups ShinyHunters and Scattered Spider are collaborating. Their partnership, which shows a shift in tactics from simple data theft to more sophisticated social engineering, may soon set its sights on the financial services and technology sectors.

8. US Updates Sanctions on Garantex

U.S. officials have renewed sanctions against the Russian cryptocurrency exchange Garantex, which is accused of laundering over $100 million for cybercriminals and ransomware gangs since 2019. The sanctions also target Garantex's successor, Grinex, and several associated companies and individuals, in an effort to curb their role in facilitating cybercrime and sanctions evasion. 

9. Stolen Police Emails Sold for $40

Active police and government email accounts are being sold on the dark web for as little as $40, providing cybercriminals with a direct and credible way to infiltrate trusted systems. These accounts, which are still in legitimate use by agencies in several countries, allow attackers to impersonate officials, send fraudulent requests, and access sensitive data with a high degree of credibility.

For more news click here

📈Cyber Stocks

On Friday, August 15, 2025, cybersecurity stocks weakened as markets contended with valuation recalibrations, merger uncertainties, and macroeconomic pressure.

• Palo Alto Networks (PANW) slipped 1.83% to $173.55, as the market digested recent strategic moves amid a broader tech pullback and valuation recalibration following optimism around acquisitions.
• Rapid7 (RPD) declined 1.78% to $20.94, pulled down by valuation pressure despite strong Q2 earnings results, as markets remained cautious of its elevated cloud commitments and growth trajectory.
• Check Point Software Technologies (CHKP) eased 1.57% to $185.32, impacted by continued investor concern over modest billings growth despite steady revenue and earnings.
• SentinelOne (S) dropped 3.61% to $16.57, as buyer interest waned amid cooling acquisition speculation and heightened scrutiny around its valuation.
• Okta (OKTA) fell 2.64% to $88.61, as sentiment dampened due to concerns over growth sustainability and valuation in a volatile macroeconomic environment.

💡 Cyber Tip

🌐Immediately update your Zoom client to the latest version.

A critical security vulnerability in the Zoom Windows client could allow an attacker to take control of your computer. The flaw, CVE-2025-49457, allows for a privilege escalation attack. Keeping your software up to date is crucial for your personal and professional security.

✅ What you should do

• Immediately update your Zoom client to the latest version to patch the critical vulnerability.
• For Zoom Workplace for Windows, the patched version is 6.3.10 or later.
• Open the Zoom application, click your profile picture, and select "Check for Updates" to install the patch.
• Ensure all other Zoom products on Windows, such as Zoom VDI, Rooms, and Meeting SDK, are also updated to the latest secure versions.
• Regularly check for and apply security updates for your operating system and all other software.

🔒 Why this matters This type of vulnerability allows an attacker to elevate their access from a limited user to a system administrator, essentially granting them complete control over your device. Without the patch, your machine is at risk of being compromised, leading to data theft, malware installation, or becoming a part of a larger network attack.

📚 Cyber Book

📚 Cyber Book Cybersecurity and Financial System Resilience Report by The board of Governors of the Federal Reserve System 

Get book: https://amzn.to/3XC8vTw   

💼 Cyber Jobs

Today’s 10 curated cybersecurity job openings: 

1. 🇨🇦 Irving Oil – Field Infrastructure Analyst, Saint John, NB, Canada – Apply
2. 🇬🇧 British Airways – Cyber Security Engineer, Hounslow, England, UK – Apply
3. 🇬🇧 JCB – Information Security Analyst, Rocester, England, UK – Apply
4. 🇬🇧 ClearBank – Security Engineer, London, England, UK – Apply
5. 🇬🇧 Dŵr Cymru Welsh Water – Vulnerability Analyst, Cardiff, Wales, UK – Apply
6. 🇺🇸 Institute for Defense Analyses – Cyber Security Analyst II, Princeton, NJ, USA – Apply
7. 🇺🇸 Microchip Technology Inc. – Senior Analyst I - IT Cyber Security, Chandler, AZ, USA – Apply
8. 🇺🇸 CALIBRE Systems, Inc. – Vulnerability Assessment Analyst, Springfield, VA, USA – Apply
9. 🇮🇳 Capgemini – Network Security Engineer, Bengaluru, Karnataka, India – Apply
10. 🇮🇳 Everbridge – Senior Security Analyst, Bengaluru, Karnataka, India – Apply

If you know someone on the job hunt, share this with them!

📅 Cyber Events

Find global upcoming cybersecurity events here.

1. 🇬🇧 #CS4CA – London, UK – September 30, 2025 – RSVP
2. 🇬🇧 International Cyber Expo – London, UK – September 30 – October 1, 2025 – RSVP
3. 🇨🇦 SECTOR – Toronto, Canada – September 30 – October 2, 2025 – RSVP
4. 🇺🇸 Innovate Cybersecurity Summit – Scottsdale, AZ – October 5–6, 2025 – RSVP
5. 🇪🇺 European Cybersecurity Challenge (ECSC) – Europe – October 6–10, 2025 – RSVP
6. 🇫🇮 Cyber Security Nordic – Helsinki, Finland – November 4–5, 2025 – RSVP
7. 🇧🇷 CS4CA LatAm Summit – São Paulo, Brazil – November 4–5, 2025 – RSVP
8. 🇨🇦 Cyber Summit – Banff, Canada – November 4–6, 2025 – RSVP
9. 🇩🇪 Enterprise AI Security Transformation Assembly Europe – Munich, Germany – November 5, 2025 – RSVP
10. 🇺🇸 SecureWorld Seattle – Bellevue, WA – November 5–6, 2025 – RSVP

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.